America’s ports move approximately $5.4 trillion in goods annually, making them a unique target for cybercriminals. Protecting these transportation hubs is essential to preserving the supply chain and keeping the U.S. economy running.

More than 500 cyberattacks occurred in the marine industry in 2020, according to the U.S. Coast Guard. These exploits are aimed at both traditional port information technology systems and operational technology (OT) systems, which include the cranes, gantries, lifts and conveyance systems that move freight on and off ships.

The Coast Guard is the lead federal agency directly responsible for protecting America’s maritime transportation system. Its 2021 Cyber Strategic Outlook lays out specific responsibilities: “The U.S. Coast Guard will employ frameworks, standards and best practices in prevention and response activities to identify and manage cyber risks to the MTS. Within ports, the U.S. Coast Guard’s Captains of the Port will lead governance by promoting cyber risk management, accountability, and the development and implementation of unified response plans.”

The Coast Guard works directly with state and local governments in support of these duties, and more specifically with port authorities, which ultimately hold responsibility for the cybersecurity defenses of their regional seaports.

What Cybersecurity Vulnerabilities Do Maritime Facilities Face?

Seaports face familiar types of electronic assault: scanning, ransomware, malware, spear phishing and credential harvesting. In 2017, the shipping giant Maersk was laid low by the NotPetya worm, which scrambled the company’s IT and communications systems for two weeks, marking the largest maritime cybersecurity incident in recent years. That affected 76 ports across the globe, including the Port of Los Angeles, and 800 ships. In the end, the hack cost the company $300 million.

However, the Maersk attack was hardly the first. In 2011, the Belgian Port of Antwerp Bruges got hit by drug cartel hackers who surreptitiously took over the tracking of containers carrying hidden cocaine and heroin. The intruders accessed secure data giving them the location and security details of the steel boxes. That allowed the cartel to direct truck drivers to snatch them up before the legitimate owners of the cargo arrived. Port operators only got wise to the situation when they noticed containers inexplicably disappearing.

Seaports are complex facilities. While there is ample awareness of traditional IT vulnerabilities to networks, data and proprietary information, protection on the operational side is far behind, say experts. That includes cranes and container management systems, fuel terminals, shipboard controls, navigation systems, buoys, HVAC controls and more. Many are often creaky machines that have ancient, rudimentary electronic control systems.

“Operational technology is the most valuable thing in the network, and lives can be lost” without good oversight, says Rick Tiene, vice president with Mission Secure, Inc. The challenge is that the programmable logic control (PLC) boxes on maritime machinery are like 20-year-old computers, he says. “It’s a device that has an IP in/out and amps in/out.”

It’s so basic that cybersecurity technology can’t be added to it. Instead, Tiene’s company puts a protection envelope around PLCs.

“We put protection above it and below it,” he says. Practically speaking, that means monitoring the boxes for unusual power spikes that could indicate a cyber intruder has gained control.

A key strategy for security is to try and make it as transparent to the user as possible.”

Billy Marsh CISO, Port of San Diego

How Do Ports Establish Maritime Cybersecurity Initiatives?

“OT is where you have higher risk exposure,” says Ian Bramson, global head of industrial cybersecurity for ABS Group. He adds that OT networks tend to be rickety and layered for years, and they require careful monitoring.

Ransomware may cost money, but monkeying with the valves of a fuel depot or the controls of a crane could be catastrophic. Ships are no less vulnerable. The scariest scenario is the cyber takeover of the ballast control system in a large ship, causing it to capsize and sink. While that hasn’t happened yet, Coast Guard and academic hackers have proven it’s possible, and Iran reportedly included the exploit in plans to disrupt fuel shipments.

The first thing a port needs to do to secure its OT system is to do an asset inventory, Bramson says. Then, a vulnerability assessment is needed to find holes. Next comes monitoring to see whether anyone else is already in the network. Is there any visibility in this area? “You have to get a vendor that knows OT,” he says.

