Spy ships, cyber-attacks and shadow fleets: the crack security team braced for trouble at sea
Ships being taken over remotely by hackers and made to crash is a scenario made in Hollywood. But in a security operations room in Oslo, just a few metres from the sparkling fjord and its tourist boats, floating saunas and plucky bathers, maritime cyber experts say not only is it technically possible, but they are poised for it to happen.
'We are pretty sure that it will happen sooner or later, so that is what we are looking for,' says Øystein Brekke-Sanderud, a senior analyst at the Nordic Maritime Cyber Resilience Centre (Norma Cyber). On the wall behind him is a live map of the ships they monitor and screens full of graphs and code. Two little rubber ducks watch over proceedings from above.
In an unstable world, shipping, ports and terminals are taking on enormous strategic importance as targets for destabilising infrastructure and espionage. This is particularly relevant in the Nordic countries, which share land and sea borders with Russia.
Finland and Sweden are now Nato members and all countries are beefing up their defence capabilities amid hybrid attacks and rising fear of war.
With the ever increasing digitalisation of ships – and, as a result, more opportunities for hacking – plus rapidly sharpening AI tools to speed up getting around complicated systems, it is a case of when, not if.
'These systems [on ships] are very complex and it is hard to understand how to operate them. But with AI you can just keep asking questions: 'How does this component work?', 'Can you go through this 300-page manual and find me the password?' So everything goes fast,' says Brekke-Sanderud.
Based in the headquarters of the Norwegian Shipowners' Association on the quayside of the Norwegian capital, Norma Cyber works alongside it and the Norwegian Shipowners' Mutual War Risks Insurance Association (DNK).
The three organisations came together two years ago to set up a shipping security and resilience centre to monitor the global threat of war, terror and piracy – physical and digital. They also carry out work on behalf of the Norwegian government.
While remotely crashing a vessel is technically possible, hackers hoping to cause chaos need not go to such dramatic lengths. Simply making something on a ship stop working could lead to a blackout on a vessel or systems malfunctioning, says Lars Benjamin Vold, Norma Cyber's managing director.
And there is mounting evidence that states are looking to harness these powers against their adversaries at sea.
Iran is already understood to have researched how to use cyber-attacks to disrupt ballast systems – which pump water into vessels to ensure stability – to affect ships and satellite systems. And April saw an unprecedented hack that allegedly took out 116 Iranian Vsat modems – used in satellite communication by ships – simultaneously.
'When you talk about nation states, it is about their will to do something,' says Vold. While potential 'threat actors' such as Russia and China have extensive capabilities, these also have to align with their mission, which could change at any time.
So while the threat level has been relatively consistent, maritime vulnerabilities are on the rise. 'Things are digitalising more and more, so there are more potential ways in,' says Vold.
Norma Cyber has also reported civilian vessels such as fishing boats, research ships and cargo vessels being used for espionage in the Baltic, north Atlantic and the Arctic. USB devices have also been used to infiltrate maritime systems, including by a China-linked threat actor called Mustang Panda.
Last year, Norma Cyber noted 239 disruptive cyber-attacks on the maritime sector, with the pro-Russian group NoName057(16) behind most of them.
Sign up to Global Dispatch
Get a different world view with a roundup of the best news, features and pictures, curated by our global development team
after newsletter promotion
Perhaps counterintuitively, the increased reliance on digitalisation ends up putting more demand on old-fashioned navigational skills. When crews come up against jamming of satellite navigation systems in the Baltic – Finland has accused Russia of being behind such disruptions – they are left with little option but to navigate without it. 'Good seamanship is the best mitigation measure,' says Vold.
But as well as the invisible threats of the digital world, the maritime industry is also facing unprecedented physical problems. Vladimir Putin's growing shadow fleet of hundreds of unregulated vessels carrying sanctioned crude oil from Russia to predominantly China and India poses a growing threat to the environment and the global shipping infrastructure.
The shadow fleet is made up of ageing oil tankers, the identities of which are hidden to help circumvent western economic sanctions imposed on Moscow. Estimates of their number range from 600 to 900 vessels, according to some sources.
