Subscribe to our Mailing Lists (It's free!)
Thursday, May 29, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Yet another commercial vessel gets attacked in the Red Sea

    Russian seafarers evacuated from oil tanker in Yemen

    Dutch Safety Board investigation

    Dutch Safety Board investigation finds SAR response gaps

    merchant fleet NATO

    New report reveals merchant fleets shrink across NATO nations

    Dryad Global Black Sea security

    Dryad Global: Attacks on Ukraine’s ports likely to escalate

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    culture of respect

    Addressing crew shortage: Establish clear expectations for respectful and professional behaviour

    Book Review: Building leaders the MMMA way

    Book Review: How to avoid a climate disaster

    mental health

    MOL takes step to enhance the mental health of its crew

    Book Review: Building leaders the MMMA way

    Book Review: The Art Of War

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    17 lng carriers

    Korean yard cuts steel for seventeen LNG carriers

    MoU hydrogen

    New MoU signed to advance hydrogen transportation

    SGS completes wind propulsion trials with promising results

    SGS completes wind propulsion trials with promising results

    COSCO

    COSCO adds dual-fuel car carrier featuring solar panels to its fleet

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    digitalization

    New dataset aligned with IMO Compendium post-FAL 49

    Crew connectivity a ‘powerful tool’ requiring strategic deployment

    Crew connectivity a ‘powerful tool’ requiring strategic deployment

    New deal sees autonomous navigation systems for two vessels

    New deal sees autonomous navigation systems for two vessels

    cyber security

    CyberOwl raises alarm on phising and malware campaign

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    NCL Salten

    Inspection onboard NCL Salten reveals deficiencies

    India monsoon

    India: Mooring and anchoring during the Monsoon season

    hull

    Libya mandates underwater hull inspections

    Indian Ocean MoU Annual report

    Indian Ocean MoU PSC Annual Report 2024

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    black sea

    EU develops strategy to boost Black Sea security and stability

    green shipping

    Chinese and EU ports join forces for three green shipping corridors

    Three companies merge to form InterMaritime Shipmanagement

    Major industry players announce stock-for-stock merger

    Trump tariffs

    US trade court blocks and rules Trump’s tariffs as unlawful

  • Columns
    wellness crew

    A thriving crew means a thriving industry

    seafarers

    Addressing challenges for a safer and more efficient maritime future

    Philippines crew management

    Our people are our greatest asset

    Trending Tags

    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Yet another commercial vessel gets attacked in the Red Sea

    Russian seafarers evacuated from oil tanker in Yemen

    Dutch Safety Board investigation

    Dutch Safety Board investigation finds SAR response gaps

    merchant fleet NATO

    New report reveals merchant fleets shrink across NATO nations

    Dryad Global Black Sea security

    Dryad Global: Attacks on Ukraine’s ports likely to escalate

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    culture of respect

    Addressing crew shortage: Establish clear expectations for respectful and professional behaviour

    Book Review: Building leaders the MMMA way

    Book Review: How to avoid a climate disaster

    mental health

    MOL takes step to enhance the mental health of its crew

    Book Review: Building leaders the MMMA way

    Book Review: The Art Of War

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    17 lng carriers

    Korean yard cuts steel for seventeen LNG carriers

    MoU hydrogen

    New MoU signed to advance hydrogen transportation

    SGS completes wind propulsion trials with promising results

    SGS completes wind propulsion trials with promising results

    COSCO

    COSCO adds dual-fuel car carrier featuring solar panels to its fleet

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    digitalization

    New dataset aligned with IMO Compendium post-FAL 49

    Crew connectivity a ‘powerful tool’ requiring strategic deployment

    Crew connectivity a ‘powerful tool’ requiring strategic deployment

    New deal sees autonomous navigation systems for two vessels

    New deal sees autonomous navigation systems for two vessels

    cyber security

    CyberOwl raises alarm on phising and malware campaign

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    NCL Salten

    Inspection onboard NCL Salten reveals deficiencies

    India monsoon

    India: Mooring and anchoring during the Monsoon season

    hull

    Libya mandates underwater hull inspections

    Indian Ocean MoU Annual report

    Indian Ocean MoU PSC Annual Report 2024

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    black sea

    EU develops strategy to boost Black Sea security and stability

    green shipping

    Chinese and EU ports join forces for three green shipping corridors

    Three companies merge to form InterMaritime Shipmanagement

    Major industry players announce stock-for-stock merger

    Trump tariffs

    US trade court blocks and rules Trump’s tariffs as unlawful

  • Columns
    wellness crew

    A thriving crew means a thriving industry

    seafarers

    Addressing challenges for a safer and more efficient maritime future

    Philippines crew management

    Our people are our greatest asset

    Trending Tags

    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Maritime cyber security: A widening net

by The Editorial Team
February 12, 2019
in Cyber Security, Opinions
cyber security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

During the 2019 SMART4SEA Conference, Isidoros Monogioudis, Senior Security Architect, Digital Shadows, presented the current landscape surrounding maritime cyber threat.

Surprisingly enough I realized that cyber security is a real issue in the maritime sector. It has the attraction that is needed for the maritime sector, but for some reason it doesn’t have the appropriate investment. We have to convince the shipowners that maybe it’s not the direct issue for profitability, but it is something that we need to invest in order to be profitable with the new technologies that will be applied.

I just want to highlight two real attack vectors, as Golden Gallon and Dark Overlord, which actually represent targeted attacks against maritime sectors, in a different way that introduced what has not happened by not Petya and other cyber attacks like ransomware that are not targeted.

The point here is that yes, we have targeted attacks against maritime sector, not very common but it’s really going to get increased.  Why? Because the exposure is getting bigger and bigger. What is actually the attack surface?

RelatedNews

India: Mooring and anchoring during the Monsoon season

Addressing crew shortage: Establish clear expectations for respectful and professional behaviour

We can divide the attack surface in two big areas:

  1. Threat to maritime vessels;
  2. Threat to the wider sector.

We differentiate vessels because vessels are the top priority for every ship owner.  This is the asset that makes money to the shipowner. So, we have to address the cyber threats to each vessel accordingly and properly. Even if at the end, all we need to do is to transfer the expertise and the knowledge from the traditional cyber defense or cyber security area to the ship’s network and the ship’s ecosystem.

Decision making process, performance monitoring and connectivity, everything is related with cyber risk and cyber security.  We can say a few words about who is behind the cyber risk. Who is actually the one that may pose a threat, a danger to our assets?

 

-Activists’ motivations are:

  • Reputational damage;
  • Disruption of operations.

Business interruption is a key function that needs to be not interrupted.

Objectives:

  • Destruction of data;
  • Publication of safety data;
  • Media attention;
  • Denial of access to the targeted service or system.

 

-Criminals’ motivations are:

  • Financial gain
  • Commercial espionage
  • Industrial espionage

Objectives:

  • Selling stolen data
  • Ransoming stolen data
  • Ransoming system operability
  • Arranging fraudulent transportation of cargo
  • Gathering intelligence for more sophisticated crime, exact cargo location, ship transportation and handling plans

 

-Opportunists’ motivation is:

  • The challenge

Objectives:

  • Getting through cyber security defences
  • Financial gain

 

-States, State sponsored organisations, Terrorists’ motivations are:

  • Political gain
  • Espionage

Objectives:

  • Gaining knowledge
  • Disruption to economies and critical national infrastructure

 

There are different areas, different objectives, not always the common ones for activists.

  1. Criminals

Cyber crime is increasing more and more. Indeed, the cyber crime is here. It makes profit from other operations, but it is not far away the time when cyber crime will make money out form shipping companies.

  1. Opportunists

Those are guys that by luck, randomly, may have access or find a vulnerability to a shipping company to cause damage because they happen to be there.

  1. States, Sponsored organizations, terrorists

This is something that really has to be a concern because the truth is even with no Petya there is an attribution claiming that it is a state sponsor action and that’s why the ‘chocolate company by the US’ doesn’t have a compensation from the insurance company because the insurance company claims that not petya was an act of was. Even with cyber insurance we have to be very careful.

  1. Regulations

Why is it a threat actor?  It’s not a real threat actor but cyber security regulations will have ‘teeth’, so it has the nature of something that intimidates the shipping sector and because we have IMO that has been a lot of times presented that by 2020 there are some things to be addressed for cyber security.

There is a broad range of reasons to hack a ship. Another aspect is that we can have  Extortion; The thrill; To cause genuine harm; Insider information.

Information from connected devices and components, which is more and more increasing exposure related with the shipping industry, can be processed correlated with the different apps in cyber domain and provide information useful not only for offensive operations but for defensive.

This is why the threat intelligence as an area tries to address in a cyber security framework.

There’s no need for SCADA expertise. To hack a SCADA system you don’t need a specific education, you need tools that are already available and all you need to do is to find the right information to do the hacking activity.