ABS Group is technology-agnostic, but Bramson recommends such companies as Tenable and Claroty Cyber Assurance. There’s also the National Institute of Standards and Technology’s Cybersecurity Framework which is used by many companies to assess risk. It focuses on five areas: protect, detect, identify, respond and recover.

Tiene warns that paper assessments are not enough. Checking boxes to satisfy the top brass or standards organizations doesn’t equate to tangible cybersecurity.

“If that will get you a pass, they do the least they have to do,” he says. The margins in the maritime industry are thin. “Companies are reluctant to spend money on cybersecurity if the competition doesn’t have to.”

What Are Elements of a Strong Maritime Cybersecurity Initiative?

The Port of San Diego has dedicated cybersecurity staff to monitor, track and respond to threats, says Billy Marsh, the port’s CISO. “We treat our OT systems with the same rigor as our IT systems, and then focus on the individual risk assessment of each system to provide additional layers of security.”

Marsh says it’s best to audit thoroughly and frequently. The port uses next-generation firewalls, advanced endpoint protection and ingress filtering, among other technologies.

“A key strategy for security is to try and make it as transparent to the user as possible. If it’s a pain point in the workflow, people will sometimes try to find ways around it,” Marsh says.

He also recommends a patching schedule that covers operating system updates as well as software updates, multifactor authentication, and an incident response and disaster recovery plan for when something inevitably occurs.

In January, the Port of Los Angeles opened the Cyber Resilience Center, created to improve readiness and enhance its threat-sharing and recovery capabilities among supply chain stakeholders. The group currently includes 20 unnamed partners, including cargo handlers, terminal operators, shipping lines, and trucking and rail companies.

The central challenge was making sure the partners can communicate from different platforms, says Kevin Albano, associate partner at IBM Security X-Force, which built the system. “They needed a central place where information could be understood, and it was a priority to focus in on shipping containers.”

In 2020, stakeholders at the Port of New York and New Jersey formed a similar maritime cybersecurity coalition to improve information sharing among port users. The group includes the Coast Guard and the Area Maritime Security Committee, vessel operators, marine terminal operators, and representatives of the energy and financial sectors.


Danish bridge simulator specialist Force Technology has launched SimFlex Cloud, a dedicated software-as-a-service (Saas) solution offering highly realistic navigation training.

SimFlex Cloud provides global onshore and onboard access to Force Technology’s SimFlex simulator and simulator engine and model library. SimFlex offers user-friendly access to next generation mixed reality simulation, using both Virtual Reality (VR) and Augmented Reality (AR) headsets to maximise realism and immersion.

Force Technology customers can configure training with SimFlex Cloud however best suits their organisational structure and training needs. The system optimises maritime cloud simulator training with qualified instructors from Force Technology or the customer’s own network in control of all learning aspects, communication, exercise creation and delivery, debriefing and evaluation for live participants located anywhere in the world.

SimFlex Cloud can also be used as a self-study tool, giving junior officers, experienced captains and senior officers the ability to practice their skills whenever and wherever they can, using a laptop or desktop PC and monitor set up, as well the optional VR or AR headsets for even greater realism.

For ship managers and shipping companies, SimFlex Cloud provides a means to reduce and optimise training budgets while increasing the quality of the technical training available to staff. Flexible and scalable licencing options ensure that customers only pay for exactly what they use, while providing the ability to reduce or increase investment based on current requirements. Further, the connected nature of SimFlex Cloud ensures that users will always have the most recent content and training methods available.

source :

The Nautical Institute has introduced a new online course – Maritime Cyber Awareness for Seafarers – powered by HudsonCyber. The course will help crew members identify and report cyber risks, as defined in the company’s SMS, policies and procedures.

Captain John Lloyd FNI, the Institute’s CEO commented, “Properly trained and resourced, seafarers are a line of defence stronger than all the firewalls and privileges operators can muster.”

The Institute’s course provides valuable evidence that crew members have received training to address cyber risks under new IMO requirements introduced this year. These requirements call on shipping companies to address cyber risks in their safety management systems (SMS) and their introduction has focused the minds of many on how cyber security onboard can be improved.

