Rules for engagement on ship cyber security

Authors:
Ahmed Hassan, Global Cyber Security Manager, ABB’s Marine & Ports division
Ragnar Schierholz, Head of Innovation & Resilience, Cyber Security, ABB’s Energy Industries division

A 2025 report by research firm Thetius, with input from DNV subsidiary Cyber Owl and law firm HFW, suggested that the equivalent of one in five of the shipping companies had faced a cyberattack in the previous 12 months1. The report also claimed only 17 percent of shipyards felt they had adequate in-house expertise in designing and construct a cyber-secure vessel.

Subsequently, maritime cybersecurity specialist Cydome highlighted ransomware attacks on ships as increasing by 150 percent in 20252. Spoofing of GPS systems also surged, the company reported, with 1,000 incidents affecting around 40,000 vessels per day. Targeting of edge devices, including routers, VPNs, and firewalls soared – by 800 percent.

Set against a period of global instability so sustained as to be outside the experience of most in the maritime workforce, the numbers provide a gloomy counterpoint to shipping’s otherwise good news on new technology adoption. These findings cast the maritime digital evolution that is helping ships to become safer, more efficient and more sustainable through a prism of vulnerability, highlighting the critical role that risk assessment and mitigation play in upholding security in an industry connected through more sensors, automation controllers, and integrated cloud-based applications than ever before. While remote monitoring and maintenance channels can also open new attack vectors, they have proven beneficial when used (and protected) responsibly.

The reservations are given further fuel by the fact that the IT/digital systems and Operating Technology (OT) used by ships have also been becoming more integrated with each passing year. The vulnerabilities are especially evident when non-control IT systems are outside OT maintenance team responsibilities, unmanaged connections can create security gaps that expose core control functions to threats, including propulsion, power management, dynamic positioning, cargo handling and other critical control systems.

With commercial ships often staying in service for over 25 years, legacy OT systems that were never designed for today’s cyber security threats are also increasingly bridged to modern IT systems.

Maritime regulators have taken action on cyber security by establishing – and updating3 – a common framework for cyber risk management to help shipowners, shipyards, and vendors align on ‘classic’ requirements to identify, protect against, detect, respond to and recover from cyberthreats.

While that framework falls within the (International Safety Management) ISM Code, it provided the context for the International Association for Classification Societies (IACS) to develop its mandatory unified requirements on cyber security, URE26 Cyber Resilience of Shipsand URE27 Cyber Resilience of On-Board Systems and Equipment.

ABB’s role is integral to the safe and secure implementation and operation of systems covering ship power, energy distribution, control, automation and monitoring, and internal communication between them. It also leverages extensive cyber security experience from other industries, critical infrastructure, the oil & gas sector and windfarms.

Risks and rules

Maritime regulators made cybersecurity risk response a part of a ship’s Safety Management System (SMS) for good reason: cyber incidents can cause operational, safety, and security failures that corrupt navigation or propulsion systems, for example, and it will be those on board who will have to respond.

However, integrating cybersecurity into the system also brings challenges, as it relies on crew to adopt new digital competencies and maintain awareness of evolving cyber threats – an area for which many seafarers are still not fully prepared. In addition, merging cyber controls into traditional safety practices can create complexity within the system, making it harder to keep procedures straightforward and balanced alongside established operational safeguards.

As a ship systems supplier and integrator which also provides through-life support, ABB is involved in maritime cyber security on multiple levels, ranging from initial risk assessments to mitigation planning, support for security control implementation, maintenance and incident response. In the interests of minimizing overall risk, ABB advises its customers to upgrade obsolete systems before offering its full cyber security recommendations.

ABB’s experience continues to show that human and process-related factors are often more significant than technology in determining the security posture of a ship’s control systems.

Sometimes, the term ‘human factors’ is used interchangeably with crew actions, but a company’s cybersecurity resilience also relies on human decisions made elsewhere. A shipping organization’s management, for example, will determine the level of network segmentation and security monitoring aboard its ships. Investment in formal training will also have a telling impact on employee preparedness and mindfulness on cybersecurity ‘basics’ like not plugging in portable devices.

Structured approach

ABB’s comprehensive cybersecurity portfolio covers network and event monitoring, application allowlisting, malware protection, asset inventory management, security updates, backup and recovery. It includes hardware, software, installation, commissioning and vessel-specific disaster recovery procedures.

Rather than focusing exclusively on operating personnel as the ‘weak link’ in the cyber security chain, ABB’s experience shows that maritime stakeholders need to build cybersecurity into their technology and processes from the start. Industrial grade cyber protection for maritime demands full participation by all stakeholders, including owners, OEMs, integrators, seagoing crew and classification societies.

