Insights

5‌ ‌Reasons‌ ‌The‌ ‌Maritime‌ ‌Industry‌ ‌Lags‌ ‌Behind‌ ‌On‌ ‌Cyber‌ ‌Security‌

maritime cyber security

When‌ ‌it‌ ‌comes‌ ‌to‌ ‌cyber‌ ‌security,‌ ‌the‌ ‌maritime‌ ‌and‌ ‌logistics‌ ‌industry‌ ‌is‌ ‌like‌ ‌an‌ ‌antelope‌ ‌in‌ ‌the‌ African‌ ‌savannah:‌ ‌A‌ ‌lucrative‌ ‌target‌ ‌with‌ ‌limited‌ ‌defenses‌ ‌and‌ ‌escape‌ ‌options.‌ 
 
Unlike‌ ‌many‌ ‌other‌ ‌industries,‌ ‌such‌ ‌as‌ ‌healthcare,‌ ‌finance‌ ‌and‌ ‌retail,‌ ‌the‌ ‌logistics‌ ‌and‌ ‌maritime‌ sector‌ ‌lags‌ ‌behind‌ ‌in‌ ‌the‌ ‌adoption‌ ‌of‌ ‌cyber‌ ‌security‌ ‌tools‌ ‌and‌ ‌methodologies‌ ‌that‌ ‌can‌ ‌respond‌ ‌to‌ modern‌ ‌threats.‌ ‌Companies‌ ‌in‌ ‌this‌ ‌industry‌ ‌tended‌ ‌not‌ ‌to‌ ‌have‌ ‌implemented‌ ‌the‌ ‌software‌ solutions‌ ‌they‌ ‌need‌ ‌to‌ ‌bolster‌ ‌their‌ ‌defenses.‌ ‌More‌ ‌importantly,‌ ‌they‌ ‌struggle‌ ‌to‌ ‌adapt‌ ‌cyber‌ security‌ ‌best‌ ‌practices‌ ‌and‌ ‌processes‌ ‌–‌ ‌which‌ ‌typically‌ ‌aren’t‌ ‌designed‌ ‌for‌ ‌businesses‌ ‌with‌ large-scale‌ ‌physical‌ ‌assets,‌ ‌to‌ ‌the‌ ‌unique‌ ‌nature‌ ‌of‌ ‌their‌ ‌business.‌ 
 
At‌ ‌the‌ ‌same‌ ‌time‌ ‌these‌ ‌companies‌ ‌make‌ ‌for‌ ‌particularly‌ ‌attractive‌ ‌targets.‌ ‌Cybercriminals‌ ‌know‌ that‌ ‌these‌ ‌businesses‌ ‌face‌ ‌especially‌ ‌high‌ ‌losses‌ ‌when‌ ‌disruptions‌ ‌to‌ ‌IT‌ ‌systems‌ ‌cause‌ ‌a‌ slowdown‌ ‌in‌ ‌logistics.‌ ‌As‌ ‌a‌ ‌result,‌ ‌the‌ ‌industry‌ ‌is‌ ‌a‌ ‌great‌ ‌market‌ ‌for‌ ‌attackers‌ ‌seeking‌ ‌ransom.‌ 
 
Given‌ ‌these‌ ‌challenges,‌ ‌it’s‌ ‌no‌ ‌surprise‌ ‌that‌ ‌cyberattacks‌ ‌in‌ ‌the‌ ‌maritime‌ ‌industry,‌ ‌such‌ ‌as‌ ‌those‌ that‌ ‌targeted‌ ‌‌HMM‌,‌“K”‌ ‌Line‌,‌ ‌and‌ ‌recently‌ ‌the‌ ‌Transnet‌ ‌group‌ ‌in‌ ‌South‌ ‌Africa‌ ‌have‌ ‌become‌ commonplace.‌ 
 
The‌ ‌question‌ ‌is:‌ ‌What‌ ‌can‌ ‌businesses‌ ‌do‌ ‌to‌ ‌manage‌ ‌maritime‌ ‌cyber‌ ‌security?‌ ‌How‌ ‌can‌ companies‌ ‌in‌ ‌this‌ ‌sector‌ ‌build‌ ‌cyber‌ ‌resiliency‌ ‌into‌ ‌their‌ ‌IT‌ infrastructure?‌ ‌The‌ ‌first‌ ‌step‌ ‌in‌ ‌answering‌ ‌these‌ ‌questions‌ ‌is‌ ‌understanding‌ ‌why‌ ‌maritime‌ ‌and‌ ‌logistics‌ ‌lags‌ ‌behind‌ ‌most‌ ‌other‌ industries‌ ‌in‌ ‌the‌ ‌domain‌ ‌of‌ ‌cybersecurity.‌ ‌There‌ ‌are‌ ‌five‌ ‌main‌ ‌factors‌ ‌at‌ ‌play,‌ ‌which‌ ‌we‌ ‌unpack‌ 
below.‌ 

1.Investments‌ ‌in‌ ‌digitization‌ ‌outpace‌ ‌security‌ ‌investments‌ 

In‌ ‌the‌ ‌past,‌ ‌maritime‌ ‌companies‌ ‌relied‌ ‌heavily‌ ‌on‌ ‌bespoke‌ ‌software‌ ‌and‌ ‌hardware‌ ‌that‌ ‌wasn’t‌ usually‌ connected‌ ‌to‌ ‌the‌ ‌public‌ ‌Internet,‌ ‌at‌ ‌least‌ ‌not‌ ‌extensively.‌ ‌But‌ ‌over‌ ‌the‌ ‌past‌ ‌decade,‌ ‌they‌ have‌ ‌fully‌ ‌embraced‌ ‌the‌ ‌Internet‌ ‌of‌ ‌Everything‌ ‌by‌ ‌adopting‌ ‌highly‌ ‌sophisticated‌ ‌technical‌ equipment‌ ‌aboard‌ ‌ships,‌ ‌as‌ ‌well‌ ‌as‌ ‌complex‌ ‌software‌ ‌to‌ ‌operate‌ ‌it.‌ ‌In‌ ‌fact,‌ ‌the‌ ‌global‌ ‌maritime‌ industry‌ ‌is‌ ‌‌poised‌ ‌to‌ ‌invest‌ ‌over‌ ‌$38.4‌ ‌billion‌ ‌in‌ ‌IT‌‌ ‌and‌ ‌digitization‌ ‌over‌ ‌the‌ ‌next‌ ‌two‌ ‌and‌ ‌half‌ decades. 
 
Not‌ ‌only‌ ‌are‌ ‌these‌ ‌systems‌ ‌deeply‌ ‌intertwined‌ ‌with‌ ‌the‌ ‌Internet,‌ ‌but‌ ‌they‌ ‌are‌ ‌also‌ ‌complex,‌ multi-layered‌ ‌environments.‌ ‌As‌ ‌a‌ ‌result,‌ ‌they‌ ‌create‌ ‌a‌ ‌broad‌ ‌attack‌ ‌surface‌ ‌for‌ ‌cybercriminals‌ ‌to‌ target.‌ 
 
This‌ ‌may‌ ‌not‌ ‌be‌ ‌as‌ ‌much‌ ‌of‌ ‌an‌ ‌issue‌ ‌if‌ ‌maritime‌ ‌and‌ ‌logistics‌ ‌companies‌ ‌had‌ ‌invested‌ ‌in‌ ‌cyber‌ security‌ ‌solutions‌ ‌alongside‌ ‌digital‌ ‌systems.‌ ‌But‌ ‌most‌ ‌have‌ ‌not.‌ ‌They‌ ‌spent‌ ‌the‌ ‌past‌ ‌decade‌ rolling‌ ‌out‌ ‌new‌ ‌technology,‌ ‌without‌ ‌an‌ ‌equivalent‌ ‌investment‌ ‌in‌ ‌cyber‌ ‌resiliency.‌ 

2.Minimal‌ ‌management‌ ‌awareness‌ 

Part‌ ‌of‌ ‌the‌ ‌issue‌ ‌lies‌ ‌in‌ ‌the‌ ‌C-suite,‌ ‌too.‌ ‌Not‌ ‌only‌ ‌are‌ ‌few‌ ‌cyber‌ ‌security‌ ‌experts‌ ‌also‌ ‌experts‌ ‌in‌ logistics,‌ ‌but‌ ‌few‌ ‌managers‌ ‌in‌ ‌the‌ ‌logistics‌ ‌industry‌ ‌possess‌ ‌a‌ ‌deep‌ ‌understanding‌ ‌of‌ ‌cyber‌ security.‌  
 
‌This‌ ‌isn’t‌ ‌to‌ ‌say‌ ‌that‌ ‌management‌ ‌isn’t‌ ‌unaware‌ ‌that‌ ‌threats‌ ‌exist‌ ‌and‌ ‌maritime‌ ‌cyber‌ ‌security‌ is‌ ‌important.‌ ‌But‌ ‌to‌ ‌the‌ ‌extent‌ ‌that‌ ‌managers‌ ‌do‌ ‌recognize‌ ‌cyber‌ ‌security‌ ‌as‌ ‌a‌ ‌priority,‌ ‌they‌ ‌tend‌ to‌ ‌regard‌ ‌it‌ ‌as‌ ‌a‌ ‌“hot‌ ‌potato”‌ ‌that‌ ‌they‌ ‌pass‌ ‌onto‌ ‌the‌ ‌IT‌ ‌team‌ ‌to‌ ‌manage.‌ ‌They‌ ‌are‌ ‌slow‌ ‌to‌ ‌invest‌ in‌ ‌cyber‌ ‌initiatives‌ ‌or‌ ‌to‌ ‌ensure‌ ‌that‌ ‌executives‌ ‌understand‌ ‌the‌ ‌scope‌ ‌of‌ ‌modern‌ ‌cyber‌ ‌threats‌ and‌ ‌what‌ ‌it‌ ‌takes‌ ‌to‌ ‌manage‌ ‌them.‌ 
All‌ ‌of‌ ‌these‌ ‌factors‌ ‌–‌ ‌minimal‌ ‌regulation,‌ ‌imbalance‌ ‌between‌ ‌security‌ ‌and‌ ‌IT‌ ‌investments,‌ ‌lack‌ of‌ ‌managerial‌ ‌support‌ ‌and‌ ‌more‌ ‌have‌ ‌contributed‌ ‌to‌ ‌a‌ ‌culture‌ ‌in‌ ‌the‌ ‌shipping‌ ‌and‌ ‌logistics‌ industry‌ ‌that‌ ‌simply‌ ‌doesn’t‌ ‌prioritize‌ ‌cybersecurity.‌ 
 
