There is no future without development, and this is not achieved without a digital environment and integrated technologies. In this scope there are no borders between countries or between the public and private sectors neither between the various economic and industrial activities. There is only customized knowledge, communication, interaction, progress and evolution. As a consequence, there is a challenge concerning security and risk reduction in the operation and maintenance process.

​Cyberattacks in 2018 are ranked among the top three threats facing the world, according to the World Economic Forum.

​Cyber security should be seen as an integral part of overall management against the increasing trend of threats both in scope and complexity.

Maritime sector

Cyber security is now a priority in the shipping sector, as it is an interesting yet sensitive target for cyber attacks.
It is proven that 90% of global trade is transported by merchant ships, increasingly dependent on digital and operational technology, coupled with the vast network of service providers, while port management also plays a central role in the supply chain of the globalized market and real impact in the daily lives of most of the world’s population.

Oil & Gas sector

Cybersecurity is a top priority for Upstream, Midstream and Downstream functions in the Oil & Gas industry.
From wells to terminals & fuel stations, throughout the full value chain, a huge attack surface is created which could lead to economic or life losses up to very serious environmental incidents.

Energy sector

Cyber Security in the energy sector is a major concern. From conventional or renewable production, transportation, storage and distribution, energy is inarguably one of the most critical assets in modern society. It is all about its stability and prosperity.

Our effort is to include the following Key Topics for discussion:

  • EU CyberSecurity strategy
  • CyberSecurity regulations & standards
  • Cyber strategy assessments
  • CyberSecurity information sharing & collaboration
  • CyberSecurity awareness, training, exercising, guidance
  • Cyber risk and threat identification and assessment
  • CyberSecurity, business intelligence, and data analytics
  • CyberSecurity implications for IT-OT, Scada/ICS, Big Data
  • Cyber-physical systems and Internet of Things
  • CyberSecurity and artificial intelligence (AI)
  • CyberSecurity and blockchain
  • CyberSecurity and the human factor

More info about the online event:


Author: Ewan Robinson, director of maritime communications and solutions provider Yangosat. 

We hacked a ship. The Owner is Liable.

Well, we hacked the communications system of the ship. Technically we have been doing this for a few years.

This time we did it like a “bad guy” would.

We got into the vessel, belonging to a multinational company, and found out everything possible about the system, the setup, the manufacturers information.

This is a very specialised vessel that was alongside in the capitol city of a major European country, carrying out cargo discharge.

We could have broken the system so badly, the vessel would have been back to Sat-C and flag signals.

Any information going through that satcomm would have been able to be collected, checked and used.

As we are Ethical Hackers, we are obliged to act in certain ways. One of them is that we have to tell everyone involved if we did something during testing.

We did. Well, we tried to.

The Owners operators, when we finally managed to get someone in the overworked operations department to listen, didn’t care and ignored us.

The manufacturers didn’t even bother to respond.

All of the test was documented, peer reviewed and otherwise substantiated by trusted persons.

The lawyers are going to have a field day and be very happy.

Ship owners are not.

Owners and operators are being badly supported and advised by these super providers, who use third party engineers, or poorly trained engineers, and leave systems in an exposed state. Equipment manufacturers and developers are so guilty of poor techniques and security that using “industry best practice” is a total contradiction.

Lawyers, P&I and Class are going to be so busy refusing claims in the event of a cyber incident, that the poor owners are not going to know where to turn.

Owners are forced into accepting sub-standard equipment. This equipment cannot be made secure in its current format, and yet the manufacturers and developers, fail to update and secure them.

The providers supply this equipment, along with the bandwidth and engineers who install them, and then incorrectly configure and allow public access to them. The Owner is still liable.

So how were they failed?

We have been presenting at various conferences over the last few years, highlighting how exposed we are as an industry to ‘hackers’ and bad actors.

It normally consisted of a prepared victim vessel, using a system that had been poorly configured by the provider, or the providers appointed/trained engineer, and accessing the equipment onboard, normally the antenna or satcomm system. It’s a quick way to display to an audience just how much we are ‘displaying publicly’.

recently someone asked “what could someone actually do?”

