Threat sources targeting the maritime sector
Who might want to target maritime information systems?
Intentional threat sources are broadly similar to those encountered in other sectors. Rather than reproducing a long and exhaustive list of possible threat actors, it is worth noting that the French cybersecurity agency ANSSI has already documented them in detail (see p. 15 and following pages in the reference below).
Today, the most realistic threat sources include:
- state-sponsored actors, pursuing objectives such as espionage, pre-positioning within systems, or even disruption and destruction
- “casual” hackers, inspired by demonstrations or proof-of-concept attacks presented at cybersecurity conferences and attempting to reproduce them
- competitors, a possibility that cannot be completely ruled out and should at least be considered in risk assessments
- terrorist or piracy-related organizations, which could see financial or strategic value in such attacks
- collateral infections, meaning attacks that do not specifically target the maritime sector but still affect it, as is often the case with ransomware campaigns
It is worth remembering that cyber operations have several advantages for attackers: they can often be carried out anonymously, attribution is difficult, and attacks can be launched rapidly and at relatively low cost (especially when the attacker only needs to deploy existing tools).
However, not all threats are intentional. Two common non-malicious sources should also be considered:
- internal threats, often unintentional—for example, a captain connecting a personal smartphone to a workstation connected to the company’s intranet on board the vessel
- external interventions, such as maintenance technicians or system integrators, whose cybersecurity awareness and operational practices may vary significantly
Beyond these frequently discussed threat sources (particularly the first four), it is important not to overlook accidental threats such as fires, equipment failures, or other technical incidents. These events can be just as damaging but are sometimes underestimated because attention tends to focus primarily on deliberate cyber threats.