Subscribe to our Mailing Lists (It's free!)
Monday, July 14, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    2024 IMO Bravery Awards honor tanker and tugboat crews for heroic acts

    Officer to receive IMO bravery award for saving 12 crew members

    Panama

    BMA: Sanctions imposed against Russia

    Work,Safety,Concept.,Wooden,Cube,Blocks,With,Icon,Of,Safety

    DNV: Key IMO safety developments

    seafarers

    Philippines DMW issues call to protect seafarers from warlike areas

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    ammonia bunkering vessel

    Company orders ammonia bunkering vessel for use in Singapore

    WSC

    WSC proposes alignment of EU ETS with IMO Net Zero Framework

    IMO Council World Maritime Day

    IMO: World Maritime Day two-year theme to take policy to practice

    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    vr training

    Companies team up for virtual reality training to better prepare crew

    digital tools onboard

    Company signs for AI autonomous navigation system for PCTC fleet

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    China

    China lays out vision for smarter and greener shipping

    Sanctions Russia

    EU plans to impose new Russian oil price cap

    EU US

    US plans to hit EU and Mexico with 30% tariff starting August

    Dr. Rosalie Balkin

    Dr. Rosalie Balkin to receive IMO International Maritime Prize

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    2024 IMO Bravery Awards honor tanker and tugboat crews for heroic acts

    Officer to receive IMO bravery award for saving 12 crew members

    Panama

    BMA: Sanctions imposed against Russia

    Work,Safety,Concept.,Wooden,Cube,Blocks,With,Icon,Of,Safety

    DNV: Key IMO safety developments

    seafarers

    Philippines DMW issues call to protect seafarers from warlike areas

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    ammonia bunkering vessel

    Company orders ammonia bunkering vessel for use in Singapore

    WSC

    WSC proposes alignment of EU ETS with IMO Net Zero Framework

    IMO Council World Maritime Day

    IMO: World Maritime Day two-year theme to take policy to practice

    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    vr training

    Companies team up for virtual reality training to better prepare crew

    digital tools onboard

    Company signs for AI autonomous navigation system for PCTC fleet

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    China

    China lays out vision for smarter and greener shipping

    Sanctions Russia

    EU plans to impose new Russian oil price cap

    EU US

    US plans to hit EU and Mexico with 30% tariff starting August

    Dr. Rosalie Balkin

    Dr. Rosalie Balkin to receive IMO International Maritime Prize

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Maritime cyber security: A widening net

by The Editorial Team
February 12, 2019
in Cyber Security, Opinions
cyber security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

During the 2019 SMART4SEA Conference, Isidoros Monogioudis, Senior Security Architect, Digital Shadows, presented the current landscape surrounding maritime cyber threat.

Surprisingly enough I realized that cyber security is a real issue in the maritime sector. It has the attraction that is needed for the maritime sector, but for some reason it doesn’t have the appropriate investment. We have to convince the shipowners that maybe it’s not the direct issue for profitability, but it is something that we need to invest in order to be profitable with the new technologies that will be applied.

I just want to highlight two real attack vectors, as Golden Gallon and Dark Overlord, which actually represent targeted attacks against maritime sectors, in a different way that introduced what has not happened by not Petya and other cyber attacks like ransomware that are not targeted.

The point here is that yes, we have targeted attacks against maritime sector, not very common but it’s really going to get increased.  Why? Because the exposure is getting bigger and bigger. What is actually the attack surface?

RelatedNews

Lessons learned: Unsafe workarounds reveal unsafe systems

Watch: Avoid the risk of electrocution for shipboard welding

We can divide the attack surface in two big areas:

  1. Threat to maritime vessels;
  2. Threat to the wider sector.

We differentiate vessels because vessels are the top priority for every ship owner.  This is the asset that makes money to the shipowner. So, we have to address the cyber threats to each vessel accordingly and properly. Even if at the end, all we need to do is to transfer the expertise and the knowledge from the traditional cyber defense or cyber security area to the ship’s network and the ship’s ecosystem.

Decision making process, performance monitoring and connectivity, everything is related with cyber risk and cyber security.  We can say a few words about who is behind the cyber risk. Who is actually the one that may pose a threat, a danger to our assets?

 

-Activists’ motivations are:

  • Reputational damage;
  • Disruption of operations.

Business interruption is a key function that needs to be not interrupted.

Objectives:

  • Destruction of data;
  • Publication of safety data;
  • Media attention;
  • Denial of access to the targeted service or system.

 

-Criminals’ motivations are:

  • Financial gain
  • Commercial espionage
  • Industrial espionage

Objectives:

  • Selling stolen data
  • Ransoming stolen data
  • Ransoming system operability
  • Arranging fraudulent transportation of cargo
  • Gathering intelligence for more sophisticated crime, exact cargo location, ship transportation and handling plans

 

-Opportunists’ motivation is:

  • The challenge

Objectives:

  • Getting through cyber security defences
  • Financial gain

 

-States, State sponsored organisations, Terrorists’ motivations are:

  • Political gain
  • Espionage

Objectives:

  • Gaining knowledge
  • Disruption to economies and critical national infrastructure

 

There are different areas, different objectives, not always the common ones for activists.

  1. Criminals

Cyber crime is increasing more and more. Indeed, the cyber crime is here. It makes profit from other operations, but it is not far away the time when cyber crime will make money out form shipping companies.

  1. Opportunists

Those are guys that by luck, randomly, may have access or find a vulnerability to a shipping company to cause damage because they happen to be there.

