Not a day goes by without hearing about cyberattacks wreaking havoc for organisations and consumers across the world. The shipping and marine sectors are no exception either. However, the complexity of the attacks here is becoming more sophisticated, and the cost of dealing with them is spiking too. Research from the law firm HFW – as reported by the BBC – shows this problem is growing across the shipping sector (ships and ports) – saying the cost of dealing with an attack has doubled to an average of $550,000 (£410,000) between 2022 and 2023.
Alongside this, Marinelink’s Security Operations Centre (SOC) report is quick to point out that for the second half of 2024, cybercriminals targeting the maritime sector have streamlined their tactics, enhanced their operational efficiency, and have adopted emerging technologies to expand their attack capabilities. For example, across its global network of SOCs, Marinelink monitored 1,998 merchant and leisure vessels, recording 9 billion security events and 39 billion firewall events. From these, 718,000 alerts and 10,700 malware incidents were detected, leading to the identification of 50 managed major incidents. Together, these figures shine a spotlight on the cost and scale of the problem.
Although the shipping and marine sector is becoming increasingly familiar with cyberattacks and their cost implications, what about the attacks on the systems that provide visibility of where ships are located at sea for shipping operators, supply chain experts, trade compliance professionals and insurance brokers? Where do they fit in? Saleem Khan, Chief Data & Analytics Officer, Pole Star Global explains that Automatic Identification System (AIS) spoofing and GPS jamming are frequently used techniques that provide a false idea of ship locations while at sea; and makes the case for using more effective persistent tracking methods.
AIS spoofing and GPS jamming
To appreciate the concerns with AIS spoofing and GPS jamming it is helpful to understand them. The London Maritime Academy says, “AIS spoofing refers to the deliberate manipulation of Automatic Identification System (AIS) signals by sending false messages that show inaccurate locations or provide fake information about a vessel’s identity, ship’s position, or destination. This process includes the use of fake transmitters, GNSS systems, and broadcasting techniques, which falsify data on radar screens, tracking reports, navigation logs, and even security systems. Characteristics, location, ship type, and speed are vulnerable to falsification through this process.” Related to this form of attack is GPS jamming. This can be broadly defined as the intentional disruption of positioning signals, undermining AIS reliability.
Awareness of these kinds of incidents is increasing globally too. No thanks to recent events at the Strait of Hormuz, where AIS spoofing and GPS jamming is high. Additionally, last year, Finland’s Coast Guard shone a light on jamming and spoofing in the Baltic Sea too. It has said that it has detected constant disturbances to satellite navigation signals in the Baltic Sea last October, with some tankers spoofing location data and covering up visits to Russia.
In either case, AIS spoofing or GPS jamming, presents serious risks and implications for operators and crew on vessels. For shipping operators, spoofed or jammed data undermines safety in congested waters. This can increase the chance of collision or grounding. For supply chain and logistics professionals, false position data distorts the visibility of cargo flows. This disrupts planning and undermines service reliability. Whereas for financial institutions, spoofed data creates blind spots in sanctions compliance and beneficial ownership checks. This exposes organisations and clients to further regulatory and reputational risk.
Protection with persistent tracking
A better approach to vessel tracking is, therefore, required. Persistent tracking offers this answer. Essentially, this technique overlays multiple vessel tracking services and data sources, including AIS and secure point-to-point satellite tracking systems (Inmarsat-C, Iridium, etc.), voyage plans when available, Earth Observation (EO) data when relevant, and it uses real-time analytics to transform the accuracy and reliability and vessel location data.
With multiple, layered data sources and robust cross-referencing and analysis, a persistent tracking model allows the industry’s various stakeholders to have increased confidence in true vessel positions. The guessing is eliminated. Errors associated with false positives are minimised. This enables stakeholders to ensure any anomaly or vessel deviation is immediately identified and notified, and that it is open to appropriate investigation.
As part of this approach, multiple, diverse vessel detection technologies feed into live dashboards. This provides stakeholders with the essential visibility and control required to confidently locate and manage their vessels. What is more, by adding the power of predictive analytics, artificial intelligence and machine learning, stakeholders can gain far more insight into the extent of cyberattacks. This ensures secure, safe and compliant shipping operations.
Conclusion
Cyberattacks across the supply chain, logistics and shipping sector don’t just involve IT infrastructure. They include the vital systems that track ships at sea, including AIS and GPS. Persistent tracking provides an answer to these issues for the sector. It enables safer navigation and early identification of anomalies that could signal AIS spoofing or jamming.
Additionally, while research shows the cost impact and complexity of cyberattacks – including AIS spoofing and GPS jamming – is increasing, it is worth considering NATO’s stance. Recently the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) published its policy brief, “Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure.” This brief assesses the cybersecurity posture and challenges facing maritime port infrastructure, and offers recommendations for strengthening NATO’s maritime cyber defence.
NATO points out that maritime ports handle approximately 80% of global trade, and that they serve as key meeting points within NATO’s defence logistics network too. Recommendations outlined in its brief provide a framework for strengthening NATO’s maritime cyber defence while preserving the commercial efficiency that makes the ports economically vital. It also advises the cost of inaction far exceeds the investment required for comprehensive maritime cybersecurity. Therefore, it stands to reason that the shipping and maritime industry could benefit from more effective, and more accurate persistent tracking of vessels at sea. Not only to safeguard crew, but to also protect global trade, and to reduce related regulatory risks too.
