Transportation

Maritime Cyber to Physical

Posted by Bill Schenkelberg on June 6, 2025 at 11:15am

13570537252?profile=RESIZE_400xThe grounding of the MSC Antonia near the Eliza Shoals off Jeddah has drawn attention to the increasing risks of cyber-physical attacks in the maritime sector, particularly in the Middle East and North Africa (MENA).  Analysis by maritime intelligence firms suggest the incident may have been caused by GPS jamming that compromised the vessel's navigational systems, leading to incorrect positioning data and the subsequent grounding.

Luke Pordham, assistant vice president at Lockton MENA, highlighted that the event underscores the growing threat of cyber risk to maritime operations in the region.[1]  "For MENA, where critical trade routes like the Strait of Hormuz and the Suez Canal are essential to global commerce, the implications are particularly serious," he said, emphasizing the importance of addressing these risks proactively.  Despite the escalating threat, Pordham pointed out that many operators in the maritime sector are not adequately addressing the rising cyber risks in their risk transfer arrangements.  "In our work with marine clients across the Middle East and North Africa, we continue to observe a significant disconnect between emerging cyber threats and existing risk transfer arrangements," he said, noting that this gap needs to close before the next incident occurs.

Cyber risks in the marine sector - Pordham also said that cyber risks in the maritime space are not merely a by-product of digitization but are integral to the way the sector operates today.  "From voyage planning and propulsion control to port logistics and remote diagnostics, the reliance on connected systems has grown rapidly," he said.  However, as Pordham observed, security has not kept pace with this digital evolution, leaving the industry vulnerable.

Several structural factors contribute to this vulnerability, according to Pordham.  "Operational technology (OT) fragility, many vessels rely on legacy systems that were never designed for connectivity or cyber resilience," he said.  "A single vessel may interface with dozens of third-party systems across jurisdictions, each with different security standards.  This interconnectedness means that a cyber incident affecting one operator can trigger global disruption, particularly if it impacts a critical shipping lane or chokepoint like the Suez Canal, Strait of Hormuz, or Panama Canal,” Pordham said.

Limited cyber hygiene further exacerbates the risks.  He stressed that the evolving threat landscape now involves attackers manipulating navigational systems and even threatening vessel control.  "Cyber attackers are no longer just breaching databases. They are actively interfering with navigational systems, manipulating Automatic Identification System (AIS) data, and threatening vessel control, raising the stakes from financial loss to physical catastrophe," he said.

The MSC Antonia incident is part of a wider trend in the maritime sector, which has witnessed an uptick in cyber-physical incidents.  Pordham highlighted previous cases such as the 2017 NotPetya malware attack on Maersk, which resulted in over $300 million in losses.  "This incident was particularly impactful in the MENA region, affecting key ports such as Jebel Ali and Salalah," Pordham said.

Pordham also referenced the 2021 cyberattack on Iranian port systems, which underscored the vulnerabilities in regional infrastructure.  "AIS spoofing, GPS jamming, and satellite interference are increasingly frequent in areas of geopolitical tension, many of which are located in or near the MENA region," he said, noting that these activities directly impact navigational systems and pose a heightened risk to vessels in chokepoints like the Strait of Hormuz and the Red Sea.

The Antonia grounding is significant because it may have been caused by digital interference, something that challenges long-standing assumptions in marine underwriting.  Pordham noted that this incident serves as a reminder of the urgent need to reassess cyber risk and insurance preparedness.  "What differentiates the Antonia incident is the strong likelihood of cyber-induced physical loss, a vessel grounding potentially triggered by digital interference," he said.

Mounting regulatory pressure - Regulatory expectations are also increasing in response to these risks. Pordham pointed out that maritime authorities are tightening regulations to ensure greater cyber resilience.  "The IMO’s Resolution MSC.428(98) mandates the integration of cyber risk management into Safety Management Systems (SMS)," he said.  "In the MENA region, authorities in key maritime hubs such as the UAE and Saudi Arabia are increasingly aligning with international standards, while also launching their own national cybersecurity frameworks."

As these regulations evolve, Pordham noted that maritime operators must rethink their approach to risk management.  "Port operators and shipping companies in the region are now expected to demonstrate active cyber risk management and incident response capabilities, both as part of regulatory compliance and as a commercial necessity," he said.

The conversation about cyber risk is also reshaping insurance models.  Pordham highlighted that many maritime operators are exposed to cyber-related risks due to gaps in their existing policies.  "Since the Lloyd’s 'silent cyber' mandate, insurers have been required to clearly state whether cyber risk is covered or excluded," he said.  "In practice, this has led to wide-scale application of cyber exclusions across hull, cargo, and non-International Group mutual P&I policies, regardless of format. That means many marine operators today are unknowingly exposed."

To address these gaps, Pordham advised marine operators to engage their brokers proactively to review their policies.  "The core concern isn’t just whether a traditional cyber policy will pay to restore data.  It’s whether existing marine insurance programs will respond to physical damage, cargo delays, third-party liabilities, or environmental clean-up costs caused by a cyber event," he said.  Pordham also recommended considering dedicated cyber insurance solutions that cover a broader range of risks, including physical damage, third-party liability, and business interruption.

 

Finally, building true resilience requires a comprehensive approach, Pordham said. He highlighted that managing cyber risk in this sector cannot be left solely to IT teams or checklists.  "It demands a holistic, enterprise-wide strategy that integrates security, operations, and insurance,” he said. 

With cyber risks continuing to evolve, Pordham believes that incidents like the MSC Antonia will push the sector to rethink its approach to risk management and insurance.  "These threats are no longer abstract; they are impacting vessel operations, regulatory obligations, and financial outcomes," he said.

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5207428251321676122

[1] https://www.insurancebusinessmag.com/us/news/risk-management/from-cyber-to-physical-how-maritime-risks-are-changing-and-evolving-537702.aspx

Tags: tr-25-154-001, maritime, gps, ais, ot, it
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!