Threats to ships can also come from within. Engines, elevators and water purification systems are all potential targets on board. And with 15% of crew members internationally either Ukrainian or Russian, the composition of crews on ships has taken on new significance since Russia's full-scale invasion of Ukraine.
'If you have a Russian captain on a ship carrying aid to Ukraine, those don't mix that well, right?' says Svein Ringbakken, managing director of DNK. 'So those are sensitives that are being addressed in the industry.'
Line Falkenberg Ollestad, an adviser at the Norwegian Shipowners' Association and an expert on the shadow fleet, fears its growing presence is creating a 'parallel fleet' of underinsured substandard ships operating on the sidelines, where they do not know what is happening on board or the conditions and wages of its seafarers.
If there were to be an environmental incident on one of the vessels, she says, it also poses a threat to Norway's coastline. Some ships listed as sanctioned by the US are still operating, she says. Most of them are at least 15 years old. 'Our concern is that the situation is getting worse the longer it continues.'
Another big question, she adds, is whether the whole situation has already gone too far to come back from.
'Is the shadow fleet that is operating outside the western jurisdictions the new way? Or can we reverse this?' Ollestad asks. 'And the answer is: we don't know.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Finextra
27 minutes ago
- Finextra
Payabli raises $28M Series B
Embedded payments platform Payabli has closed on a $28 million Series B funding round. 0 The new funding comes just nine months after Payabli raised its Series A led by QED Investors bringing the total capital in the company to date to $60,000,000. The Series B is led by Fika Ventures and QED Investors with participation from existing investors TTV Capital and Bling Capital. California-based Payabli provides a single unified API to allow software developers to create any payment experience they need for acceptance and issuance of money, as well as operational tools to manage the tactical needs of a payments company. This includes vertical-specific capabilities that lend themselves to certain 'Need-to-Pay' businesses, like property management, utilities, education, and government. Over the past year, the company has posted a 7x year-over-year increase in revenue and surpassed 50,000 merchants on its platform. Joseph Elias Phillips, co-founder and Co-CEO of Payabl, says the new funding will be directed to product development, with a focus on AI-driven features. 'We're fortunate to be experiencing rapid growth at a time when AI is poised to revolutionize the financial services industry," he says. "When our investors approached us about doubling down on Payabli, we saw a clear opportunity to go on the offensive by accelerating AI enablement across our platform and organization to drive further growth and bring groundbreaking new products and capabilities to market faster.' Payabli recently launched Amigo, its first AI-powered support agent, now available through the company's technical documentation, web platform, and natively within Slack. Amigo delivers a wide range of functionality, from acting as a solution engineer that helps software companies integrate faster, to serving as a support representative that resolves tickets quickly, to functioning as a business analyst that assists software partners with reporting and analytics through a user-friendly, chat-based interface. In parallel, Payabli is working with Nvidia to develop advanced risk and fraud detection models trained on proprietary customer data to deliver tailored risk assessments specific to each customer's business and industry.
