Cyber attackers are on the prowl targeting the maritime industry which is heavily dependent on technology.
The latest attack is on ShipManager, a maritime software belonging to the Norwegian company DNV software that is used globally by over 7,000 ships, which are manned by thousands of Indian crew members. The irony is that DNV itself offers cyber solutions.
This is the second cyber attack on the sector this year. In January, the Port of Lisbon was under cyberattack with criminals threatening to release confidential port financial information unless their ransom demands are paid.
In August, the Singapore-based Sembcorp Marine Ltd said that it discovered a cybersecurity incident where an unauthorized party accessed part of its IT network via third-party software products.
DNV confirmed that its ShipManager software was the victim of a cyber-attack on the evening of Saturday January 7. DNV experts have shut down ShipManager’s IT servers in response to the incident. All users can still use the onboard and offline functionalities of the ShipManager software.
At this point in time, there are no indications that any other software or data by DNV is affected. “We apologise for the disruption and inconvenience this incident may have caused,” the company said in a statement.
More than 7,000 vessels owned by 300 customers use ShipManager and navigator solutions for technical and operational performance.
ShipManager’s vast usage
The ShipManager software solution includes a planned maintenance system, shipping procurement, ship safety management systems, crew management system, hull integrity management, dry-docking, and ship repair and shipping data analytics (business intelligence), says information on the company website.
“Tragic with yet another successful cyber attack in the maritime sector. Perhaps slightly ironic that DNV also offers a range of cyber security solutions,” said Lars Jensen, an expert in the container shipping industry based in Denmark.
“While DNV is not forthcoming with the damage caused by this cyber attack, I feel that the solution/module that will be affected would be shipping data analytics that controls business strategies and secrets,” said Pankaj Kapoor, a maritime lawyer.
He added, “The attack would certainly affect ship-shore interaction and endanger confidential information. It would not affect the operation of ships using this software and are on our shores. Since there is no report of any cyber attack on the ships operating systems like GPS, I feel the ships will not pose any danger to navigation.”
Queensland University’s study
Queensland University of Technology’s Maritime Security Law Expert and Associate Professor Saiful Karim in a study published in Marine Policy journal in September 2022 said that maritime cybersecurity threats are sharply growing.
His studied found that the safety and security of ports, ships, and offshore installations are increasingly threatened due to cyberattacks from numerous sources. With the increasing digitalization of the maritime sector during the global pandemic, the number of cyberattacks on the maritime industry exponentially intensified recently.