OT security: protect your ships from a swell of cybercrime

  • Home
  • Blog
  • OT security: protect your ships from a swell of cybercrime


Cybercrime is on the rise, and unless your ship’s operational technology is as cybersecure as your IT, it could be vulnerable to costly and disruptive attacks. Read more about the problem and take the first important step towards a solution!

Is your company vulnerable to cyberattacks that can ground your ships and disrupt your business?

Cybercrime against shipping is on the rise, and because ship systems are increasingly digitised and connected, hackers can target an ever-growing number of devices on board – from vessel communication to engine monitoring and control.

Shipping companies are taking steps to improve cybersecurity. However, many of them tend to focus on IT when doing so, and the operational technology (OT) on board your ships, for example genset controllers and navigation systems, needs to be every bit as prepared for cyberincidents as your laptops, servers, and smartphones.

Unless that’s the case at your company, the answer to our initial question is yes. The good news is that there is something you can do.

Ransom demands up by 350%

How bad is the cyber-situation really? A couple of recent reports make for worrying reading:

  •  A 2023 report from HFW and CyberOwl claims that shipping is a relatively easy target for cyber hackers, concluding that the industry will likely continue to be a high-profile target for cybercriminals. According to the report, the number of ransom demands grew by 350 percent from 2022 to 2023, and the average cost of dealing with cyberattacks clocked in at more than USD 550,000. Average ransom payments amounted to USD 3.2 million.
  • The Maritime Cyber Priority 2023 report from DNV suggests that it is still IT cyberattacks, not OT attacks, which are top of mind for maritime professionals looking to bolster their defences. Less than one in five professionals thinks that their company is well prepared to handle a cyberattack on a vessel at sea – despite the risk of attacks on OT, and despite the chilling fact that 56% of the same professionals expect cyberattacks to eventually cause injury or death

This is almost enough to make anyone want to pull the plug on shipboard electronics and stay in port, but of course this is not a viable option. Shipping needs to keep going; it needs the benefits offered by connectivity and digitisation; and it therefore needs cybersecure OT to patch up the security vulnerabilities on ships.

Key features of compliant OT

The growing need for cybersecure OT is recognised by maritime authorities, and it is reflected in standards such as the revised unified requirements E26 and E27 from the IACS (International Association of Classification Societies).

These two requirements apply to ships in general and to onboard systems and equipment, respectively. Compliance with E27 makes it easier to comply with E26 because the system integrator does not have to take any special steps to safeguard the OT against cyberattacks. Installing OT that complies with E27 is therefore a good first step.

Of course, it does not guarantee that your ship will never be hacked, but it does ensure that your OT has a certain level of cyber-resilience. For example, an E27 compliant device gives you the following capabilities:

·        All users must log into the device: Crewmembers without a username and password cannot operate the device, and the same, of course, goes for cybercriminals.

·        Your device is protected from unauthorised software so criminals cannot take over your system by hacking into your device using malicious software.

·        The device will keep running even if hackers attempt to take it down by flooding it with network traffic (a denial of service attack).

E26 and E27 are followed by all IACS members and apply to several types of ship contracted for construction on or after 1 July 2024. If you’re working with other types of ships or thinking about bolstering your cybersecurity defences on existing vessels, the requirements are useful non-mandatory guidance.

Take the first important step today

DNV has certified that the DEIF iE 250 Marine and iE 350 Marine controllers are IACS UR E27 approved. Naturally, getting cybersecure OT is inconvenient and costs money. But given the risk and cost of cyberattacks, there's another question you should ask yourself in addition to the one at the start of this post: If your business-critical OT systems are vulnerable, would you rather spend your money dealing with cyberattacks or upgrading your OT systems?

By doing the latter, you will take the first important step towards keeping your operation going with no disruptions and delays, and with no costly ransom demands. You will be able to enjoy the benefits of digital shipping, for example cleaner, safer, and more efficient operations. But most importantly, you will protect your crews, cargoes, and ships against the rising swell of cybercrime at sea.


  • HHN (1)

    Contact us to discuss your options

    - 90 years of energy pioneering
    - Manufactured at the highest standards
    - Superior quality
    - Unmatched service and support
    - Made in Denmark

    Contact Us
Versatile and cybersecure intelligent energy controller for maritime applications

Versatile and cybersecure intelligent energy controller for maritime applications iE 250 Marine

More details
Highly flexible and cybersecure intelligent energy controller for advanced maritime applications

Highly flexible and cybersecure intelligent energy controller for advanced maritime applications iE 350 Marine

More details
Programmable automation controller with build-in 3-phase measurement

Programmable automation controller with build-in 3-phase measurement iE 350 PLC

More details