900% increase in cyberattacks targeting maritime operational systems

According to the English-language website Vanguard, operational technology (OT) systems in the maritime sector have experienced an increase in cyberattacks of around 900% over the past three years. As a reminder, “OT” refers to Operational Technology, meaning, according to the NIST definition, the set of constrained information systems used in industrial and operational environments (industrial control systems, operational applications), as opposed to IT, which refers to more traditional information systems such as corporate networks or intranet services.

This alarming figure comes from the company Naval Dome. Its head of U.S. operations presented these numbers in mid-July 2020 during a webinar aimed at ports and terminal operators (2020 Port Security Seminar & Expo).

According to the presentation, there were reportedly around 50 incidents in 2017, 120 in 2018, and 310 in 2019, with projections of more than 500 major cybersecurity breaches in 2020. For comparison, our own figures—compiled year by year and based on publicly available sources—can be found here: [(/known-incidents/]). These include well-known incidents affecting ports and shipping companies (Barcelona, San Diego), as well as cases involving Austal, COSCO, MSC, the Ryuk ransomware infections in the United States, and the more recent cyber incident targeting an Iranian port.

The speaker also referenced the Lloyd’s of London report previously discussed on this site, which estimated that a cyberattack affecting 15 major Asian ports could generate economic losses exceeding US$110 billion—losses that would largely not be covered by insurance, as OT systems are often excluded from cyber insurance policies.

In ports, OT systems are widespread: RTG and STS cranes, vessel control systems, cargo transit management platforms, and safety and security systems. According to Naval Dome, the main difficulty lies in the fact that these OT environments are often not continuously monitored from a cybersecurity perspective, meaning that threats can remain undetected for much longer.