Coin Geek
41 minutes ago
- Coin Geek
Google invests $13 million to upskill Canadian workers
Getting your Trinity Audio player ready... Google Canada (NASDAQ: GOOGL) has unveiled an ambitious plan to deepen the talent pool for emerging technologies in Canada, investing $13 million in various initiatives. According to a report, the Canadian arm of the Big Tech company will deploy the funds to support organizations spearheading the upskilling of Canadians. Dubbed the AI Opportunity Fund, Google Canada says it will focus on artificial intelligence (AI) skills acquisition projects nationwide. While Canadian enterprises are embracing AI integration into their existing processes, the AI talent pool does not match the pace of adoption. Google is turning to mass upskilling with emerging technologies to provide a steady stream of talent and prevent redundancy for the current workforce. 'Canada is uniquely positioned to capture the immense AI opportunity by putting this technology to work,' said Sabrina Geremia, Country Managing Director for Google Canada. 'The AI Opportunity Fund will help upskill Canadians nationwide, strengthen our workforce, and prepare Canadians for an AI-powered economy.' Google's $13 million fund will support the Alberta Machine Intelligence Institute (AMII) and will directly impact post-secondary school students with the prerequisite foundational AI skills. Furthermore, a chunk of the fund will be deployed toward training indigenous students via the First Nations Technology Council. Google Canada will provide AI skills training to individuals from communities with high unemployment rates through an endowment in Skills For Change. The Toronto Public Library will receive funding from Google Canada to democratize access to AI training for residents in the megacity. Google's plan is intended to support a raft of initiatives from the Canadian government to ramp up AI adoption. The City of Manitoba has recently invested $2 million to train small and medium-sized businesses on AI adoption to lower barriers to adoption. Currently, the generative AI is forecast to add $230 billion to the Canadian economy before the end of the decade, saving thousands of man-hours annually. AI in workplaces threatens job security Several reports have highlighted the risks of increasing AI adoption in the workplace. As companies leverage emerging technologies to improve productivity and efficiency, entry-level roles are in danger of being replaced by AI. Furthermore, using AI-based recruiters in the hiring process brings fear of discrimination to job seekers. One study revealed that the training data employed by one AI recruiter failed to cater to a wide demographic, making it unsuitable for global application. Australian researchers unveil AI capability for understanding human emotions Meanwhile, researchers at Edith Cowan University (ECU) in Western Australia have made significant strides in developing an AI system capable of understanding human emotions. The researchers have reached a new milestone in developing an advanced AI-based chatbot with heightened emotional awareness. The latest development brings AI one step closer to improving 'human-machine interactions' while expanding the potential use cases. The team achieved the feat by ditching conventional training methods using single facial pictures. ECU researchers trained the AI model on several related facial expressions, providing greater context and allowing the model to judge emotions like humans. 'Just like we don't judge how someone feels from one glance, our method uses multiple expressions to make more informed predictions,' said lead researcher Sharjeel Tahir. The lead researcher notes that the new training system pushes the frontier for AI interactions with humans, allowing them to show greater empathy. Furthermore, a wide dataset within the same group is tipped to improve the model's accuracy from different angles and lighting conditions. The researchers say the new model can be deployed in diverse industries, including education, customer support, mental health, and AI-based therapy sessions. For now, the ECU researchers confirm that the next milestone in the research is to achieve artificial empathy. Going forward, the team will explore solutions around supporting AI models to provide empathetic responses to human queries beyond routine machine-generated answers. However, the team must navigate challenges, including the ambiguity of human facial expressions across individuals and cultures. Furthermore, there is the risk of manipulation from bad actors using emotionally persuasive bots for nefarious reasons. AI research increasing AI research is progressing, matching the speed of global adoption and new use cases. One study has highlighted the use case of AI recruiters in hiring, identifying the upsides and the risks of discrimination to job seekers. Another study is probing the use of AI, distributed ledger technology (DLT), and Big Data in advancing planetary health amid global ecological challenges. Several countries, including the U.K., are investing large sums to support AI research to provide consumer guardrails ahead of mainstream adoption. In order for artificial intelligence (AI) to work right within the law and thrive in the face of growing challenges, it needs to integrate an enterprise blockchain system that ensures data input quality and ownership—allowing it to keep data safe while also guaranteeing the immutability of data. Check out CoinGeek's coverage on this emerging tech to learn more why Enterprise blockchain will be the backbone of AI. Watch: AI is for 'augmenting' not replacing the workforce title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
Coin Geek