Today,‌ ‌even‌ ‌lower‌ ‌ranking‌ ‌employees‌ ‌in‌ ‌fields‌ ‌like‌ ‌healthcare‌ ‌and‌ ‌technology‌ ‌are‌ ‌tuned‌ ‌into‌ cybersecurity‌ ‌risks.‌ ‌It‌ ‌has‌ ‌become‌ ‌bricked‌ ‌into‌ ‌their‌ ‌culture‌ ‌because‌ ‌it‌ ‌has‌ ‌been‌ ‌such‌ ‌a‌ ‌key‌ ‌(and‌ painful)‌ ‌focal‌ ‌point‌ ‌for‌ ‌so‌ ‌long.‌ 
 
The‌ ‌maritime‌ ‌industry‌ ‌has‌ ‌no‌ ‌equivalent‌ ‌cybersecurity‌ ‌culture.‌ ‌While‌ ‌some‌ ‌individuals‌ ‌within‌ ‌the‌ industry‌ ‌may‌ ‌prioritize‌ ‌security,‌ ‌the‌ ‌industry‌ ‌as‌ ‌a‌ ‌whole‌ ‌has‌ ‌allowed‌ ‌it‌ ‌to‌ ‌take‌ ‌a‌ ‌back‌ ‌seat‌ ‌to‌ other‌ ‌concerns,‌ ‌like‌ ‌optimizing‌ ‌logistics‌ ‌or‌ ‌improving‌ ‌tracking.‌ 

4. Lack of industry-specific cyber security knowledge

An additional factor is the difficulty of finding cyber security experts who understand the unique requirements of shipping companies. There is a severe shortage of cybersecurity professionals in general, and security analysts who also have experience in shipping and maritime logistics are a rare breed indeed, as these areas of expertise almost never overlap.

As a consequence, it has been difficult for maritime and logistics companies to find the talent they need to achieve cyber resiliency for IT infrastructures that span across the globe and involve constantly moving physical assets.

5. Lack of maritime cyber security regulations

The maritime and logistics industry has not faced as much regulatory enforcement as many other industries with regard to cybersecurity. Unlike tech and healthcare, for instance, there are few laws that impose security mandates around private information in the shipping industry.

The result of this paucity of regulation is obvious: Shipping and logistics companies have been less likely to invest in cybersecurity because they have faced less regulatory pressure to do so.

Regulation will likely take time to catch up. In the meantime, the responsibility lies with the companies themselves, and it will be driven by large customers demanding higher cybersecurity standards. More cyber-mature maritime and logistics companies are another driving force as they should be requiring such standards from their entire network of business partners. 

Policy makers need to understand the unparalleled social dependency placed on logistics to deliver everything from vaccines to Volkswagens. This necessitates building a safety net for an indispensable industry. 

Where we go from here

Cyber security is a relatively new focus for companies in the maritime industry — if it is a focus at all. But logistics and maritime cyber security needs to become a priority for everyone in the organization – from business leaders to operational teams, and everyone in-between. Companies in this sector make for the perfect target both because they have invested heavily in digital systems that lack adequate security, and because they have very much to lose by disruptions to their operations.

To plug this gap and leverage modern technology responsibly, shipping and logistics companies must work with maritime cyber security experts like Cyberstar, which possesses the special knowledge of the shipping industry that most cyber security professionals lack.Cyberstar guides logistics businesses in the security of their digital assets, investing in cyber security at the corporate level and building a security-focused culture, which in turn brings maritime companies up to speed with their counterparts on the cyber security front.  When business resiliency depends on cybersecurity, Cyberstar’s consultants help companies better prepare and rebound stronger.

Learn more about how Cyberstar can help your maritime business 

129

Recent Posts

Reputational harm

THE LONG TAIL OF CYBER HARMSAccording to the Cybersecurity…
91
Menu