We Cannot Afford to Wait to Bolster Maritime Cybersecurity

Like nearly all sectors of the economy, maritime and offshore energy activities are being increasingly conducted remotely, with networked control systems connecting ships, cargo and rigs with onshore commands. But these shifts have exposed a hidden but increasingly urgent threat: cybersecurity attacks.

As more ocean-based activities are interwoven by digital threads, transmitting data safely and securely will be necessary to support these industries and ensure we are able to keep pace with the evolving speed of technology.

The U.S. government released a national maritime cybersecurity plan in 2020 that laid bare the stakes of allowing cyber vulnerabilities to go unchecked for our economy and national defense. As the plan notes, our seas and ports contribute about $5.4 trillion annually to the U.S. gross domestic product. At the same time, the U.S. Coast Guard has noted that “maintaining effective cybersecurity is not just an IT issue but is rather a fundamental operational imperative in the 21st-century maritime environment.”

With so much of the global economy and security dependent on the ocean, the ramifications of inaction continue to grow. The most recent estimates from the Department of Homeland Security predict that cyberattacks against oil and gas infrastructure around the world could cost upward of nearly $2 billion.

And despite the clear risks of these cybersecurity threats, a 2020 industry survey of those working in the offshore oil and gas industry found that nearly half were unaware if there was a dedicated cybersecurity person or team onboard each offshore oil and gas asset.

Bad actors are actively taking advantage of these cybersecurity vulnerabilities. The world’s four largest maritime shipping companies have all been hit with cyberattacks since 2017, and maritime ransomware attacks tripled from 2019 to 2020 as companies of all sizes across the industry have become a bigger target for cybercriminals. And even our most tightly guarded national security secrets may not be safe from cyberattacks at sea. For instance, reportedly government-sponsored Chinese hackers were able to steal troves of data in 2018 related to sensitive Navy undersea warfare programs from a government contractor.

It’s clear that urgent action is needed to secure our seas to defend against these emerging threats and ensure offshore activities can be carried out uninterrupted. But support for bolstering our cybersecurity infrastructure is lagging. According to a 2013 report from the Brookings Institute, of the $2.6 billion in federal funding earmarked for maritime port security efforts, less than $6 million—which amounts to less than 1%—had been awarded for cybersecurity projects.

However, collaboration across the private sector can help expand and improve global maritime cybersecurity awareness, preparedness, and response. Autonomous ocean technologies are being explored as a way to monitor vast swaths of remote ocean environments and are showing promise to establish communications links for transferring ocean-based data to shore. As these technologies operate in deeper and more dangerous waters, bringing military-grade cybersecurity, artificial intelligence and machine learning, and integrated systems and capabilities to these operations will help ensure safe and secure data transmission of actionable intelligence.

Meanwhile, tapping the expertise of the private sector can help government agencies defend against cybersecurity threats. Working closely with the private sector can be vital for government agencies and the armed services to increase maritime cybersecurity awareness of vulnerabilities and allow for more effective information sharing. The Navy recently hosted a virtual hackathon that brought together leading civilian hackers, data scientists, and 3D printing manufacturers from across the business world alongside military academies and university academia to discover vulnerabilities and plug holes in critical systems.

The increased dependence of offshore activities on cyber-enabled systems has tremendous implications for both the economy and national security, and it demands an entirely new approach to mitigate the emerging risks. By putting in place a more secure cybersecurity infrastructure at sea, industries and governments can gain more control of their offshore domain today and stay ahead of tomorrow’s threat.

Philipp Stratmann is the President and CEO of Ocean Power Technologies, a marine products and solutions company. Zac Staples is the Founder and CEO of Fathom5, an industrial technology development company.