As set out by IACS in URE26 and URE27, ABB verifies all cyber security controls are compatible with ABB control systems and confirms that they will not disrupt the ship’s OT environment when implemented. Its Cyber Security Event Monitoring is unique for its non-intrusive event collection and forwarding in ABB DCS (distributed control system) platforms such as ABB Ability™ System 800xA.

But as a provider of diverse shipboard systems in an increasingly connected industry, ABB also needs to ensure its maritime cyber security portfolio offers holistic solutions which can adapt to client-specific needs, while maintaining the formalized structure with which other stakeholders need to engage.

For existing ships, ABB’s primary focus is on establishing minimum essential measures to ensure cyber resilience – such as network segmentation, asset inventory, malware protection, security patching, and log aggregation. It has introduced ABB Ability™ Marine Cyber Security Essentials, which uses a ‘secure-by-design’ approach to protect control systems and operational technology (OT) from evolving cyberthreats.

Levels of security

The ABB Ability™ Marine Cyber Security Essentials offer an asset inventory to map cyber vulnerabilities and provide security updates, response in the event of an attack and tools to restore systems and investigate any incidents using system logs. The ‘Essentials’ also include ABB’s Secure Remote Platform for real-time central monitoring and control of remote access devices, and audit logs to track user access.

ABB also defines three levels of capability for its cybersecurity solutions (M1, M2, and M3). Only M1 and M2 are specifically designed for operational vessels and to address the most common cyber threats, with both levels engineered to integrate seamlessly into existing infrastructures, so that controls can be implemented without major modifications. M2 enables forensic investigation capability post-incident.

In the case of newbuild vessels, ABB’s recommendations have been calibrated for compliance with agreed cyber security standards, especially class requirements. ABB Ability™ Marine Cyber Security Essentials level M3 ensures compliance with IACS UR E27 and supports ship owners to comply with IACS UR E26. ABB also cooperates closely with shipyards and class to ensure that its cyber protection solution fits the needs of the ship’s overall network architecture, and monitoring aligns with customer needs on IACS UR E26.

However, M3 level is also relevant for existing vessels, where a customer’s OT environment needs to be integrated into vessel level or fleet level cyber security monitoring platforms such as network analysis tools and security information and event management (SIEM)solutions. This is a second element of ABB’s unique continuous monitoring capability, developed to match the prior investments by customers in Enterprise IT in specific domains – such as maritime – so that they can properly interpret events and meta data, identify incidents and respond to them.

In fact, ABB considers integration of its monitoring solutions and analytics content for market leading SIEM platforms will be a game changer in enhancing cyber security visibility and risk mitigation capabilities for ship owners.

Clearly, ABB will continue to focus on designing secure network architectures and providing solutions to strengthen OT systems to help owners keep their ships, crew and cargo safe. Even so, the significance of its close collaboration with the customers it serves, classification societies and shipyards worldwide and enhancing cyber security and cyber risk mitigation cannot be overstated.

Holistic and systemic

After all, complicating factors remain whose removal would surely benefit sectoral consistency: today, for example, vendors may need to secure multiple approvals because classification societies do not recognize each other's cyber security certificates. Integration practices are also likely to vary between shipyards. For its part, ABB has developed ABB AbilityTM Marine Cyber Security Advanced (MCSA) to help owners comply with complex cyber security demands presented by different class notations as well as State and Navy requirements.

But the maritime sector’s structural challenges do not end there: where ship cyber security upgrades are concerned, clear mandatory technical cyber security requirements do not exist for vessels that were already in operation before 1 July 2024, while ships undergoing retrofit today are not subject to mandatory requirements either. In this case, ABB Ability™ Marine Cyber Security Essentials M2 or M3 apply to ensure cyber security best practice for enabling the smooth integration of the owner’s required protection layers.

In both cases, based on its sector-specific experience, ABB’s efforts aim to solve a persistent industry problem using a holistic approach, which is adaptable to customer needs and addresses different applications (eg. DCS /OT), while at the same time offering a structured response that is appropriate for rules-based and industrial stakeholders in the maritime domain.

For more information contact:
Media relations: Heli Harri: heli.harri@fi.abb.com, mobil phone +358 50 335 8072

Jacob Lundholm on mail: jacob.lundholm@dk.abb.com or mobil phone: +45 2070 6195

For information on new buildings contact:
Michael D Christensen on mail: michael.d.christensen@dk.abb.com or
mobil phone: +45 2012 084

References

[1] HFW and CyberOwl Report Urges Maritime Industry to Tackle Cyber Threats

[2] Cydome report finds 150% surge in maritime OT cyberattacks as ransomware tightens grip in 2025 - Industrial Cyber

[3] https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.3.pdf