The Institute has devised this unique, self-paced course to answer the needs of the shipping community and to address the needs of modern seafarers. Training will cover a range of cyber risks affecting the maritime industry, showing how cyber threats can impact seafarer roles and the safety of life at sea.

The Maritime Cyber Awareness for Seafarers course is offered in a three-hour module comprising video content, supplementary reading material and a 20 question self-test. Module 1 is now available, delivering training in baseline cyber security awareness. It is suitable for all crew members and has been developed specifically to assist shipping companies in meeting the new IMO cyber requirements.

“We are very pleased to have partnered with HudsonCyber to develop this timely short course,” added Captain Lloyd. “It will support the maritime sector as it implements the IMO regulations introduced this year and will help everyone understand why managing cyber risk is not simply a matter for the IT department, but the responsibility of everybody.”



NI launches new cyber awareness course for seafarers

The Coronavirus pandemic is leaving the maritime and offshore energy sectors vulnerable to cyber-attack, with Naval Dome citing a massive 400% increase in attempted hacks since February 2020.

While an increase in malware, ransomware and phishing emails exploiting the Covid19 crisis is the primary reason behind the spike, Naval Dome furthers that travel restrictions, social distancing measures and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.

Naval Dome CEO Itai Sela said: “Covid-19 social restrictions and border closures have forced OEMs, technicians, and vendors to connect standalone systems to the internet in order to service them.”

Greater Cyber Security Needed For Coronavirus And Economic Crises

Image Credits:

The global crisis and social distancing measures are preventing OEM technicians flying out to ships and rigs to upgrade and service critical OT systems, resulting in operators circumventing established security protocols, leaving them open to attack.

“As budgets are cut and in the absence of service engineers, we are seeing ship and offshore rig staff connecting their OT systems to shoreside networks, at the behest of OEMs, for brief periods of time to carry out diagnostics and upload software updates and patches themselves.

This means that their IT and OT systems are no longer segregated and individual endpoints, critical systems and components may be susceptible. Some of these are legacy systems which have no security update patches and are even more susceptible to cyber attack.

“The increase in OEM personnel working remotely on home networks and personal PCs, which are not well protected, adds to the problem.”

Sela said that during the first three months of 2020, attacks targeting home workers increased tenfold, adding that PC security software provider McAfee has reported that that between January and April cloud-based cyber-attached on all businesses increase by 630%.

He furthered that the economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures.

“Companies are stretched thin and this is benefitting the hacker,” said Sela.

“It is not sufficient to protect only networks from attack,” said Sela. “Each individual system must be protected. If networks are penetrated, then all connected systems will be infected.

“Our philosophy is that all systems must be protected using a risk ranking. If it is, then the entire platform is protected from both internal and external attack vectors. If only the network is protected, then whatever enters the net (such as an unintentional attack from authorised personnel) will infect all connected systems. This philosophy is more cost-effective.”

Naval Dome’s software solutions adhere to the strict cyber security protocols set by the National Institute of Standards and Technology (NIST).

NIST’s Purdue Model for industrial control systems and architecture – an industry adopted reference model that shows the interconnections and interdependencies of all the main components of a typical inter-connected systems – divides ICS architecture into three zones and six levels. Naval Dome protects more deeply embedded systems such as HMIs, alarm/alert and control room workstations to NIST Level 1 and above.

The Purdue Model allows information security professionals and process control engineers that are responsible for protecting an organization’s most valuable assets to visualize how to protect against a security breach, whether involving confidentiality, integrity and/or availability.

Ido Ben-Moshe, Vice President Business Development, said the problem is particularly acute in the marine and offshore oil and gas sectors. “If hackers penetrate networks, and critical equipment is exposed there could be significant safety, downtime, financial and potential reputational damage.

Ben-Moshe added that remote working and the introduction of remotely controlled, autonomous technologies is likely to take place at a faster pace in a post-coronavirus world.

“This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he said.



VAT:BG 202572176
Rakovski STR.145
Phone ( +359) 24929284
E-mail: sales(at)