Geopolitical tensions lead to increasing cyber attacks on shipping

Stay up to date with free updates

Simply register for Internet security myFT Digest – delivered straight to your inbox.

The shipping industry is facing a sharp increase in cyberattacks as geopolitical conflicts prompt state-linked hackers to target trade flows.

Shipowners, ports and other maritime groups faced at least 64 cyber incidents in 2023, according to an analysis of corporate, media and academic reports by researchers at the Dutch NHL Stenden University of Applied Sciences. A decade earlier, the number was three and in 2003, zero.

More than 80 percent of the incidents involving a known attacker identified since 2001 originated in Russia, China, North Korea or Iran, according to data from the university that trains sailors.

“The international rules-based order … the great system (that shipping has benefited from) since World War II is under threat like never before,” said Guy Platten, secretary general of the International Chamber of Shipping, which represents shipowners who control about 80 percent of the world’s merchant fleet.

Recent state-motivated attacks have highlighted how conflicts from Ukraine to the Middle East are destabilising globalisation by disrupting shipping, which carries more than 80 percent of internationally traded goods.

Shipping experts warned that an industry that has faced physical security threats for centuries is woefully unprepared for online piracy.

“IT spending in the maritime sector is quite low,” said Stephen McCombie, professor of maritime IT security at NHL Stenden. “(Shipowners) are looking for people with maritime knowledge and cybersecurity knowledge (but) that’s a very small group.”

Experts warn that an attack risks further chaos at a time when shipping companies are already grappling with the impact of global conflicts on trade routes.

The increasing digitization of ships and the use of internet devices, which have only recently become widely available at sea through low-earth satellites, are creating new opportunities for cyberattacks, says Tom Walters, a maritime attorney at HFW who helps clients deal with such incidents.

He warned that an attack on a ship’s systems could cause disruptions on a scale similar to the Baltimore bridge collapse this year, which closed one of the US’s busiest ports, forced automakers to reroute shipments and left insurers facing billions of dollars in damages.

Notable cyber incidents included a 2020 attack on Iran’s Rajaee port, which handled nearly half of the country’s foreign trade, and an attack last year that brought down the website of the Port of Rotterdam, Europe’s largest port.

Danish shipowner AP Møller-Maersk, which controls around 15 percent of the world’s container shipping capacity, was unable to accept customer orders and had to reroute ships after its IT systems went offline by the NotPetya malware attack. The attack was attributed to Russian agents after affecting companies worldwide in 2017.

McCombie said cybercriminals also saw “an opportunity” to extort money. They “understand that these industries have to keep running” and ship owners are therefore more willing to pay ransoms to get systems back online.