Maritime businesses face challenging cyber threats as geopolitical tensions rise in the Mediterranean

Control Risks has been closely monitoring the tense Eastern and Southern Mediterranean operating environments and the geopolitical drivers for cyber threats to businesses in the region. Our experts have identified a range of threats both to organisational assets, such as shipping and operational technology, and to personnel, driven by the geopolitical flashpoints between key actors in the region.

Regional rivals focus on Syria, Cyprus, Libya

Syria’s civil war has, since 2011, been a key driver for interstate conflict and competition in the Eastern Mediterranean region and has acted as a driver of state cyber activity affecting commercial entities. As Russia asserts its influence in the region, it uses cyber techniques, such as Global Navigation Satellite System (GNSS) interference, and information collection methods to prevent adversaries from challenging its dominating position on the Syrian mainland and in the coastal waters of Syria, Lebanon, Cyprus and into the Mediterranean sea. Russia’s strategy puts it at odds with several states with a large stake in the region, including its key rivals in the Five Eyes alliance, NATO and the EU, and also Russia’s intermittent collaborator and competitor in the region, Turkey.

Off Syria’s west coast, Turkish ship Yavuz recently began exploring for natural gas off the coast of Cyprus, despite several warnings and the imposition of sanctions by the EU. Yavuz is one of three Turkish vessels to have explored for oil off the Cypriot coast in the past 12 months. Further operations will almost certainly draw additional public condemnation from the EU and the US and raise tensions between EU states and Turkey. 

In the Southern Mediterranean, Libyan coastal waters are increasingly a flashpoint for deteriorating EU and Turkish relations as Turkish ships continue to deliver arms supplies to the Government of National Accord (GNA) to help counter the self-styled Libyan National Army, which is backed by Egypt and Russian private military contractors. 

The most recent incident on 17 June involved Turkish and French warships, the latter acting as part of the EU’s mission Operation Irini to enforce the UN arms embargo on Libya. The incident initiated an investigation by NATO into what it claims amounted to targeting of a French warship by the Turkish navy, which is likely to further strain Turkey’s relationship with NATO. These tensions were compounded on 22 June when Turkey accused the French intelligence service, DGSE, of spying on conservative and religious leaders in the country.

Geopolitical tensions translate to civilian cyber threats

All these tensions have translated into a highly volatile cyber threat environment in one of the most congested maritime environments globally. States operating in the region are battling for superiority in the information space by using electronic warfare techniques designed to impede their adversaries’ ability to use communication, navigation, and information systems at sea. Commercial vessels of all sizes have been caught in this electronic crossfire and have frequently been affected by GNSS interference and had maritime radar systems denied. 

Commercial vessels are also increasingly becoming the intended targets of such electronic warfare activity, with states using these techniques against vessels flagged from their rivals for symbolic targeting or diplomatic signalling. Further afield, electronic warfare techniques have been used in the Gulf to support physical attacks against target vessels, with state actors using spoofed radio communications to lure civilian vessels into territorial waters.   

Electronic warfare and GNSS interference in the region are now significant threats to the safety of commercial vessels, with electronic navigation systems severely disrupted, radar systems denied, and communications systems rendered unusable. All these potential impacts combine to create a substantial amount of safety risk for vessels transiting the region.

GNSS interference activity in the Eastern and Southern Mediterranean regions (2017 – present)

Espionage threats add to operational disruption

There is also a broader, longer-term cyber threat to businesses as a result of tensions among states operating in the Mediterranean region. Cyber operations make effective means of espionage, with states collecting large volumes of information or intelligence from target organisations and companies operating on behalf of adversary states. Russia has long been a highly active and sophisticated player in this domain and has targeted state and non-state organisations operating in the Middle East, Europe and the Mediterranean region for intelligence relating to adversary states’ diplomatic and foreign policy positions as well as military capabilities. 

The US, the UK, other NATO and also EU members will continue to show an increased interest in the Mediterranean region, with a key focus on Syria, Libya and Turkey as the latter continues to move to the periphery of NATO, taking its own direction in geopolitical and military policy in the Mediterranean and Middle East regions. As well as the accusations against France, reporting indicates that other states, including Russia, are targeting Turkish organisations for espionage and disruptive purposes using cyber techniques.

In response, Turkish-linked cyber threat groups are quickly emerging as advanced and capable operators, with previous Turkey-linked campaigns targeting Greek, Cypriot, Albanian, and Middle Eastern government officials for espionage purposes. The Turkish-linked SeaTurtle campaign – starting in 2017 but continuing until at least 2019 – shows the sophisticated nature of Turkish-linked groups, which were able to compromise internet infrastructure to collect large amounts of data from several targets in the Middle East, Europe and North America.

Growing range of threats highlight need for mitigation measures

In response to this fluid and evolving cyber threat picture, businesses and other organisations should remain closely aware of geopolitical tensions and events in the Mediterranean region. These are key drivers for cyber and other electronic events, which are often designed to signal to other states at the cost of civilian assets and companies. 

Businesses should understand the cyber threat actors motivated to target their organisation, and the tactics they use to penetrate target networks, to build a proportionate and prioritised cyber security response. Finally, businesses in the maritime sector should also consider building navigation and communication resilience plans for operating in the Mediterranean region in preparation for experiencing the effects of electronic warfare.