  1. States, Sponsored organizations, terrorists

This is something that really has to be a concern because the truth is even with no Petya there is an attribution claiming that it is a state sponsor action and that’s why the ‘chocolate company by the US’ doesn’t have a compensation from the insurance company because the insurance company claims that not petya was an act of was. Even with cyber insurance we have to be very careful.

  1. Regulations

Why is it a threat actor?  It’s not a real threat actor but cyber security regulations will have ‘teeth’, so it has the nature of something that intimidates the shipping sector and because we have IMO that has been a lot of times presented that by 2020 there are some things to be addressed for cyber security.

There is a broad range of reasons to hack a ship. Another aspect is that we can have  Extortion; The thrill; To cause genuine harm; Insider information.

Information from connected devices and components, which is more and more increasing exposure related with the shipping industry, can be processed correlated with the different apps in cyber domain and provide information useful not only for offensive operations but for defensive.

This is why the threat intelligence as an area tries to address in a cyber security framework.

There’s no need for SCADA expertise. To hack a SCADA system you don’t need a specific education, you need tools that are already available and all you need to do is to find the right information to do the hacking activity.

The current state of threat for shipping companies is the guys with the guns. The future will be instead of guns also use laptops, computer components to hack things.

We can start finding information easily. AIS and navigation systems are publicly available so this is the starting point for an adversary when they want to find information to target a company.

According to the BIMCO guidelines, the onboard connected systems are a good start for someone to identify where to start from in terms of digital exposure on the shipping industry.

These are the common vulnerabilities that can be found on onboard systems.

  • Obsolete and unsupported operating systems;
  • Outdated or missing antivirus software and protection from malware;
  • Inadequate security configurations and best practices, including ineffective network management and the use of default administrator accounts and passwords;
  • Shipboard computer networks, which lack boundary protection measures and segmentation of networks;
  • Safety critical equipment or systems always connected with the shore side
  • Inadequate access controls for third parties including contractors and service providers.

What are the threats to the wider maritime sector? We all know the size of the laws. We all learned that now they address all vulnerabilities in a central and very organized way.   The Maersk attack wasn’t a targeted one. The No Petya attack which is most likely a state sponsor attack, how it affected and impacted Maersk and the port of LA. Now what are the cyber security quick wins?

Starting from onboard, cyber protection starts with Network Segmentation; it is something that it should be an architectural principle for the IT systems onboard. We have seen a lot different solutions applied with sensors, with performance monitoring and every kind of similar digitized solution. The point is that we need to segment networks in a way all the need-to-know-access is granted to every user and focus on security monitoring, not only performance monitoring.  We have also to apply and deploy the right sensors for security monitoring. For every tool, for every solution that is already digitized on the ship.

Defense in depths is the next step; We have to think that cyber defense and cyber security is a multi-layered approach. There is no multi-goal solution, you cannot find something that does everything that protects you from everything.

What is more, you should have in mind that cyber security is a complexed issue and needs expertise. It’s not a single firewall. It’s not an antivirus.

Incident Handling is very critical. Most of use forget or miss to address incident response. We focus on cyber security, on protection. We focus on defense proactively and forget if it happens to suffer from security breach what will be next.

In conclusion, the threat is real and the risk is high. Maritime digital exposure is getting bigger. In this regard, you need to secure your assets from cyber risk as you secure your assets from physical risk. The future is “compliant” so either way you have to enforce.

 

Above text is an edited version of Mr. Isidoros Monogioudis’ presentation during the 2019 SMART4SEA Conference.

View his presentation herebelow:

The views presented hereabove are only those of the author and not necessarily those of  SAFETY4SEA and are for information sharing and discussion  purposes only.


About Isidoros Monogioudis, Senior Security Architect, Digital Shadows

Maritime cyber security: A widening netIsidoros Monogioudis is a Senior Security Architect at Digital Shadows, a Digital Risk monitoring and Cyber Threat Intelligence Company. Isidoros started as an IT and Systems administrator 20 years ago and since 2008 is focused on cyber security and cyber defense. Prior to Digital Shadows he was a Greek military officer member of the Cyber Defense Directorate where he got involved in several projects and cyber operations. He has an extensive experience in Incident handling, Penetration testing, Log management, Incident detection and response. Part of his work as an officer was also the plan, preparation and execution of Cyber Defense Exercises at national and international level (NATO, EU). Currently he is involved in cyber security research, testing, analysing and evaluating new cyber threats and attack vectors. At the same time he is responsible for the internal security architecture implementing security controls and solutions for the company’s protection.

Maritime cyber security: A widening netMaritime cyber security: A widening net
Maritime cyber security: A widening netMaritime cyber security: A widening net
Tags: best practicescyber securitySMART4SEA
Previous Post

Reliability and Transparency in Vessel Performance Monitoring

Next Post

Ports of Piraeus, Venice and Chioggia to enhance cargo flows

SUGGESTED FOR YOU

biofouling
Pollution

SQE MARINE: Keep your Biofouling Management Plan up to date

July 8, 2025
GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility
Opinions

GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

July 7, 2025
Year in Review: How the Russian invasion of Ukraine affected shipping in 2022
Regulation

LR: New requirements for lifting appliances and anchor winches

July 3, 2025
accidents regulations
Videos

Watch: Key equipment that can aid in MOB recovery

July 2, 2025
speaking up culture
Maritime Knowledge

Addressing crew shortage: Zero tolerance and clear consequences for unacceptable behaviour

June 30, 2025
IMPA: 85% of non-compliance not reported to port State authorities
Safety

IMPA: 85% of non-compliance not reported to port State authorities

June 30, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA