Scenario crafted in Hollywood now reflects a genuine threat: the potential for hackers to seize control of vessels remotely and instigate crashes. Yet, in the security operations hub in Oslo, maritime cyber specialists situated mere meters from the luminous fjords and their tourist boats, floating saunas, and wet bathers assert that such occurrences are not only feasible, but imminent.
“We’re certain this will eventually happen, hence our vigilance,” states Øystein Brekke-Sanderud, Senior Analyst at the Nordic Maritime Cyber Resilience Centre (Norma Cyber). Behind him, a dynamic map displays the fleet they monitor, accompanied by a screen brimming with graphs and codes. Two small rubber ducks observe the passing minutes.
In an unstable global landscape, transportation networks, ports, and terminals have garnered heightened strategic significance as potential targets for infrastructure disruption and espionage—especially pertinent in Scandinavian nations that share maritime boundaries with Russia.
Finland and Sweden are NATO members now, with all countries enhancing their defensive postures amid escalating concerns over hybrid threats and warfare.
A digital map that tracks ship locations globally via Norma Cyber. Photo: Sara Aarøen Lien/The Guardian
As ships become increasingly digitalized, the opportunities for cyber breaches expand, indicating an urgent need to mitigate the complexities of AI tools and intricate systems.
Oslo Harbor serves as the command center where maritime cyber specialists assess global ship threats. Photo: Carl Hendon/Getty Images
“These vessel systems are incredibly intricate, making them tough to manipulate. However, AI accelerates everything,” explains Brekke-Sanderud. “How does this part function? Can I locate a password amidst this dense manual?”
Stationed at the Norwegian Shipowner Association’s headquarters along the quay of the Norwegian capital, Norma Cyber collaborates with the Norwegian Shipowner’s Risk Insurance Association (DNK).
Two years ago, these organizations united to create a Maritime Security and Resilience Centre, which surveys global threats ranging from warfare and terrorism to intellectual property violations—both physical and digital. They also conduct this work on behalf of the Norwegian government.
Norma Cyber Staff, featuring Managing Director Lars Benjamin Vold, Analyst Øystein Brekke-Sanderud, and Chief Technology Officer Øyvind Berget. Photo: Sara Aarøen Lien/The Guardian
While it is technically feasible to crash a vessel from afar, hackers aiming to sow chaos don’t necessarily need such extreme measures. According to Norma Cyber Managing Director Lars Benjamin Vold, merely halting the vessel’s operations could result in significant system failures.
Emerging evidence suggests that nations may exploit these vulnerabilities against maritime adversaries.
Oil tanker discharging ballast water is one of the vulnerabilities targeted in cyber attacks. Photo: Island Stock/Aramie
Reports indicate that Iran is investigating methods to deploy cyber assaults to disrupt ballast systems—a threat to both ships and satellite networks. An unprecedented hack occurred in April, targeting 116 Iranian VSAT modems used for satellite communications across vessels.
“When discussing nation-states, it is about their willingness to act,” Vold states. Potential “threat actors” such as Russia and China possess substantial capabilities, though these depend on their strategic objectives, which may shift rapidly.
Consequently, while threat levels remain relatively stable, maritime vulnerabilities are on the rise. “The avenues for potential exploitation are multiplying as the sector grows more digital,” Vold remarks.
Norma Cyber has also pinpointed civilian vessels, including fishing boats, research ships, and cargo carriers, used for espionage within the Baltic, North Atlantic, and Arctic regions. China-linked threat actors are reportedly using USB devices to infiltrate maritime systems, such as those from Mustang Panda.
Last year, Norma Cyber documented 239 significant cyber attacks within the maritime sector, attributing the majority to the pro-Russian group NonAME057 (16).
After the newsletter promotion
Svein Ringbakken, managing director of DNK’s Oslo office. Photo: Sara Aarøen Lien/The Guardian
Curiously, the rising dependence on digital technology creates a greater demand for traditional navigation skills. Following disruptions to the Baltic satellite navigation system, Finland accused Russia of being the instigator. “An experienced sailor serves as the best protection,” Vold asserts.
Yet, alongside the unseen threats of the digital realm, the maritime industry grapples with unprecedented physical challenges. Vladimir Putin’s shadow fleet, comprised of hundreds of unregulated vessels, poses a growing risk to environmental safety and the global shipping framework as it transports sanctioned crude oil primarily to China and India.
This Shadow Fleet consists of aging oil tankers obscuring their identities to evade Western sanctions. Estimates of its size range between 600 to 900 vessels according to various sources.
Finnish authorities scrutinized the Russian Shadow Fleet Oil Tanker Eagle in December 2024 due to suspected interference with power cables. Photo: Finland Border Guard/AFP/Getty
Internal threats to ships can also arise from within. Engines, elevators, and water purification systems are all vulnerable targets on board vessels. Moreover, 15% of the global crew consist of either Ukrainian or Russian members. The composition of both crews has taken on new significance since the onset of Russia’s invasion of Ukraine.
“The presence of a Russian captain on a ship delivering aid to Ukraine certainly raises concerns,” says Svein Ringbakken, managing director of DNK. “These are sensitive issues that the industry is currently addressing.”
Rhine Falkenberg Orstad, an advisor to the Norwegian Shipowner Association and an expert on the Russian Shadow Fleet. Photo: Sara Aarøen Lien/The Guardian
Rhine Falkenberg Orstad expresses concern that the increasing presence of the Shadow Fleet could foster a “parallel fleet” comprised of crew members uninformed about the intentions at sea.
If one of these vessels experiences an environmental mishap, it poses a risk to Norway’s coastline, she warns. Some ships noted as sanctioned by the US remain operational, with many being at least 15 years old. “Our apprehension is that the situation is deteriorating.”
Another significant query remains: has the entire situation permanently shifted?
“Is the shadow fleet operating outside of Western jurisdiction a new norm? Or can this trend be reversed?” Ollestad ponders. “The answer remains elusive.”
The rubber ducks maintain a vigilant watch over the security operations room at Norma Cyber. Photo: Sara Aarøen Lien/The Guardian
Source: www.theguardian.com