The current state of threat for shipping companies is the guys with the guns. The future will be instead of guns also use laptops, computer components to hack things.

We can start finding information easily. AIS and navigation systems are publicly available so this is the starting point for an adversary when they want to find information to target a company.

According to the BIMCO guidelines, the onboard connected systems are a good start for someone to identify where to start from in terms of digital exposure on the shipping industry.

These are the common vulnerabilities that can be found on onboard systems.

  • Obsolete and unsupported operating systems;
  • Outdated or missing antivirus software and protection from malware;
  • Inadequate security configurations and best practices, including ineffective network management and the use of default administrator accounts and passwords;
  • Shipboard computer networks, which lack boundary protection measures and segmentation of networks;
  • Safety critical equipment or systems always connected with the shore side
  • Inadequate access controls for third parties including contractors and service providers.

What are the threats to the wider maritime sector? We all know the size of the laws. We all learned that now they address all vulnerabilities in a central and very organized way.   The Maersk attack wasn’t a targeted one. The No Petya attack which is most likely a state sponsor attack, how it affected and impacted Maersk and the port of LA. Now what are the cyber security quick wins?

Starting from onboard, cyber protection starts with Network Segmentation; it is something that it should be an architectural principle for the IT systems onboard. We have seen a lot different solutions applied with sensors, with performance monitoring and every kind of similar digitized solution. The point is that we need to segment networks in a way all the need-to-know-access is granted to every user and focus on security monitoring, not only performance monitoring.  We have also to apply and deploy the right sensors for security monitoring. For every tool, for every solution that is already digitized on the ship.

Defense in depths is the next step; We have to think that cyber defense and cyber security is a multi-layered approach. There is no multi-goal solution, you cannot find something that does everything that protects you from everything.

What is more, you should have in mind that cyber security is a complexed issue and needs expertise. It’s not a single firewall. It’s not an antivirus.

Incident Handling is very critical. Most of use forget or miss to address incident response. We focus on cyber security, on protection. We focus on defense proactively and forget if it happens to suffer from security breach what will be next.

In conclusion, the threat is real and the risk is high. Maritime digital exposure is getting bigger. In this regard, you need to secure your assets from cyber risk as you secure your assets from physical risk. The future is “compliant” so either way you have to enforce.

 

Above text is an edited version of Mr. Isidoros Monogioudis’ presentation during the 2019 SMART4SEA Conference.

View his presentation herebelow:

The views presented hereabove are only those of the author and not necessarily those of  SAFETY4SEA and are for information sharing and discussion  purposes only.


About Isidoros Monogioudis, Senior Security Architect, Digital Shadows

Maritime cyber security: A widening netIsidoros Monogioudis is a Senior Security Architect at Digital Shadows, a Digital Risk monitoring and Cyber Threat Intelligence Company. Isidoros started as an IT and Systems administrator 20 years ago and since 2008 is focused on cyber security and cyber defense. Prior to Digital Shadows he was a Greek military officer member of the Cyber Defense Directorate where he got involved in several projects and cyber operations. He has an extensive experience in Incident handling, Penetration testing, Log management, Incident detection and response. Part of his work as an officer was also the plan, preparation and execution of Cyber Defense Exercises at national and international level (NATO, EU). Currently he is involved in cyber security research, testing, analysing and evaluating new cyber threats and attack vectors. At the same time he is responsible for the internal security architecture implementing security controls and solutions for the company’s protection.

Maritime cyber security: A widening netMaritime cyber security: A widening net
Maritime cyber security: A widening netMaritime cyber security: A widening net
Tags: best practicescyber securitySMART4SEA
Previous Post

Reliability and Transparency in Vessel Performance Monitoring

Next Post

Ports of Piraeus, Venice and Chioggia to enhance cargo flows

Related News

RORO
Loss Prevention

Survitec urges for preparation on 2026 fire protection regulations

May 26, 2025
cyber security
Cyber Security

CyberOwl raises alarm on phising and malware campaign

May 23, 2025
Shortlisted nominees announced for the 2025 SAFETY4SEA Awards
Shipping

Shortlisted nominees announced for the 2025 SAFETY4SEA Awards

May 23, 2025
bulk carrier
Opinions

Practical tips on the use of bulk carriers for transporting general cargo

May 22, 2025
fuel sampling
Fuels

CMT: MARPOL update raises bar for fuel sampling

May 22, 2025
Britannia Club
Alerts

Britannia Club: Stowaway incidents remain high

May 22, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA