► Smart Ships, as well as Partial Autonomous Ships and Fully Autonomous Ships, all heavily rely on communication technology but also remain vulnerable to cyber threats. Incidents such as hacking attempts on defense companies like Daewoo Shipbuilding & Marine Engineering in 2021 and ransomware attacks targeting the world's largest shipping company, Maersk Line, in 2017, have underscored its significance.  

►  Since 2022, South Korea has made various attempts to enhance maritime cybersecurity. Efforts include hosting maritime safety policy forums, establishing and operating the Maritime Cybersecurity Research Society, and conducting policy research aimed at securing cyber capabilities among key practitioners in the Coast Guard and Navy. However, the formalization of threats and risks as well as the roles and responsibility of various actors involved, has yet to be established.

► Policy suggestions for enhancing national cybersecurity capabilities in the maritime domain include: 1) it is needed to recognize the national security significance inherent in maritime cybersecurity, 2) defining the necessary functions and missions concerning port cybersecurity and specifying visions and objectives by different functionalities are essential, and 3) recognizing that maritime cybersecurity requires international cooperation and expanding the scope of shared information is essential.

The control and operation systems within the maritime and ocean industries, which constitute a significant portion of global logistics, heavily rely on IT technology and actively incorporate emerging technologies. Smart Ships, as well as Partial Autonomous Ships and Fully Autonomous Ships, all heavily rely on communication technology to establish close connections between land and vessels. Consequently, they remain vulnerable to cyber threats. Particularly post-pandemic, the enhanced importance of supply chains has significantly highlighted the criticality of maritime security and cybersecurity based on IT within the maritime domain.

Due to the exploitation of threats and risks associated with IT used in port and maritime operations, there is a growing concern about cybersecurity. Incidents such as hacking attempts on defense companies like Daewoo Shipbuilding & Marine Engineering in 2021 and ransomware attacks targeting the world's largest shipping company, Maersk Line, in 2017, have underscored its significance.  Maersk has announced a loss of $200-300 million following a June cyber attack that disrupted critical systems. The outage left Maersk unable to process shipping orders until systems were restored, freezing revenue from several of the company’s shipping container lines for weeks. In total, three of the conglomerate’s nine business units experienced disruptions stemming from the attack.[1] 

However, as highlighted in discussions during recent national audits, it has been confirmed that a total of 449 cyberattacks, including information leaks and system breaches, occurred within the past five years (from 2018 to 2022) targeting four major port authorities (Busan, Incheon, Ulsan, Yeosu), escalating from 41 incidents in 2018 to 227 incidents last year, marking a 5.5-fold increase.

Despite the ongoing recognition of the necessity for cybersecurity within the maritime domain, its significance has been raised relatively late in South Korea. The issues raised have primarily revolved around cybersecurity threats concerning ships rather than encompassing the entire port and maritime sectors. This seems to be influenced largely by the International Maritime Organization (IMO), a specialized agency under the United Nations, which introduced and applied the cybersecurity threat response to ship safety management regulations, subsequently standardizing them internationally.

The United States initiated efforts to bolster maritime cybersecurity in the early 2010s. U.S. commenced substantial activities to enhance cyber security within ports. In 2013, the Coast Guard established a separate Cyber Command often referred to as CG Cyber Command. This laid the groundwork for intensified cybersecurity activities within the maritime domain. Mission of CG Cyber Command is to operate and maneuver the Coast Guard Enterprise Mission Platform to assure Coast Guard mission execution in all domains, while aggressively defending U.S,‘s part of the DoD Information Network (DODIN). And it also enables Coast Guard Operations, enable Coast Guard operations at sea, in the air, on land and space by delivering effects in and through cyberspace and protect Maritime Transportation System (MTS).[2]

These efforts continued through various strategies including the Cybersecurity Strategy of the Coast Guard in 2015[3] , a national strategic plan announced by the White House[4] , and the publication of the Cyber Strategy Outlook document in 2021[5], and Doctrine for the U.S. Coast Guard RESERVE in 2021[6]. Particularly, the mission of the Coast Guard Cyber Command to address changes in the environment, such as the use of ransomware by criminals, enhanced adversarial capabilities, and increased phishing attacks, identifies a significantly broader and influential scope compared to that of South Korea.

According to the Coast Guard Cyber Command, risks within ports encompass various areas such as facility access restriction, terminal headquarters data management, ransomware response, operation system protection, location-based system safeguarding, and ship security. The Coast Guard Cyber Command, based on this risk awareness, has established a cyber command within the Coast Guard to oversee tasks related to information, operations, and assessment.

The U.S. measures to strengthen maritime cybersecurity have raised concerns about potential gaps in U.S. maritime cybersecurity due to differences in capabilities between the military and the Coast Guard. Professor Chris Demchack from the U.S. Naval War College highlighted the inseparable relationship between maritime security and cybersecurity, underscoring its significant importance not only during crises but also in peacetime for supply chain reinforcement. However, it has been pointed out that there's a need for institutional improvements to support the Coast Guard's activities for enhancing maritime cybersecurity and for greater involvement in cyber operations by the Navy, stressing the significance of cooperation with South Korea in this process.[7]

Since 2022, South Korea has made various attempts to enhance maritime cybersecurity. Efforts include hosting maritime safety policy forums, establishing and operating the Maritime Cybersecurity Research Society, and conducting policy research aimed at securing cyber capabilities among key practitioners in the Coast Guard and Navy. However, the formalization of threats and risks concerning maritime cybersecurity, as well as the roles and responsibility of various actors involved, has yet to be established. The national cybersecurity strategy announced in 2019 also did not include the field of maritime cybersecurity. Summarizing proposed policy suggestions for enhancing national cybersecurity capabilities in the maritime domain:

Firstly, it is needed to recognize the national security significance inherent in maritime cybersecurity. It's imperative to consider various national security elements beyond merely ensuring the safety of individual ships, encompassing ports, port systems, logistics, communication, control system regulation, and jurisdiction.

Secondly, defining the necessary functions and missions concerning port cybersecurity and specifying visions and objectives by different functionalities are essential. The U.S. has gained momentum in policy execution by clarifying policy implementation systems and directions through various strategies, plans, strategic outlooks, and environmental assessments. 

Lastly, recognizing that maritime cybersecurity requires international cooperation as a domain difficult for a single nation to tackle alone, expanding the scope of shared information is essential. Strengthening cooperation with allied and friendly nations is natural, but expanding collaboration to private companies utilizing maritime facilities is crucial for substantial capability enhancement. Recently, even within South Korean government agencies like the National Cyber Security Center, there have been efforts to proactively share threat information with private defense companies. This emphasizes the necessity for actively considering and expanding the provision of information and technological services to private companies in the maritime port sector to elevate the standards of cybersecurity.

[1]  https://www.digitalguardian.com/blog/cost-malware-infection-maersk-300-million

[2] https://www.dco.uscg.mil/Our-Organization/CGCYBER/

[3] U.S. Coast Guard, CYBER STRATEGY, June 2015

[4]  https://cyberscoop.com/maritime-cybersecurity-trump-white-house/

[5] U.S. Coast Guard, CYBER STRATETIC OUTLOOK, Aug. 2021

[6] U.S. Coast Guard, DOCTRINE for the U.S. Coast Guard RESERVE, Sept. 2021

[7] Chris Demchack, “Maritime Cybersecurity capacity building”, GCPR, Sept. 2023