Connect with us

Hi, what are you looking for?



Troubled Waters: How A New Wave of Cyber-Attacks is Targeting Maritime Trade

Protecting Vital Commercial Hubs Requires Thinking Beyond Air-Gapping or Standard IT Solutions

Protecting Vital Commercial Hubs Requires Thinking Beyond Air-Gapping or Standard IT Solutions

In concrete terms, the historical “air gap” separating industrial control systems from enterprise networks meant that factories and shipyards were more or less immune to cyber-attack. As long as systems were air-gapped it didn’t matter how pernicious or effective the cyber-threat became, we felt confident that these virtual concerns couldn’t impact our physical infrastructure.

But recent years have proven us wrong. As the global transition to smart infrastructure — from IoT sensors in trash cans to app-controlled irrigation systems — has enabled enormous gains in efficiency and precision, at the same time it has quietly deflated this air gap. As nearly every sector is digitizing, operational technology (OT) and IT are now intertwined more closely than ever before.

The global shipping industry has recently been under the spotlight as it discovers this truth, with companies and ports across the world significantly affected by cyber-attacks during the last few years. The 2017 NotPetya ransomware outbreak was one of the most devastating such attacks in history, and it one of the most well-known shipping companies more than $300 million in damages. Just over a month ago, on the heels of an attack on the Port of Long Beach, both the Port of Barcelona and the Port of San Diego suffered major security breaches in the span of less than a week.

Smart Port The increasing convergence of IT and OT systems shows no signs of slowing. The rapid shift toward hyper-connected “smart” ports, for instance, is rendering physical harbors susceptible to traditionally digital threats. It is perhaps no surprise that the Port of Barcelona announced its intention to become a “digital port” just last year.

In addition to causing operational delays and necessitating expensive system repairs, the real risk posed by cyber-threats targeting critical infrastructure lies in their power to jeopardize real-world safety. Incidents like the 2014 explosion at a German steel mill, the result of a cyber-attack that began as a spear-phishing email, perhaps herald a future wherein existential dangers like war and terrorism exist entirely in cyberspace.

Although the full details have not yet emerged, the recent attacks in Barcelona and San Diego appear to be targeted, with the inadvertent success of last year’s ransomware campaign perhaps inspiring attackers to focus on the maritime sector. This sector is particularly threatened by disruptions due to such technology’s increasingly indispensable role in global trade. A serious compromise could inflict reputational damage, cause significant financial losses to the infected port, disrupt global trade, and even potentially manipulate the global market. 

Protecting these vital commercial hubs has never been more imperative, but requires thinking beyond air-gapping or standard IT solutions. OT environments like ports are highly bespoke and are often comprised of machines whose antiquated operating systems don’t support modern security tools. Safeguarding the maritime industry is a task best accomplished with a technology that can learn the intricacies and normal behavior of industrial control systems while on the job. Hundreds of organizations in the maritime, energy & utilities, and critical infrastructure sectors are already working to implement sweeping security changes, deploying technologies that leverage innovations in cyber AI to identify anomalies and intercept threats in real time.

Warfare has already moved to the cyberspace – battles aren’t fought with guns across border lines, but with ones and zeros on both IT and OT networks. As this shift occurs, we need to reconsider the ways that we’re defending our digital and physical infrastructure.

Advertisement. Scroll to continue reading.

This process begins with an awareness of the ways that digitalization projects expand the attack surface, but it also needs to include a reevaluation of our broader strategies and the tools we’re relying upon. Luckily, technology capable of autonomously fighting back against cyber-attackers already exists. The onus is now on industrial centers – from ports to oil rigs – to fight to stay one step ahead of our evolving adversary.

Related ReadingMaritime Cybersecurity: Securing Assets at Sea

Learn More at SecurityWeek’s ICS Cyber Security Conferece

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.