Hybrid Warfare
This week, ABS issued type approval for IACS UR E27 cyber resilience requirements to Hanwha Systems for its cybersecurity solution SecuAider®.
IACS requirements UR E26 “Cyber Resilience of Ships” and UR E27 “Cyber Resilience of On-Board Systems and Equipment” now apply to new ships, and they aim to help the industry protect itself from cyberattacks.
Hybrid warfare tactics, where cyber campaigns precede or accompany physical confrontations, pose complex risks to maritime stakeholders, says Dryad Global. Geopolitical tensions are driving a surge in state-sponsored cyber operations targeting maritime infrastructure. These attacks often focus on disrupting global trade, destabilizing economies or asserting dominance in contested regions such as the South China Sea and the Arctic.
Operational technology (OT) systems, which govern essential shipboard functions such as navigation, propulsion and cargo handling, remain a major focus for attackers, says Dryad. Many of these systems rely on outdated software and lack modern cybersecurity measures, making them highly susceptible to breaches. Direct attacks on OT systems could result in vessel immobilization, navigational failures or safety incidents.
Additionally, the growing interconnectivity between IT and OT systems introduces cascading risks, where a single breach can disrupt both operational and digital environments.
Of the ransomware incidents industrial cybersecurity company Dragos responded to in 2024, 75% led to a partial shutdown of OT and 25% led to a full shutdown of OT. Among the known OT adversaries are:
BAUXITE (U.S., Europe, Australia, the Middle East – targeting oil and gas, water and wastewater, chemical manufacturing)
GRAPHITE (Eastern Europe and the Middle East – targeting energy, government, logistics)
VOLTZITE (U.S., Guam – targeting electric, water, telecom, defense)
KAMACITE (Ukraine, Eastern and Central Europe – initial access for industrial control system attacks)
ELECTRUM (Ukraine, Germany – electric sector disruptions and industrial control system wipers)
Dragos says that while some progress has been made in securing industrial environments, major gaps persist that are leaving OT networks vulnerable. For example, incident response is poorly defined or untested and OT network segmentation is often ineffective.
According to security consulting firm Sia, certain industries, notably energy, are frequent targets of cyber warfare, making cybersecurity a matter of national security. Shutting down a nuclear power plant or stealing sensitive data poses a direct threat to the population and can cripple business activity, disrupting a country's economic and social stability.
Where cyberattacks were once used sporadically to target specific infrastructure, they have now become a fundamental aspect of conflict, contributing to the hybrid nature of warfare, says Sia. It is highly likely that cyber operations will be central to future armed conflicts. Digital supremacy is emerging as a crucial factor in the balance of power—whether political, military, or economic—in an ever more interconnected world.
The March issue of Maritime Reporter magazine discusses the top business risks for shipping this year. According to Allianz, tied in first place are cyber incidents, natural catastrophes and political risks.