Risk Challenges and Meeting MTSA Cyber Regulations Compliance

Key Challenge 1

From Ransomware to Spear-Phishing, Cyber Threats are Evolving

Digitalization has transformed the maritime sector, and cybercriminals are continually adapting their tactics to exploit MTS vulnerabilities. Go-to strategies include spear phishing, multistage attacks and, increasingly, ransomware.

Ransomware attacks involve taking down an organization’s computer systems, which impacts operational and financial networks, until a ransom is paid. The industry has seen major ransomware disruptions ripple across some of the U.S., Australia, Europe and Japan’s busiest port operations.

For example, in August 2024, a Rhysida ransomware attack targeting the Port of Seattle resulted in a portwide system outage. The team was forced to initiate an incident response that required taking employee systems offline, disrupting operations.

According to the Port of Seattle, while at no point did the cyber incident affect the ability to travel safely to or from Seattle-Tacoma International Airport or safely use its maritime facilities, such a disruption resulted in costly downtime in what must be a 24/7 operating environment.

Meanwhile, criminals are targeting backup systems to make recoveries like this more difficult and increase pressure on decision-makers to pay ransoms.

Spear-phishing campaigns aimed at a specific person or company are another type of threat that has proliferated across the marine environment, with techniques ranging from typo-squatted domains to account/business email compromises.

Many technology companies are working diligently to address evolving threats by certifying that new technology systems are trustworthy and cyber secure by complying with cybersecurity frameworks such as ISO 42001 (International Organization for Standardization) and SOC 2 (Service Organization Control Type 2).

Understanding these evolving threats—and an organization’s unique operational risk—is important to develop a comprehensive and compliant cybersecurity plan.

Key Challenge 2

Always-On Interconnected Technologies Expand Attack Surfaces

Smart technology solutions, particularly the internet of things (IoT), automation and artificial intelligence (AI), are also amplifying MTS vulnerability to cyber threats.

In its “Cyber Trends and Insights in the Marine Environment (CTIME)” report, USCG points out that while the technological advancement in satellite networks enhances efficiency with uninterrupted service and analytics, this constant connection also increases risk like malware spreading quickly from a company’s corporate network to its ships while underway.

At a glance, escalating cyber risk challenges from advancing technologies include:

• Expanded Attack Surfaces: The proliferation of IoT devices and automated systems in ports and vessels has exponentially increased attack surfaces. Each interconnected device presents a potential entry point into critical maritime networks.
• Insecure IoT Devices: IoT devices are often designed with a primary focus on functionality, neglecting robust security measures and lacking proper encryption. Unchanged default passwords and infrequent software updates also allow adversaries to easily compromise devices and penetrate broader maritime networks.
• Lack of Standardization: The maritime sector lacks uniform standards for IoT device security and automation protocols, making it difficult for port authorities and maritime organizations to establish cohesive cybersecurity practices and leaving gaps in defense strategies.
• Insider Threats Amplification: Automated systems could provide unauthorized insiders with opportunities to cause significant damage. Compromised credentials or insider threats can exploit automation privileges to manipulate port systems or disrupt vessel operations.
• Cyber-Physical Risks: With automation, cyberattacks can extend beyond virtual networks to affect physical operations such as manipulating cargo-handling machinery.