Published in cybersecurity, all | 7 minutes reading time

Key takeaways from 3 recent cyber attacks in shipping

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

The ransomware attack on Norwegian industry giant Norsk Hydro in March this year, which forced the company to halt production in several plants and ended up costing them around USD 50 million, was yet another wake up call for the maritime industry.

When a company with Norsk Hydro’s resources, expertise and systems is vulnerable to attack, then every company is, in every sector.


From digital infancy to a harsh new risk reality

For the maritime industry, there has been a steep climb on the digital maturity ladder, from the digital infant phase to the digital puberty phase. As key maritime players began adopting digital practices and technologies, IT was seen as an operational cost rather than as a strategic business approach.

However, as ships increasingly started using systems that rely on digitalisation, integration and automation, the associated risks and threats were not adequately factored in. Simply put, the industry wasn’t digitally mature enough yet to safely navigate the rough waters of digitalisation.

Today, more and more ships, systems and networks are connected to the Internet, making them accessible from practically anywhere on Earth. At the same time, this makes ships much more vulnerable to cyber attacks, both targeted and random ones.

Increasing digital reliance has unlocked huge efficiencies and operational benefits, but it has also opened a Pandora’s box of cyber threats – a risk reality that shipping needs to understand and navigate.


Cybercrime is no hype

Cyber risk has fast become the new normal for the maritime sector. According to the Allianz Risk Barometer 2018, cybercrime is considered one of the top five threats to the global maritime industry.

The past two years have seen a growing number of high-profile cyber attacks, making it clear that cyber attacks represent a real problem to be immediately and seriously addressed – and not just hype from vendors trying to sell cybersecurity products.

What lessons can be learned from recent cyber attacks in shipping? First, here’s a brief recap of three recent cases – the incidents involving Maersk, COSCO and Austal.



In June 2017, shipping giant Maersk was hit by a devastating cyber attack caused by the NotPetya malware, originating in Ukraine. Maersk was not targeted specifically, but was “collateral damage”. The attack resulted in significant disruptions to Maersk’s operations and terminals worldwide, costing them up to USD 300 million.



In July 2018, COSCO Shipping Lines fell victim to a cyber attack that disrupted the company’s internet connection within its offices in the Americas region. After a 5-day sprint to activate contingency plans, COSCO’s operations were back to normal. Apparently, Cosco was aware of what happened to Maersk and had taken proactive steps to minimize their risk.



In October 2018, Australia-based ferry and defense shipbuilder Austal was hit by a cyber attack that breached the company’s data management systems. The attackers, believed to be Iranian hackers, managed to steal internal data and offered some of it for sale on the dark web in an apparent extortion attempt.

Read more: 4 digital trends in the maritime industry


Lessons learned

Whether you call it disruption or revolution, digital is here to stay. The rapid implementation of IT systems and internet communication for ships in every part of the world brings new and exciting opportunities – but also cyber threats.

As the Maersk, COSCO, Austal and other incidents clearly demonstrate, cybercrime is a growing threat to shipping companies. Unauthorised access or malicious attacks to ships’ systems and networks may have severe repercussions. As a consequence, maintaining the operational safety of these systems is number one priority.

In fact, as modern ships are becoming ever more automated and increasingly dependent on software-based control systems, cybersecurity management becomes as business-critical as maintaining hull and machinery safety.

You would never leave port with a malfunctioning generator, the operational risk being obvious. Likewise, malfunctioning or inoperative OT systems, for instance an ECDIS infected with a virus, may result in a complete system failure potentially compromising safety of navigation, and thus personnel safety.


These are 4 key takeaways from recent cyber attacks in shipping

1. Good IT hygiene is key to fighting cybercrime, but mindset is a big obstacle. There must be a shift in people’s attitude towards IT security. IT is not something that is on the side; it is as important as the main office or the ship itself, if not more. Because if IT collapses, many parts of the business collapses.

2. Every shipping manager needs to approach cybersecurity as an integral part of the overall safety management. If disruptive cyber attacks can happen to some of the biggest players globally, it may well happen to you. This means you need to have an effective cybersecurity management plan in place to manage all possible threats. Response and recovery plans should be tested and updated frequently.

3. There is NO zero cyber risk environment today. You will never mitigate all risk, as new cyber threats and vulnerabilities are constantly emerging. But you can minimise it – by continually assessing risk exposure, understanding the impact, and then working to implement safeguards that will counter risk and help you steer clear of cyber attacks.

4. Despite all precautions, vulnerabilities still remain in your systems and networks – attackers are constantly finding new targets and refining the tools they use to break through cyberdefenses. So perhaps the most important takeaway from cyber attacks in the maritime sector is this:

Establish appropriate contingency plans for cyber incidents, including the loss of critical systems and the need to use alternative modes of operation. In the event of the worst happening, you can still operate.

Bimco’s Guidelines on Cyber Security onboard Ships recommends that contingency plans and related information should be available in a non-electronic form, as some types of cyber incidents can include the deletion of data and shutdown of communication links. Both Maersk and Norsk Hydro had to revert to manual systems and solutions while reinstalling.

Read more: The key to best practice maritime cybersecurity


Don’t be naive!

Fighting cybercrime and building resilience is a never-ending battle. As Maersk chairman Jim Hagemann Snabe observes in the wake of the NotPetya attack:

“It is time to stop being naive when it comes to cybersecurity. Even size doesn’t help you. It’s very important that you’re not just reactive, but proactive.”

Learn more here about how to raise cybersecurity awareness in your organisation and maintain effective cyber risk management across your fleet.

Webinar: Cybersecurity in the face of upcoming demands

Key takeaways from 3 recent cyber attacks in shipping
Written by Walter Hannemann, Product Manager

Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.

Related blog posts