A relevant question we thought, so we tested to see what we could actually do.

As a basic attack, an intruder could lock out all the users from accessing the equipment. They could turn off the satcom, or prevent systems and users onboard gaining access to the internet or to systems onshore or stop onshore reaching the vessel.

OK, so this is annoying and disruptive, costing from a few hundreds to several tens or hundreds  of thousands if the charterer deems “off hire” status due to lack of communications.

Well, that’s quite expensive, potentially.

But what can we learn from the systems we can get at?

A lot.

Given the amount of systems that are exposed to the internet, with poor configuration, it is relatively easy to find a ‘victim’, and to maximise the information gained by using the tools available and exposed by the simplest of mistakes.

Default admin passwords.

There is a need for it, but no excuse for it.

Service Providers, who manage several thousands of vessels, still use engineers who leave default admin usernames and passwords.

So, it’s a fault on one vessel, but it cant really hurt can it?

It can. And it does.

Our target vessel was found.

That took 7 minutes to locate.

It belonged to a very large multinational corporation. The default username and password was still in effect on the VSAT system.

Access was made to the administration area, so all usernames and passwords could be changed. Also available was access to the system by FTP. Even if this had not already been enabled, as we were in the Admin area, we could have enabled it.

This is where major security flaw #1 was found. The FTP access gave access to the entire operating system of the device, not just the FTP area.

Major security flaw #2 was putting a text file in every folder with a map of the entire structure of the operating system.

This allowed for finding and copying the ‘hidden’ password file to our local machine. It was actually encrypted.

2 hours later, it wasn’t.

So now we had all the manufacturers usernames and passwords.

Now we can access the publicly available machines where they have changed the default admin username and password, by using the manufacturers. They have these so the engineers can always get in. Great for business and support, not so for security.

The network connections listed in the antenna setup were then investigated.

The VSAT Modem was accessed, again using default connections on SSH, with publicly available usernames and passwords.

Command line access to the modem was achieved, allowing us to take control and alter the configuration. In effect we could now control the communications in 2 different places.

Such systemic failures, at the developmental and operational level, are going to have huge issues when Cyber 2021 comes into force next year.

Class and P&I will be left wondering who to refuse claims and who to sue for negligence when there are events, while the operators are trusting the providers to implement correctly, and the manufacturers and developers are failing at such basic levels, they will likely be left with the legal responsibility in the first instance.

The lesson of life in todays marine communications environment?

Don’t trust what’s being given to you.

Unless you have had your own trusted IT check what’s gone before, why would you blindly trust a stranger with your vessels now?

The Owner is Liable.

Yangosat is a maritime communications and solutions provider, helping shipowners and providers realise new systems and invigorate existing ones. This article has been reproduced with the author’s permission. 


Terminal operator DP World has become the latest supply chain stakeholder to join the TradeLens blockchain-based digital container logistics platform, jointly developed by Maersk and IBM.

DP World says that it aims to connect all of its 82 marine and inland container terminals, as well as feeder companies and logistics divisions, with TradeLens. In 2019 DP World’s terminals handled 71.2 million TEU containers from around 70,000 vessels.

From the terminal operator’s standpoint, better access to data via the platform will provide improved visibility of container flows across multiple carriers, allowing for more efficient planning at its facilities. The move will also strengthen its own digital offerings via the Digital Freight Alliance, founded by DP World earlier this year to bring together logistics providers using the,, and platforms.

“Our decision to team up with TradeLens is driven by our vision for intelligent logistics, reducing costs and creating value,” said Sultan Ahmed Bin Sulayem, Group Chairman and Chief Executive Office of DP World.

“DP World is working to deliver integrated supply chain solutions to cargo owners, backed by our global network of ports, terminals, economic zones and inland operations. By working with TradeLens we will accelerate the digitisation of global trade.”

