Cybersecurity: Ghosts in the Machine
CyberOwl/HFW Report: Maritime industry pays an average ransom of $3 million in cyberattacks
In the dead of night, a fully laden LNG tanker quietly navigates the
narrow channel of a strategic U.S. port. Suddenly, the ship's GPS blinks
and alarms, showing the vessel miles off course. The crew has no idea
their instruments have fallen prey to a sophisticated spoofing
attack—where false GPS signals are broadcast to deceive a ship's
navigation system into believing it's in a different location.
Without their knowledge, the tanker was silently steered off track, headed toward critical infrastructure.
Hours earlier, a shoreside vendor had completed what appeared to be
routine maintenance, leaving behind a smartphone in the engine control
room—a harmless oversight, or so it seemed. Unbeknownst to the crew,
that phone was a Trojan horse, silently infiltrating the ship's systems
despite the air gap designed to safeguard critical functions.
As the crew struggled to regain control, the malware awoke, crippling
the ship's electrical network, communications and emergency
uninterrupted battery supply. The vessel, making way while not under
command, drifted helplessly toward catastrophe.
Do you think this is fiction? Hardly.
GPS Spoofing
In the dark waters off Crimea, the battleground has undeniably gone
digital, truly evoking the "ghosts in the machine" scenario. This
battleground embodies fifth- and sixth-generation warfare where cyber
operations, electronic warfare and disinformation blur the lines between
physical and virtual combat.
AIS (Automatic Identification System) broadcasts vessels' positions
via GPS inputs, but GPS spoofing manipulates this data, creating
navigational confusion. Jamming, on the other hand, blocks signals
altogether, leaving vessels without critical navigation and
communication capabilities. These tactics could lead to catastrophic
accidents in high-traffic areas like the Black Sea. In one incident,
spoofed signals traced a "Z" across the sea near Crimea. It was unclear
if it was the symbol for Russia's war efforts or the mark of Zorro, but
it was disruptive.
In May 2023, a mass spoofing event off Crimea caused ships to appear
far from their true locations. The Center for Advanced Defense Studies
documented over 10,000 spoofing incidents between 2017 and 2019,
demonstrating a correlation between Putin's movements and GPS spoofing
incidents near Crimea. Such tactics are deployed to shield high-value
targets from GPS-guided weapons, complicating the use of drones,
missiles and other advanced precision systems.
In June and July 2021, NATO warships like the HMS Defender and USS
Ross were spoofed near Crimea, underscoring Russia's use of electronic
warfare to disrupt maritime operations and global shipping lanes.
Just days before this article was published, the Ukrainian Navy
launched an operation to combat Russian GPS spoofing, destroying an idle
gas platform off Crimea. Russian forces were purportedly using the
platform to broadcast GPS interference, which Ukraine claimed threatened
civilian navigation. "The occupiers used this location for GPS spoofing
to endanger civilian navigation. We cannot allow this," said Ukrainian
Navy spokesman Dmytro Pletenchuk.
The attack came just hours after Russian personnel and equipment were spotted on the platform.
On October 1, the Panama-flagged oil tanker M/V Cordelia Moon
survived a major explosion. The attack, claimed by Yemen's Houthi
rebels, involved eight ballistic and winged missiles, a drone and an
uncrewed surface boat (videos of both attacks are online). A missile
northwest of Hodeidah also hit a Liberia-flagged bulker.
These incidents, along with the Ukrainian strike on a Russian GPS
spoofing platform, underscore how low-tech, unmanned vessels, along with
electronic warfare like GPS spoofing and jamming, pose severe risks to
maritime safety.
As maritime systems become increasingly digital and interconnected,
cyber warfare is no longer confined to the pages of a novel. It's an
urgent, evolving threat lurking in the waters of global trade.
CyberOwl & DNV: Securing Maritime Networks
The maritime sector faces increasing cybersecurity risks, driven
mainly by the complexity of vessel lifecycles and supply chains. Daniel
Ng, CEO of Singapore-based CyberOwl, explains that many shipping
companies still treat cyber risk management as a one-off compliance
task.
"For cyber risk management to be effective, it needs to be
continuous," says Ng. “This is where our partnership with DNV brings
real value. By combining our expertise, we can address cyber risks
throughout the vessel lifecycle."
