Maritime students gear up to fight high-seas cyberattacks
A Norwegian university is tackling the lack of boat cybersecurity with a new college class.
The word “pirate” may conjure up the image of humans physically taking over a vessel, but what if instead a ship was simply hacked from afar? That’s a question on the mind of Norwegian researchers, who point out that unfortunately, the international shipping world isn’t exactly known for its quick adoption of cutting-edge tech.
“The maritime industry has a history of being quite reactive and slow, so it is no surprise that we are lacking behind in the matter of cybersecurity as well,” says Marie Haugli-Sandvik.
Haugli-Sandvik, who works within the Department of Ocean Operations and Civil Engineering at Norwegian University of Science and Technology (NTNU), explains via email to PopSci that this incremental pace is what led her and fellow PhD candidate, Erlend Erstad, to create what is likely the world’s first “maritime digital security” course. According to a report this week from NTNU, the course’s students recently spent two months examining and assessing current oceanic digital threats, then practiced handling a ship cyberattack scenario focusing on risk management and resilience building.
“We see that shipping companies are investing in technological solutions for increased automation and monitoring, which exposes vessels to cyber risks in new ways,” writes Haugli-Sandvik, noting the dramatic increase in maritime cyberattacks over the last few years, particularly in the wake of the COVID-19 pandemic. “These cyber threats can both bankrupt companies and affect the safety at sea,” she says.
[Related: The ship blocking the Suez is finally unstuck, but we could see bottlenecks like this again]
NTNU estimates 90 percent of all world trade is linked in some way to maritime travel, leaving a massive avenue for cyberthreats to disrupt global commerce, data, and safety. Unfortunately, many cybersecurity courses only focus on more generic IT threats, which is what spurred Haugli-Sandvik and Erstad to create the class.
Haugli-Sandvik says there is positive movement within the community—such as mandatory cybersecurity requirements coming from the maritime industry regulators at International Association of Classification Societies (IACS) in 2024, alongside increased cybersecurity training for maritime personnel—but there remains a sizable lack of targeted training pertaining to sea environments.
The course instructors hope their students learn just how vulnerable to cyberthreats vessel systems can be, and that they come away with actionable operative training to handle issues. “Seafarers need to enhance their cyber security awareness and skills so that they can protect themselves, the ship, the environment, and their companies,” writes Haugli-Sandvik, adding, “The human element in cyber security is vital to address since there is no longer a question about if you get hit by a cyber-attack, it is a question about when it will happen.”