CyberOwl/HFW Report: Maritime industry pays an average ransom of $3 million in cyberattacks.
In the dead of night, a fully laden LNG tanker quietly navigates the narrow channel of a strategic U.S. port. Suddenly, the ship's GPS blinks and alarms, showing the vessel miles off course. The crew has no idea their instruments have fallen prey to a sophisticated spoofing attack—where false GPS signals are broadcast to deceive a ship's navigation system into believing it's in a different location.
Without their knowledge, the tanker was silently steered off track, headed toward critical infrastructure.
Hours earlier, a shoreside vendor had completed what appeared to be routine maintenance, leaving behind a smartphone in the engine control room—a harmless oversight, or so it seemed. Unbeknownst to the crew, that phone was a Trojan horse, silently infiltrating the ship's systems despite the air gap designed to safeguard critical functions.
As the crew struggled to regain control, the malware awoke, crippling the ship's electrical network, communications and emergency uninterrupted battery supply. The vessel, making way while not under command, drifted helplessly toward catastrophe.
Do you think this is fiction? Hardly.
GPS Spoofing
In the dark waters off Crimea, the battleground has undeniably gone digital, truly evoking the "ghosts in the machine" scenario. This battleground embodies fifth- and sixth-generation warfare where cyber operations, electronic warfare and disinformation blur the lines between physical and virtual combat.
AIS (Automatic Identification System) broadcasts vessels' positions via GPS inputs, but GPS spoofing manipulates this data, creating navigational confusion. Jamming, on the other hand, blocks signals altogether, leaving vessels without critical navigation and communication capabilities. These tactics could lead to catastrophic accidents in high-traffic areas like the Black Sea. In one incident, spoofed signals traced a "Z" across the sea near Crimea. It was unclear if it was the symbol for Russia's war efforts or the mark of Zorro, but it was disruptive.
In May 2023, a mass spoofing event off Crimea caused ships to appear far from their true locations. The Center for Advanced Defense Studies documented over 10,000 spoofing incidents between 2017 and 2019, demonstrating a correlation between Putin's movements and GPS spoofing incidents near Crimea. Such tactics are deployed to shield high-value targets from GPS-guided weapons, complicating the use of drones, missiles and other advanced precision systems.
In June and July 2021, NATO warships like the HMS Defender and USS Ross were spoofed near Crimea, underscoring Russia's use of electronic warfare to disrupt maritime operations and global shipping lanes.
Just days before this article was published, the Ukrainian Navy launched an operation to combat Russian GPS spoofing, destroying an idle gas platform off Crimea. Russian forces were purportedly using the platform to broadcast GPS interference, which Ukraine claimed threatened civilian navigation. "The occupiers used this location for GPS spoofing to endanger civilian navigation. We cannot allow this," said Ukrainian Navy spokesman Dmytro Pletenchuk.
The attack came just hours after Russian personnel and equipment were spotted on the platform.
On October 1, the Panama-flagged oil tanker M/V Cordelia Moon survived a major explosion. The attack, claimed by Yemen's Houthi rebels, involved eight ballistic and winged missiles, a drone and an uncrewed surface boat (videos of both attacks are online). A missile northwest of Hodeidah also hit a Liberia-flagged bulker.
These incidents, along with the Ukrainian strike on a Russian GPS spoofing platform, underscore how low-tech, unmanned vessels, along with electronic warfare like GPS spoofing and jamming, pose severe risks to maritime safety.
As maritime systems become increasingly digital and interconnected, cyber warfare is no longer confined to the pages of a novel. It's an urgent, evolving threat lurking in the waters of global trade.
CyberOwl & DNV: Securing Maritime Networks
The maritime sector faces increasing cybersecurity risks, driven mainly by the complexity of vessel lifecycles and supply chains. Daniel Ng, CEO of Singapore-based CyberOwl, explains that many shipping companies still treat cyber risk management as a one-off compliance task.
"For cyber risk management to be effective, it needs to be continuous," says Ng. “This is where our partnership with DNV brings real value. By combining our expertise, we can address cyber risks throughout the vessel lifecycle."
