In the summer of 2017, Danish AP Moeller-Maersk, the world's largest container shipping company, was hit by cyber attacks. The management stated that the attack probably cost the shipping company between 200 and 300 million dollars.
“The shipping industry is not sheltered from digital vulnerability. If you manage to hack the IT systems of a shipping company, you can access both control systems and confidential information," explains DNV’s Elisabet Line Haugsbø.
Almost all major ships are dependent on electronic communication. This, coupled with the same ships carrying high-value goods, makes shipping companies attractive to hackers.
Haugsbø is a graduate engineer in engineering cybernetics at NTNU, and is part of a growing DNV environment working with so-called ethical hacking. Over the past few years, they have helped dozens of companies prevent being visited by malicious hackers.
"It may not be as exciting as in the movies, but we manage to find things that in the worst case can lead to unauthorized access to the systems. For major companies, it can be a matter of securing huge values.”
International shipping group on the customer list: “Exciting assignments”
One of DNV’s customers is the shipping company Scorpio Group, including a tanker company with over 100 proprietary ships in the portfolio.
"Because we know the ships in and out since we classify them, we also know what's most interesting for potential hackers to look for," says Haugsbø.
She thinks few companies are able to secure themselves fully, and thinks it is worthwhile to help major international businesses think more strategically about cyber attacks.
“It’s not enough to run a test just once. The prerequisites of successful cyber attacks are changing continuously. Technology is one important factor, and the capability of hackers is another,” explains Haugsbø.
"No doubt, several shipping companies will benefit from looking for security holes. I think it's very exciting to work with such assignments, while it is meaningful to increase security. Moreover, a strength for DNV is that we are independent and that our customers trust us," she says.
Must be at the forefront: “A requirement to learn quickly”
Regarding the assignment with the Scorpio Group, Haugsbø says she learned something new every day.
"It’s not straightforward to find weaknesses, but we strive to keep ahead of the hackers. Along the way, we often discover things we had not thought of.
“The interest in cyber security has exploded. The media are writing more about it, the attacks are getting worse, and the damage is getting worse. So, it is natural that a demand arises.”
In DNV, Haugsbø was given the opportunity to work full-time on hacking, after six years of working on testing marine and offshore industry control systems. She points to that as a good example of why she chose to join the company.
"Besides my colleagues, what I really appreciate about my job is that DNV expects us to get into new things and learn quickly," concludes Haugsbø.