As part of your healthy summer reading, have you also gone through the CCDCOE paper, “Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure”?

No?

Then let me offer a brief personal reflection on and around the topic of port cybersecurity.

In this fine month of July 2025, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) published a Policy Brief entitled “Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure”.

Today, the relatively low cost (a few tens of euros for a basic receiver), the miniaturization of hardware, and the widespread availability of GPS receivers have led many to assume that this global infrastructure will always be available. These advantages have also enabled the rapid expansion of GPS usage across many sectors where it was previously absent: healthcare, pet tracking, sports, agriculture, domestic robotics such as lawn mowers, photography, and even port cranes (see also this article). As a result, it is now difficult to estimate how many GPS receivers are currently deployed worldwide.

According to a report published by Lloyd’s of London in collaboration with CyRiM (see the video here and the full PDF report here), and relayed by the news agency Reuters, a cyberattack targeting Asian ports could result in losses of up to 110 billion dollars. This amount is roughly equivalent to half of the total economic losses caused by natural disasters in 2018.

It is worth recalling that Lloyd’s specializes in commercial risk insurance. Such risks are generally less insured in Europe and Asia than in the United States.

After recalling the digital transformation underway across the maritime industry and the growing dependency that accompanies it, the insurer reviews several cyber incidents that have already affected the sector (MSC, COSCO, Maersk, among others).

Building on the key findings of the CyRiM study (see this article from November 2019 discussing it, the report then examines the Shen Attack scenario described in that analysis. Applied to the maritime sector, the scenario estimates that a large-scale cyberattack could impact up to 15 ports in Asia.

This 71-page guide, which can be compared to the work published by ENISA at the end of last November, brings together a set of best practices aimed at improving the management of cyber risks affecting port systems.

The document is relatively comprehensive and covers topics such as risk analysis, the implementation of security policies, the distribution of cybersecurity roles within port organizations, and the protection of industrial systems.

On November 26, 2019, ENISA (the European Union Agency for Cybersecurity) published a report titled “Port Cybersecurity – Good practices for cybersecurity in the maritime sector”.

Context

Like the rest of the maritime sector, ports are undergoing rapid digital transformation and increasingly evolving toward the concept of the smart port. The objective is to improve efficiency across logistics, safety, and financial performance.

Many technological trends are involved in this transformation, including IoT, blockchain (particularly for logistics), big data, cloud computing, automation, artificial intelligence, and 5G. While these technologies can improve operational capabilities, they also increase the potential exposure of port infrastructures to cyber threats.

The website of the U.S. Coast Guard (which is involved in cyberspace issues, as mentioned in this article) reports that a U.S. maritime operator was impacted by the “Ryuk” ransomware.

This malicious code is not new. It first appeared in the summer of 2018 and has already affected numerous companies, such as Eurofins in the summer of 2019 or Prosegur more recently. As noted by CheckPoint, the malware is not particularly sophisticated from a technical perspective, but it specifically targets large companies and organizations with significant financial resources that may prefer to pay a ransom (which is not recommended and does not always work, particularly in the case of Ryuk) rather than lose several days of operations. As early as January 2019, it had already generated €3 million for its operators (source: Le Monde). In March 2019, the French cybersecurity agency ANSSI published both an alert bulletin and a news bulletin about this malware.

For vessels, these scenarios may include:

• attempts to spoof or jam positioning or communication systems, either directly targeting the vessel or affecting its surrounding environment
• malfunctions or loss of availability of ECDIS navigation systems, even though these systems are often deployed with redundancy
• the transmission of false safety information to vessels (GMDSS alerts, AIS data, weather information, etc.)
• intrusions targeting onboard industrial control systems, including propulsion, navigation, or cargo management systems
• the remote takeover of a vessel or part of its systems
• the partial or complete encryption of onboard information systems through ransomware attacks

Ports are also exposed to similar risks, including:

“It is therefore important that we protect our maritime and port infrastructure to prevent any major disruption to port operations and the delivery of services,”
said Niam Chiang Meng, Chairman of the Maritime and Port Authority of Singapore.

]]>https://maritimeinfosec.org/maritime-information-systems/Fri, 26 Oct 2018 14:08:42 +0000Olivier JACQhttps://maritimeinfosec.org/maritime-information-systems/

In this article, I explain in more detail what a maritime information system is, attempting to classify them as clearly as possible.

Maritime information systems can refer to different types of infrastructure:

• ships:
  • merchant vessels
  • warships
  • recreational vessels
  • fishing vessels
  • scientific / hydro-oceanographic / fisheries research vessels
  • barges
• ports and naval infrastructures:
  • container loading/unloading systems, smartports, logistics systems
  • Port and Cargo Community Systems
  • cranes and gantries
  • dock and basin management systems
  • locks
  • pipelines
• other onshore facilities:
  • maritime informatics of signal stations, MRCC (Maritime Rescue Coordination Centers), ship command and management centers
• offshore installations:
  • drilling platforms
  • Marine Renewable Energies (MRE): wind turbines, tidal turbines…

Next, to make things easier to understand, I tend to divide systems into two major families: “IT” systems (Information Technology), which are fairly similar to what can be found in other sectors, and “OT” systems (Operational Technology), which, to simplify, could be described as “operational systems”, more specific to the maritime information domain.

]]>