This collaboration brings together over 70 maritime cybersecurity
specialists in five global hubs from Oslo to Singapore, backed by a
network of 500 cybersecurity experts and 7,000 maritime risk
professionals. "This allows us to cover everything—from the design stage
to vessel operations to incident response," notes Ng.
He points out that a significant challenge is the difference between
operational technology (OT), which controls shipboard machinery, and
information technology (IT), which handles data: "Legacy OT systems
often aren't as secure as newer technologies. We align with standards
like UR E26 for new systems but take a more practical approach to legacy
systems. CyberOwl's technologies provide visibility into OT risks so
shipowners can focus on real threats rather than theoretical ones."
Looking ahead, Ng sees the partnership driving innovation in maritime
cybersecurity. He highlights CyberOwl's OT Security Manager as a key
tool: "It ingests and interprets Excel documents, PDF reports and system
drawings, helping shipowners assess risks without needing to deploy
tech onboard."
This approach supports compliance with the E.U.'s Network and
Information Systems (NIS) Directive, aimed at protecting critical
infrastructure. "Ultimately," says Ng, "we want to give shipowners peace
of mind as they adopt digital technologies to boost performance and
reduce emissions."
Information Fusion Centre: CYBSEC Threats & Trends
Based in Singapore, the Information Fusion Centre (IFC) serves as a
critical hub for maritime security (MARSEC) monitoring and
information-sharing across the Indo-Pacific. Under the Republic of
Singapore Navy, the IFC collaborates with international liaison officers
from over 25 countries to tackle maritime threats including piracy,
smuggling and cybersecurity (CYBSEC).
The IFC emphasizes the increasing cyber risks to vessels' OT systems
and the importance of continuous monitoring and rapid response. Its
information-sharing capabilities have been instrumental in preventing
cyber incidents from escalating into significant disruptions.
"We've seen growing interest from shipping companies in involving us
in their security drills, where we bring a naval perspective and
real-time information-sharing," an IFC spokesperson noted.
Despite a 77 percent reduction in CYBSEC incidents in 2024—down to
three from 13 the previous year—the IFC warns this may reflect a lack of
reporting, not a decline in threats. Recent malware attacks on cargo
vessels in Europe underscore the persistent cyber risks in high-threat
areas.
The IFC provides regular updates on cybersecurity trends via its
social media channels and advisories. Shipowners are encouraged to
subscribe to these reports or engage the IFC in security exercises to
boost their readiness against cyber threats.
Tackling Cyber Espionage and Signal Jamming
Sahil Andrews Chand, Founder & CEO of ShipSafe, warns that signal
jamming—disrupting communication and navigation—poses significant risks
during critical operations like docking.
"Jamming can lead to disorientation and even collisions in congested
waters where precision is crucial," Chand explains. He also highlights
the broader threat of cyber espionage, where attackers gather
intelligence on shipping routes and cargo, creating severe security
implications.
Chand addresses a common misconception in the maritime industry—the
assumption that existing navigation systems are inherently secure. "This
complacency can lead to dangerous vulnerabilities,” he notes.
Many systems, primarily operational technology, can be exploited if
not properly secured. Chand advocates for a structured cybersecurity
approach, prioritizing critical communications such as navigation and
safety, which must be safeguarded with dedicated bandwidth and strong
security measures.
Chand also stresses the importance of network segmentation to isolate
OT systems from administrative IT systems, limiting the impact of any
potential breaches. He further emphasizes adopting robust firewalls and
intrusion-detection systems to block unauthorized access.
"Limiting remote access is key," Chand continues, recommending
multifactor authentication and strong passwords. However, technology
alone isn't enough. "Continuous crew cybersecurity training is critical
to ensure preparedness against evolving threats," he advises. Chand
underscores the importance of collaboration with port authorities to
share information about cyber incidents and threats.
Finally, he highlights the need to balance innovation with security,
urging companies to evaluate new technologies like AI, machine learning,
and blockchain through a cybersecurity lens to prevent new
vulnerabilities from emerging.
Staying the Course
As cyber and electronic warfare tactics like GPS spoofing and jamming
increasingly impact military and civilian vessels, experts agree that
the industry must bolster defenses. Heightened vigilance, coupled with
substantial investment in advanced technologies and crew training, is
crucial.
These measures are essential to safeguarding maritime operations against the evolving landscape of cyber warfare. – MarEx
Technology columnist Sean Holt writes from Singapore.
Mike Page Aerial Photography
