Estonia receives €2.5 million from the European Union to create a maritime cybersecurity center

The Digital Forensics and Cybersecurity Center of the Tallinn University of Technology (TalTech) and the Estonian Maritime Academy have received nearly €2.5 million in funding from the European Union to establish a maritime cybersecurity center.

Dan Heering, one of the project leaders at the Estonian Maritime Academy, explains that “the maritime industry has never really taken cybersecurity seriously, and there is still a great deal of work to be done in this area. Because there is very little publicly available information about successful cyberattacks or incidents involving ships, shipowners often underestimate the threat.”

It is worth recalling that a public list of known incidents does exist. By definition it is incomplete, but it can be consulted here.

Heering also notes that during his master’s internship he was surprised by the level of indifference among many shipowners: “This is partly due to a lack of regulation requiring shipowners to address and reduce cyber risks and to train their crews. However, starting next January, shipowners will be required to incorporate cyber risks into their risk management documentation.”

TalTech also points out that this lack of attention can be explained by limited awareness of the threat and of the potential damage caused by a successful cyberattack. For many operators, cybersecurity risk management is still perceived as a cost rather than an investment.

Nevertheless, several incidents have been publicly reported over the past decade. In 2019, for example, a vessel en route to New York had to contact the U.S. Coast Guard after a malware infection on board. The infection significantly affected the ship’s systems and reduced its ability to maneuver safely. In 2017, cybersecurity expert Campbell Murray demonstrated that it was possible to compromise a modern vessel using only a laptop computer. Within about thirty minutes, he managed to access the ship’s Wi-Fi network, read, delete, and even modify emails. He also gained access to financial data belonging to the ship’s owner, as well as to security cameras, satellite communications, and navigation systems. In theory, this level of access would even have made it possible to get the vessel underway.

According to Olaf Maennel, professor of cybersecurity at the Digital Forensics and Cybersecurity Center, many shipping company executives are still not fully aware of the risks building around their operations. Ships are becoming increasingly dependent on digital technologies and internet connectivity, including electronic charts, digital cargo manifests, and extensive use of satellite communications. “This means that onboard computer systems are vulnerable, and the potential damage for large shipping companies could reach hundreds of millions of euros,” he explains.

He also anticipates a rapid increase in the number of autonomous machines connected to one another in the near future. This trend highlights the need to develop communication protocols that are resilient to cyberattacks and to significantly improve awareness and preparedness among crews.

The future maritime cybersecurity center will aim to develop doctoral and master-level training programs, organize conferences and events, and promote research in the field. Students preparing for seafaring careers at the Estonian Maritime Academy will, for the first time next year, receive dedicated training in cybersecurity and cyber risk management.

For the record, in autumn 2019 the two institutions submitted their funding request to the European Union under the H2020 “ERA Chairs” program. The goal of this program is to help universities and research organizations located in “convergence” and peripheral regions of the European Union strengthen their competitiveness in research funding.

It is also worth remembering that Estonia experienced a major wave of cyberattacks in 2007 and has since invested heavily in cybersecurity. Among the outcomes were the publication of the well-known Tallinn Manual, a reference work on the application of international law in cyberspace, and the establishment in Estonia of NATO’s cyber defense center of excellence, the renowned CCDCOE (Cooperative Cyber Defence Centre of Excellence).