Hackers looking to infiltrate the shipping industry could go after ships — but would they?
The Norwegian Shipowners’ Mutual War Risks Insurance Association (DNK) looked into the issue, working with a group of hackers on industrial control systems to gauge cyber risk for vessels, chief digital officer Irene Philipps said.
“The answer is: ‘It can be done, but why on Earth would we do it?’ ” she said at an event held by Norwegian law firm Thommessen on Thursday.
“It’s so much work. Given that vessels are complex and they’re often not connected, they’re less exposed to attacks than one would think.”
For shipowners, the bigger risk is the supply chain, where they are reliant on the same suppliers, potentially opening a door for cyber crime.
Philipps described those relationships as having fewer controls and security requirements, with contracts leaving open questions of liability.
“The industry is fragmented. The industry is also very dependent on the same suppliers.”
Shipowners have had to pay multimillion-dollar ransoms in cyber attacks in recent years on top of losses — including a 2017 attack on AP Moller-Maersk that cost the liner giant $300m — and industry players have warned against everything from a major waterway being shut down to vulnerabilities created with the advent of artificial intelligence systems.
Protection and indemnity clubs have typically covered cyber attacks, but that is shifting, giving rise to some speciality insurers and established organisations offering separate products.
In November, the Swedish Club said it would begin offering insurance against cyber attacks and DNK intends to launch its own cyber-focused product this year.
Philipps stressed that cyber attacks do not happen at random; hackers are usually backed by countries, such as Iran, Russia and China, or are part of organised crime groups.
State actors are looking for intelligence and to disrupt geopolitical rivals, while criminal elements evaluate targets based on who they think can pay.
The organised crime groups are structured like businesses, specialising in certain kinds of attacks and even setting up customer support groups, she added.
“The key thing to understand is that cyber crime is an industry and it really has developed into an industrial stage. Maritime is as exposed as any other industry.”
