Major risk scenarios affecting maritime information systems

Even a brief and high-level risk analysis makes it possible to identify several major risk scenarios that could affect the maritime sector. The list below is not exhaustive, but it provides an overview of some of the most relevant concerns.

For vessels, these scenarios may include:

• attempts to spoof or jam positioning or communication systems, either directly targeting the vessel or affecting its surrounding environment
• malfunctions or loss of availability of ECDIS navigation systems, even though these systems are often deployed with redundancy
• the transmission of false safety information to vessels (GMDSS alerts, AIS data, weather information, etc.)
• intrusions targeting onboard industrial control systems, including propulsion, navigation, or cargo management systems
• the remote takeover of a vessel or part of its systems
• the partial or complete encryption of onboard information systems through ransomware attacks

Ports are also exposed to similar risks, including:

• operational paralysis caused by ransomware attacks
• remote compromise of smart port infrastructures, exploiting the growing interconnection between operational and information systems
• manipulation of port logistics information systems, affecting vessel movements, passenger flows, cargo handling, or transport operations
• disruption of port services, such as pilotage, bunkering, berth allocation, or the availability of storage and handling areas