“Modernising the processes by which logistics operate is critical to building more robust and more efficient supply chains which will help economic development and generate more prosperity.”

DP World has already connected Cochin Port in India with TradeLens via API. Plans to collaborate with other DP World business units, including the feeder line Unifeeder, have also been initiated. More than 110 different operators’ ports and terminals are now directly integrated with the blockchain platform.

“It is very encouraging to see the continued adoption of the TradeLens platform among global logistics players as it helps global supply chain customers expand and explore the benefits of digital documentation flows,” said Vincent Clerc, CEO of Ocean and Logistics, Maersk.

“In turn, the broadened geographic scope of the platform provides new opportunities for TradeLens ecosystem participants to innovate and develop digital offerings on the platform.”



Royal IHC (IHC) has been awarded the contract for the engineering and equipment delivery for a new 6,540m³ Trailing Suction Hopper Dredger (TSHD) for Weeks Marine Inc. (Weeks). This is an identical vessel to the MAGDALEN that was delivered in 2017. Part of the contract is the supply of key components as well as the provision of several technical services during the construction process.

The vessel, which will sail under the name R.B. WEEKS, will be built at Eastern Shipbuilding Group’s Allanton Shipyard Panama City, Florida. The new TSHD is designed for beach nourishment and capital dredging works and is highly automated.

IHC is honoured to have been selected by Weeks once again for the vessel design and supply of key components. This repeat order confirms the satisfaction expressed by Weeks about the construction of the MAGDALEN and its performance, and underlines IHC’s proven track record in designing world-class dredging vessels and equipment. Moreover, IHC is very excited and committed to become the partner of choice in a very challenging but promising market, which has all the signs of picking up momentum.

Hans B. Blomberg, Weeks’ Technical Manager Hopper Dredgers, says: “We are excited to be working with Royal IHC again on our sister vessel construction project. IHC’s engineering and hardware supply services will assure that we will once again have a first-class vessel utilising the most modern and innovative technology available on the market.”

His view is shared by Erdinç Açıkel, IHC’s Head of Custom-Built Hopper Dredgers, who adds: “We are proud that Weeks – a long-standing and highly valued customer of ours – has again chosen IHC to be its reliable partner. It underscores the trust that this leading market player in the USA puts in the performance and technology of our engineering and dredging solutions.”

Key components
Like the MADGALEN, the R.B. WEEKS will be equipped with IHC-designed and built equipment, including the complete and highly efficient dredging installation, dredging automation and instrumentation, propulsion and main electrical system. The vessel will again be equipped with IHC’s unique dynamic positioning and tracking (DP/DT) system and eco pump controllers, which will both further enhance its efficiency.

Technical services
IHC will also provide a number of technical services, including the assistance of its qualified engineers for inspection during installation of the delivered equipment at the shipyard, and support during start-up and commissioning of the dredger. The delivery of the R.B. WEEKS is scheduled for early 2023.



A consortium of Bouygues, Saipem, and Boskalis has been awarded the contract for design, construction, and installation of 71 concrete Gravity-Based Structures (GBS) which will serve as foundations for the Fécamp offshore wind farm turbines in Normandy, France.

The award was made by Eoliennes Offshore des Hautes Falaises (EOHF), following the launch of the $2,2 billion offshore wind project by EDF Renewables, Enbridge, and wpd on Tuesday.

The contract carries a total value of EUR 552 million (USD 616 million). The contract value split is 40.5% (Bouygues Travaux Publics) 40.5% (Saipem) 19% (Boskalis).

The offshore wind farm will be located between 13 and 22 kilometers off the coast of Fécamp in Normandy. The 71 wind turbines, to be delivered by Siemens Gamesa, will be connected to the gravity-based foundations installed on the seabed at depths between 25 and 30 meters.

Within the consortium, Bouygues, as the leader of the Consortium, and Saipem are tasked with the design, construction, and installation on the seabed of the 71 gravity-based foundations with an individual weight of up to 5,000 tonnes necessary to provide the stability of the 7MW wind turbines. Boskalis is tasked with the design and preparation of the seabed rock foundation prior to GBS installation, and the scour protection and ballasting of the GBS’ after installation on the seabed.

