Navigating Maritime Cyber Weaknesses: Enemies Exploiting Oceanic Cyber Vulnerabilities to Gain Ground in Asymmetric Conflict
In the bustling world of maritime transportation, the twenty-first century has seen near-coastal waters become the most active setting for discord. From irregular adversaries, often acting as proxies for larger nation-states and near-peer competitors, to the increasing complexity of cyber threats, the maritime domain is facing a new frontier of challenges.
One such threat is the growing prevalence of cyber vulnerabilities. As all facets of maritime life become increasingly integrated and interconnected, these vulnerabilities are likely to proliferate. For instance, the shipping giant responsible for seventy-six ports worldwide and operating eight hundred vessels suffered an estimated $300 million in lost revenue due to a cyber attack that forced them to rebuild their entire network infrastructure of over forty-five thousand computers and four thousand servers.
The attack, which occurred in 2017, involved a ransomware worm named NotPetya that targeted the largest shipping company in the world, APM-Maersk, causing a shutdown of its IT systems across its network. Since then, ransomware campaigns have continued to target shipping lines, ports, and maritime service companies, with the maritime industry reporting a 400% increase in such attacks between February and June 2020.
The vulnerabilities in the maritime domain extend to the Automatic Identification Systems (AIS) used for situational awareness and safety. Despite their importance, these systems have several security vulnerabilities, including a lack of message timestamps and sender authentication. AIS spoofing, for example, can cause false positions to be reported, which can lead to navigational mistakes and potential collisions at sea. AIS spoofing has the potential to damage international relationships and escalate tensions between nations.
The grounding of the Ever Given in the Suez Canal in March 2021, causing a six-day blockage and delaying an estimated $9.6 billion in goods each day, was attributed to a combination of high winds and human error in navigational inputs by the bridge team. However, the potential for cyber threats was not far from mind. GPS jamming and spoofing have grown in frequency and complexity over the last decade, and adversaries can exploit these vulnerabilities to cause unprecedented havoc in the maritime domain.
Recognizing the importance of addressing these challenges, the U.S. Coast Guard published the first national Maritime Cybersecurity Plan in 2021. The plan aims to address cybersecurity challenges and protect the security of the American economy. Similarly, the Department of Defense has acknowledged the risks posed by GPS vulnerabilities, relying nearly completely on GPS for its primary maritime positioning, navigation, and timing (M-PNT), putting military personnel, assets, and systems at risk.
In response, the US government issued an executive order in 2020 to strengthen the Positioning, Navigation, and Timing (PNT) system and build resiliency into the PNT architecture. The Irregular Warfare Annex to the National Defense Strategy also recognizes that irregular warfare is a core competency for the entire joint force, and academics and practitioners have proposed and implemented mitigations and solutions to the vulnerabilities in the maritime domain, such as the return of analog technology training at the US Naval Academy.
The United States and Israel have attributed a series of drone attacks on ships, including one on an Israeli tanker off the coast of Oman in July 2021, to Iranian proxies. These incidents underscore the need for vigilance and the potential for cyber threats to escalate tensions between nations. As the maritime domain continues to evolve, addressing cybersecurity threats will be crucial to maintaining safety, security, and economic stability.
Read also:
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
- UNESCO Recognizes Traditional Board Game from Togaykumalak as Intangible Cultural Heritage
- Germany's digital autonomy remains elusive for now