41 minutes ago
- Coin Geek
High-stakes gamble: Pakistan's mining plan faces IMF scrutiny
Getting your Trinity Audio player ready... In a bold move to position itself as a global hub for digital finance, Pakistan announced an ambitious plan to allocate 2,000 megawatts (MW) of electricity for block reward mining and artificial intelligence (AI) data centers, unveiled at the BTC Vegas 2025 conference on May 29. Spearheaded by Bilal Bin Saqib, CEO of the newly formed Pakistan Crypto Council and Special Assistant to the Prime Minister for Crypto and Blockchain, the initiative aims to leverage surplus energy to attract crypto miners, blockchain companies, and AI firms. However, the plan has drawn sharp scrutiny from the International Monetary Fund (IMF), which is questioning its legality, sustainability, and impact on Pakistan's strained energy grid amid ongoing financial negotiations. This clash highlights the tension between Pakistan's crypto ambitions and economic realities, making it a critical test case for balancing innovation with stability. The announcement, made in Las Vegas and attended by high-profile figures like United States Vice President JD Vance and President Donald Trump's son, Eric, positions Pakistan as a pioneer among developing nations embracing decentralized finance (DeFi). The plan involves repurposing three underutilized coal-powered plants, operating at just 15% capacity, to power Bitcoin mining and AI operations. Saqib framed the initiative as a strategic use of PakPakistan'sergy surplus, which stems from heavy infrastructure investments and reduced industrial activity. The government also introduced a national Bitcoin wallet to hold seized digital assets as a 'sovereign reserve,' signaling long-term confidence in crypto without using taxpayer funds. This 'no taxpayer-funds' model, inspired by the U.S.'s proposed Bitcoin reserve, aims to collect miner fees and global donations to build the reserve, making it politically palatable amid fiscal scrutiny. Pakistan's energy paradox—excess generation capacity paired with high electricity prices and frequent outages—lies at the heart of the initiative. The country's industrial electricity rates, ranging from Rs. 38.80 to Rs. 40.26 per kWh (about $0.14–$0.15), are significantly higher than those in mining hubs like Texas, where rates can drop to $0.012 per kWh during off-peak hours. To make the plan viable, Pakistan is offering subsidized rates of around $0.09 per kWh for miners, aligning with rates for export industries. This subsidy, however, has sparked criticism from economists who question why crypto miners receive preferential treatment over households and industries paying up to $0.22 per kWh. With 55% electricity price hikes since 2021 fueling social unrest, the move risks exacerbating public discontent in cities like Karachi and Lahore, where outages often exceed 12 hours daily. The IMF's response has been swift and pointed. On June 1, the Fund demanded 'urgent clarification' from Pakistan's Finance Ministry, scheduling a dedicated virtual meeting to address the plan's legality and energy implications. Pakistan, reliant on a $2.1 billion IMF bailout package, faces tough negotiations as the IMF emphasizes fiscal discipline and sustainable resource management. The Fund's concerns center on the strain BTC mining could place on Pakistan's grid, given its energy-intensive nature—global BTC mining consumes an estimated 138 terawatt-hours annually. Critics, including the IMF, argue that diverting 2,000 MW to mining could worsen outages, undermine economic stability, and conflict with Pakistan's commitments under its IMF program. Experts like Daniel Batten, cited on X, counter that mining can monetize excess renewable energy, as seen in Bhutan and El Salvador. However, Pakistan's reliance on coal plants undercuts this argument. Pakistan's 'crypto' push also faces regulatory hurdles. Digital currency remains illegal for domestic use under current laws, contradicting the government's global pitch for 'crypto' investment. The Financial Action Task Force (FATF), which has repeatedly placed Pakistan on its grey list for money laundering risks, adds further complexity. The IMF's scrutiny reflects fears that uncoordinated crypto policies could destabilize Pakistan's financial reforms, especially without a clear regulatory framework. Saqib's vision of Pakistan as a 'digital bridge' between Asia, Europe, and the Middle East hinges on attracting international capital, but high energy costs and fragile infrastructure—described as a 'delicate balancing act' by analysts—threaten its feasibility. Despite these challenges, the plan has potential upsides. Pakistan's young, tech-savvy population, with over 40 million digital asset wallets and an average age of 23, offers a strong foundation for digital innovation. Low labor costs and untapped renewable energy potential (currently only 7% of the power mix) could make Pakistan a future mining hub if infrastructure improves. The initiative could also drive economic growth by creating tech jobs and attracting foreign investment, as Saqib emphasized at BTC Vegas 2025. However, without addressing energy reliability, regulatory clarity, and IMF concerns, Pakistan risks a diplomatic and economic 'power outage.' As Pakistan navigates this high-stakes gamble, the outcome will reverberate globally. Success could inspire other developing nations to embrace crypto mining, while failure could reinforce the IMF's cautionary stance on digital assets. For now, Pakistan's bold vision hangs in the balance, caught between innovation and economic reality. Watch: Bitcoin mining in 2025: Is it still worth it? title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