This collaboration brings together over 70 maritime cybersecurity specialists in five global hubs from Oslo to Singapore, backed by a network of 500 cybersecurity experts and 7,000 maritime risk professionals. "This allows us to cover everything—from the design stage to vessel operations to incident response," notes Ng.
He points out that a significant challenge is the difference between operational technology (OT), which controls shipboard machinery, and information technology (IT), which handles data: "Legacy OT systems often aren't as secure as newer technologies. We align with standards like UR E26 for new systems but take a more practical approach to legacy systems. CyberOwl's technologies provide visibility into OT risks so shipowners can focus on real threats rather than theoretical ones."
Looking ahead, Ng sees the partnership driving innovation in maritime cybersecurity. He highlights CyberOwl's OT Security Manager as a key tool: "It ingests and interprets Excel documents, PDF reports and system drawings, helping shipowners assess risks without needing to deploy tech onboard."
This approach supports compliance with the E.U.'s Network and Information Systems (NIS) Directive, aimed at protecting critical infrastructure. "Ultimately," says Ng, "we want to give shipowners peace of mind as they adopt digital technologies to boost performance and reduce emissions."
Information Fusion Centre: CYBSEC Threats & Trends
Based in Singapore, the Information Fusion Centre (IFC) serves as a critical hub for maritime security (MARSEC) monitoring and information-sharing across the Indo-Pacific. Under the Republic of Singapore Navy, the IFC collaborates with international liaison officers from over 25 countries to tackle maritime threats including piracy, smuggling and cybersecurity (CYBSEC).
The IFC emphasizes the increasing cyber risks to vessels' OT systems and the importance of continuous monitoring and rapid response. Its information-sharing capabilities have been instrumental in preventing cyber incidents from escalating into significant disruptions.
"We've seen growing interest from shipping companies in involving us in their security drills, where we bring a naval perspective and real-time information-sharing," an IFC spokesperson noted.
Despite a 77 percent reduction in CYBSEC incidents in 2024—down to three from 13 the previous year—the IFC warns this may reflect a lack of reporting, not a decline in threats. Recent malware attacks on cargo vessels in Europe underscore the persistent cyber risks in high-threat areas.
The IFC provides regular updates on cybersecurity trends via its social media channels and advisories. Shipowners are encouraged to subscribe to these reports or engage the IFC in security exercises to boost their readiness against cyber threats.
Tackling Cyber Espionage and Signal Jamming
Sahil Andrews Chand, Founder & CEO of ShipSafe, warns that signal jamming—disrupting communication and navigation—poses significant risks during critical operations like docking.
"Jamming can lead to disorientation and even collisions in congested waters where precision is crucial," Chand explains. He also highlights the broader threat of cyber espionage, where attackers gather intelligence on shipping routes and cargo, creating severe security implications.
Chand addresses a common misconception in the maritime industry—the assumption that existing navigation systems are inherently secure. "This complacency can lead to dangerous vulnerabilities,” he notes.
Many systems, primarily operational technology, can be exploited if not properly secured. Chand advocates for a structured cybersecurity approach, prioritizing critical communications such as navigation and safety, which must be safeguarded with dedicated bandwidth and strong security measures.
Chand also stresses the importance of network segmentation to isolate OT systems from administrative IT systems, limiting the impact of any potential breaches. He further emphasizes adopting robust firewalls and intrusion-detection systems to block unauthorized access.
"Limiting remote access is key," Chand continues, recommending multifactor authentication and strong passwords. However, technology alone isn't enough. "Continuous crew cybersecurity training is critical to ensure preparedness against evolving threats," he advises. Chand underscores the importance of collaboration with port authorities to share information about cyber incidents and threats.
Finally, he highlights the need to balance innovation with security, urging companies to evaluate new technologies like AI, machine learning, and blockchain through a cybersecurity lens to prevent new vulnerabilities from emerging.
Staying the Course
As cyber and electronic warfare tactics like GPS spoofing and jamming increasingly impact military and civilian vessels, experts agree that the industry must bolster defenses. Heightened vigilance, coupled with substantial investment in advanced technologies and crew training, is crucial.
These measures are essential to safeguarding maritime operations against the evolving landscape of cyber warfare. – MarEx
Technology columnist Sean Holt writes from Singapore.