The foundations will be constructed in the Bougainville maritime works yard in the Grand Port Maritime of Le Havre and will be transported by barge to the offshore wind farm site. The works, which will start in the next few days, should be completed by the end of 2022. The commissioning and operational start-up of the wind farm are planned for 2023.

With a total power output of some 500 MW, the Fécamp offshore wind farm should produce the equivalent of the domestic electricity consumption of approximately 770,000 people, representing more than 60% of the inhabitants of the Seine-Maritime department.



Dryad Global’s cyber security partners, Red Sky Alliance, perform weekly queries of  backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

With our cyber security partner we are providing a weekly list of Motor Vessels where it is observed that the vessel is being impersonated, with associated malicious emails.

The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies.  Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.

Tactical Cyber Intelligence Reporting

In the above collection, we see malicious actors attempting to use vessel names to try to spoof companies in the maritime supply chain.  This week we observed a wide variety of maritime-related subject lines.    Some of the new vessel names used this week include “MT Pavino” and “MV GOLDEN PEARL” among others.

Analysts observed subject line “M/V Ocean Adventure – Fittings for Rescue Boat Repair” being used in a malicious email this week.  The malware contained in this email is one of the most common pieces of malware observed by analysts across all industries.

The email sender is listed as “li <>.” The sending email address does not appear to be registered to any legitimate company, and the domain (eliteomar[.]com) is listed on a defacement website indicating that the webhost was hacked by an Indonesian hacking team – “Indonesian Cyber Jawa”.  The email signature shows the sender’s name is “Kelvin Li” and lists two maritime companies – ATN Marine and Trading Co., LTD & ARC Marine Services Co.,LTD.  Notably, the mailing address listed in his signature is not registered to either company.  A more legitimate email is listed in the signature as well so it is unclear why this user would be sending emails from the “” address.

The targeted recipient of this email is an International Technical Marine Sales agent for Fuji Trading (Marine) B.V. which is a “world leader in marine supply” located in The Netherlands.[1]  There is no clear connection between Fuji Trading (Marine) B.V. and ATN or ARC Marine.  Hans’ email does not appear to be listed publicly anywhere online.

The malware in this email is contained in a malicious .doc attachment titled “103 SWIFT 13-05-20.doc.” When opened, the victim would activate HEUR:Exploit.MSOffice.Generic malware.[2]  This malware exploits a MS Office memory corruption vulnerability (CVE-2017-11882), often downloading a malicious file disguised as an audio driver (%Application Data%audiodrvrdll.exe).[3]

Analysts observed another malicious email containing the subject line used last week, “Amended P.O 28602 / Hebei Ocean.”  The email was sent from “Hebei Ocean Shipping Agency Ltd.<>.

The sender email domain appears to be registered to the Hebei Ocean Shipping Agency domain “  As there is no company website.  Analysts are unable to verify the legitimacy of the sending domain but have low confidence that the domain is in fact owned by the shipping agency.  The sending email address was associated with a separate malicious email posted on a spam-email website and does not appear to be a deliverable email address.[4]

The targets were not disclosed in this email making it difficult to conclude the attackers intentions, but the malicious file attachment:
“PURCHASE ORDER 28602.gz” contains HEUR:Backdoor.Win32.Androm.gen” malware.[5]  The file contains backdoor malware which makes registry and file changes to gain a foothold on the victim’s device.  Kaspersky claims that approximately 25% of this malware’s victims are in either Germany or Russia.

These analytical results illustrate how a recipient could be fooled into opening an infected email.   Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.



Classification society Korean Register (KR) has signed an MoU with Samsung Heavy Industries (SHI) to conduct a joint study on “Ship Cyber Security Network Construction and Design Safety Evaluation” at the Marine Engineering Research Center of SHI.

Under the MoU, the two organisations have agreed to evaluate the construction and design safety of cyber security networks applicable to new ships. In addition, they will jointly study technologies that can respond to cyber threats faced by ships, by diagnosing ship cyber security vulnerabilities using the cyber security test beds built by SHI.

SHI is recognised for its technological prowess as a result of its cyber security certifications received from major shipping companies based on its proprietary smart ship solution, SVESSEL. It is expected that by combining KR’s classification capability and the smart ship technology of SHI, the resulting synergies will be extremely beneficial to the shipping industry moving forward.

Cyber security risk management will be significantly strengthened in 2021 when the IMO’s resolution “Cyber Risk Management in Safety Management System (MSC.428 (98))” comes into effect. In the lead up to this date, KR and SHI will work together to enhance and support the application and verification of ship cyber security rules.

“Through this partnership and joint research with Samsung Heavy Industries, we will strengthen our ship cybersecurity certification and our technical service capabilities. KR will also continue to increase its cybersecurity technology leadership in the global maritime market using world-class construction technology through our cooperation and close working with shipyards,” said Kim Dae-heon, head of KR’s Digital Technology Center.

Shim Yong-rae, head of the Shipbuilding and Marine Research Institute of SHI, added, “We expect to considerably increase the security capabilities of smart ships through our joint research with KR, which is renowned for its cybersecurity certification technology. In addition, we will continue to deliver ships with the very latest world-class cybersecurity capabilities for our customers.”

Demand for effective cyber security continues to grow. KR established a maritime cyber security management certification system in 2018 and provides certification services for companies and ships, as well as cyber security type approval services for ship networks and automated systems. The maritime cyber security management certification system encompasses the international security standards (ISO 27001 and IEC 62443), the maritime cyber security guidelines of the IMO and the shipping association BIMCO.



DP World, a leading enabler of global trade, has completed the early stages of integration with TradeLens, a blockchain-based digital container logistics platform, jointly developed by A.P. Moller – Maersk  and IBM.

The collaboration between DP World and the TradeLens platform will help accelerate the digitisation of global supply chains. DP World aims to connect all its 82 marine and inland container terminals, as well as feeder companies and logistics divisions with TradeLens. In 2019 DP World’s terminals handled 71.2 million TEU (twenty-foot equivalent units) containers from around 70,000 vessels.

TradeLens brings together data from the entire global supply chain ecosystem including shippers, port operators and shipping lines. It also aims to modernise manual and paper-based documents, replacing them with blockchain enabled digital solutions.

For DP World the data from its integration with TradeLens will improve operational efficiency with earlier visibility of container flows across multiple carriers. Such visibility includes confirmation of the transport modality that follows the port stay for each container, which in heavy transhipment or rail ports enable better yard planning. It will also expand the capabilities of DP World’s digital platforms created to move online the management of logistics. The DF Alliance, SeaRates, LandRates and AirRates enable shippers to move cargo to and from anywhere at the click of a mouse, across DP World’s network and beyond.

Sultan Ahmed Bin Sulayem, Group Chairman and Chief Executive Office of DP World said:

“Our decision to team up with TradeLens is driven by our vision for intelligent logistics, reducing costs and creating value. DP World is working to deliver integrated supply chain solutions to cargo owners, backed by our global network of ports, terminals, economic zones and inland operations. By working with TradeLens we will accelerate the digitisation of global trade. Modernising the processes by which logistics operate is critical to building more robust and more efficient supply chains which will help economic development and generate more prosperity.”

TradeLens provides visibility across the entire supply chain, from booking to clearance to payments and is built on a wealth of input from the industry including direct integrations with more than 110 ports and terminals, 15+ customs authorities around the world and an increasing number of intermodal providers.

Vincent Clerc, CEO of Ocean and Logistics, A.P. Moller – Maersk, said:

“It is very encouraging to see the continued adoption of the TradeLens platform among global logistics players as it helps global supply chain customers expand and explore the benefits of digital documentation flows. In turn, the broadened geographic scope of the platform provides new opportunities for TradeLens ecosystem participants to innovate and develop digital offerings on the platform.”

