After recalling the digital transformation underway across the maritime industry and the growing dependency that accompanies it, the insurer reviews several cyber incidents that have already affected the sector (MSC, COSCO, Maersk, among others).

Building on the key findings of the CyRiM study (see this article from November 2019 discussing it, the report then examines the Shen Attack scenario described in that analysis. Applied to the maritime sector, the scenario estimates that a large-scale cyberattack could impact up to 15 ports in Asia.

For vessels, these scenarios may include:

• attempts to spoof or jam positioning or communication systems, either directly targeting the vessel or affecting its surrounding environment
• malfunctions or loss of availability of ECDIS navigation systems, even though these systems are often deployed with redundancy
• the transmission of false safety information to vessels (GMDSS alerts, AIS data, weather information, etc.)
• intrusions targeting onboard industrial control systems, including propulsion, navigation, or cargo management systems
• the remote takeover of a vessel or part of its systems
• the partial or complete encryption of onboard information systems through ransomware attacks

Ports are also exposed to similar risks, including:

Intentional threat sources are broadly similar to those encountered in other sectors. Rather than reproducing a long and exhaustive list of possible threat actors, it is worth noting that the French cybersecurity agency ANSSI has already documented them in detail (see p. 15 and following pages in the reference below).

Today, the most realistic threat sources include:

• state-sponsored actors, pursuing objectives such as espionage, pre-positioning within systems, or even disruption and destruction
• “casual” hackers, inspired by demonstrations or proof-of-concept attacks presented at cybersecurity conferences and attempting to reproduce them
• competitors, a possibility that cannot be completely ruled out and should at least be considered in risk assessments
• terrorist or piracy-related organizations, which could see financial or strategic value in such attacks
• collateral infections, meaning attacks that do not specifically target the maritime sector but still affect it, as is often the case with ransomware campaigns

It is worth remembering that cyber operations have several advantages for attackers: they can often be carried out anonymously, attribution is difficult, and attacks can be launched rapidly and at relatively low cost (especially when the attacker only needs to deploy existing tools).