Page 204 - ΝΑΥΤΙΚΑ ΧΡΟΝΙΚΑ - SEPT 2025
P. 204
Horizon from the bridge
It is becoming increasingly evident that human 26% of cyber incidents on ships during
factors play a significant role in managing the cyber 2024 being related to human factors
risks of shipboard systems. Based on an analysis and over 75% of these incidents requir-
by CyberOwl, the majority of cybersecurity incidents ing response actions involving the crew.
can be traced to human error, whether intentional
or unintentional, which has created Top 5 cyber threats to shipping
cyber vulnerabilities. 1. Business email fraud: A type of
attack that involves criminals
gaining access to or imperson-
ating a business email to trick
someone into revealing informa-
tion or transferring money. There
is growing evidence of criminals
varying their methods by using
social media, messenger apps
(such as WhatsApp or WeChat), or
a combination of communication
• Crew familiarisation: Implement channels, in addition to email, to
ongoing training and familiari- achieve their goals.
sation programmes for the crew 2. Malware, especially ransomware:
on all aspects of ballast water Short for malicious software,
management procedures and malware is software designed to
regulations. intentionally harm a computer,
network, or server. The most com-
Top 5 common cyber threats mon malware threat in shipping is
and 7 deadly signs of unsafe ransomware, a type of malware
behaviour (UK P&I) that blocks access to a computer
The shipping sector has become more system or the data stored on it
connected than ever. There is a con- until a ransom is paid. Malware is
stant race to connect, digitise, and particularly dangerous because
deliver smarter ship systems that allow it is generally designed to spread
for more remote access and support. easily across machines, over a net-
The introduction of low-orbit technol- work, via removable devices such
ogy, such as Starlink and OneWeb, is as USB, or via email.
enabling and accelerating this trend. 3. Data theft: The unauthorised theft
However, this increased connectivity (access, transfer, and storage) of
has also made ships and their crews data. Generally, this data contains
vulnerable. personal, confidential, sensitive, or
As a result, the regulatory landscape financial information. In shipping,
has become more complex, with new this may include passwords, per-
requirements continuing to be imple- sonal or financial data of the crew
mented to ensure that shipboard sys- or employees of the shipping com-
tems are secure and do not impact the pany, commercially sensitive data
safe navigation and operation of the about the ship’s cargo, schedule,
fleet. It is becoming increasingly evi- or customers.
dent that human factors play a signifi- 4. Denial of Service (DoS): An
cant role in managing the cyber risks of attempt to interrupt or terminate
shipboard systems. Based on an anal- the normal operation of a com-
ysis by CyberOwl, the leading cyberse- puter system by overwhelming it
curity experts for shipping, the majority with a flood of requests or com-
of cybersecurity incidents can be traced munications. This can result in a
to human error, whether intentional or slowdown in performance, a com-
unintentional, which has created cyber plete crash of the target computer
vulnerabilities. On the other hand, due system, or the denial of legitimate
to the technological environment on access to that system.
ships, humans still play a critical role 5. Falsification of AIS or GNSS data
in responding to cyber incidents, with through “spoofing”: AIS spoof-
202 NX