Mike White, CEO GTD Solutions and Head of TradeLens, said:

“At its core the TradeLens business model is an open and neutral platform to spur collaboration and digitisation between all parties in the supply chain ecosystem. We are excited to welcome DP World and eagerly await the creation of new potential ways of working for shippers and consignees in global trade. With 4 of the 5 largest global port operators actively engaged with TradeLens, the coverage of the ecosystem continues to expand rapidly.”

DP World has already connected Cochin Port (India) with the TradeLens platform via API technology. Plans to collaborate with other DP World business units, including the feeder line Unifeeder, have also been initiated.



The ISM Code, supported by the IMO Resolution MSC.428(98), requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system, which will be verified by DNVGL at the first Document of Compliance ISM office audit after 1 January 2021.

CYBER SECURITY will be a focus area during the ISM office DOC audit in 2020, where the company auditor verifies the status of implementation. Observations and suggestions for improvement will be issued to support you for further preparation and implementation.

Click here for the Cyber Security Protocol which has been developed to support the auditing process having the focus on measures and procedures for managing Cyber Security Risks as per the ISM Code, based on IMO Resolution MSC 428(98), mandating cyber risk to be managed through the ISM Code and the corresponding Safety Management Systems.

Implementation process
(1) Recommended steps to ensure IMO`s Cyber Security compliance:

Application of PDCA process:


(2) Make an inventory of systems and software:

IT: Information Technology (IT)

  • IT networks
  • E-mail
  • Administration, accounts, crew lists, …
  • Planned Maintenance
  • Management system
  • Spare part management and procurement
  • Electronic manuals & certificates
  • Permits to work
  • Charter party, notice of readiness, bill of lading

OT: Operation Technology

  • Propulsion, Thrusters & Steering
  • Watertight integrity & Fire Detection
  • Ballasting
  • Power generation & Auxiliary systems
  • Navigation & Communication (ECDIS, …)
  • Industrial systems if applicable (DP, Drilling, … )
  • Cargo systems

(3) Prepare a gap analysis based on the ISM-code requirements:

  • Objectives for cyber security management
  • Define a cyber security policy
  • Critical Equipment: Risk Assessment & Systems to be covered
  • Responsibilities and Authority
  • Resources and Personnel
  • Training and Awareness
  • Shipboard Operations
  • Emergency Response, including drills
  • Reports and Analysis of Non-Conformities, Incidents and Hazardous Occurrences
  • Cyber security maintenance on IT/OT systems and equipment
  • Documentation
  • Company Verification, Internal audits, Review and Evaluation

More information can be found on the DNVGL website.



High-profile cyber-attacks on very large shipping companies such as Maersk, COSCO, MSC, Stenna and Svitzer to name but a few have raised awareness of the growing threat of cyber-crime in the shipowner/operator industry sector.  If it can happen to these shipping sector goliaths with the budgets they have to defend themselves, it can absolutely happen to you.

However, recent surveys conducted by the U.S. Small Business Administration suggest that many small business owners are still operating under a false sense of cyber security based on their company’s size.

When it comes to cyber-attacks, small does not mean safe. In fact, a cyber-attack could be even more detrimental to a small business than to a large corporation.

The National Cyber Security Alliance reports that 60 percent of small and mid-sized businesses go out of business within six months of an attack.

According to Cybersecurity Ventures, costs related to ransomware demands and damages are estimated to reach $20 billion per year by 2021, with the average breach cost to the SME business running at $500k.

Imagine receiving the call from your head of IT to advise that your defenses have failed and ‘they are in’ and have control of your IT and OT systems. Suddenly it’s happened to you, how you respond matters as time is your enemy. Are you prepared for this inevitability, where most are not?

Don’t leave it to chance. Don’t put off the decision to transfer this risk out of your company any longer, Shoreline can provide an affordable maritime cyber insurance solution. Why continue to run this invasive risk when you don’t have to.