4 min

What if… the cyberattacks on European oil ports are a hybrid declaration of war?

Last February 2022, oil ports in Rotterdam, Antwerp and Ghent became the target of several cyberattacks that endanger crucial maritime transport hubs in Europe. Multiple petrochemical facilities had to halt their logistical processes, which caused enormous delays in the supply chain of specifically oil.

Cybercrime - Yarin Eski - March 17, 2022

The Dutch National Cyber ​​Security Center raised awareness about possible criminal motives behind those cyberattacks, given that both Belgian and Dutch ports have been victims of such attacks before (Van de Pol, 2015; Van Roosbroeck, 2022). These were large-scale cyberattacks to take over logistical systems and software in order to transport cocaine and heroin (Reyntjens and Meulemans, 2017). After the port facility workers complained about slowed-down computers, it became clear that devices were installed that allowed organized crime groups to take over control and manipulate the entire logistics network externally.

Perhaps, it was only a matter of time that these cyberattacks took place. And perhaps there is something else going on than “just” organized crime that undermines the (digital) transport sector to do their illegal drug import and export business.

Due to the recent war in Ukraine, there are fears that in response to economic sanctions against Russia, European economies risk being shut down by cyberattacks on their energy supplies and transportation (Port of Rotterdam, 2022; Ornstein, 2022). Danish maritime analyst Lars Jensen warned for the involvement of Russian cybercriminals in the cyber hacks on transport hubs (Van Marle, 2022), as happened previously in Ukraine with malware and more recently with so-called ‘Black Cat’ ransomware in Germany (Gallagher, 2022; Jansen, 2022).

In 2017, the Maersk port facility in the port of Rotterdam was shut down by NotPetya malware. Although this was not a targeted attack on the port of Rotterdam itself, it was seen as “collateral damage” of a Russian computer virus targeting Ukraine (Scheer, 2022). As such, an international seaport area does not have to be the primary target in order to be damaged by cyberattacks as a method in hybrid warfare.

Attacks on vital infrastructures and processes are timeless, but due to the growing technological development and hybrid warfare, the consequences for society seem to be increasing. North-Western Europe, especially Belgium, France, Germany and the Netherlands, has several of these maritime transport hubs in Antwerp, Le Havre, Hamburg and Rotterdam. They form a part of vital infrastructures and processes because of their responsibility for shipping handling, international and national transport, and energy distribution (NCTV, 2017). If they fail or are disrupted, this can lead to a ‘serious social disruption’ (id. 1). Recent governmental reporting on awareness about states threatening The Netherlands, for example, seem to remain unaware of specifically cyberthreats by foreign powers to Dutch ports and port facilities (cf. WODC, 2021).

Nevertheless, due to the war in Ukraine, there is a strong sense of how dependent all of Europe is on its internal (digital) vital infrastructures and how much it relies on countries outside of its EU borders, in this case on Russia for oil and gas, and on Ukraine for its grain (cf. Tamman et al. 2022). The impact of that war is becoming increasingly visible in, for example, the port of Rotterdam and it may even increase if the number of sanctions against Russia is expanded (Port of Rotterdam, 2022). Despite the fact that there are no concrete indications that the recent cyberattacks are related to the war in Ukraine and to Russia, several companies that use the seaports express their concerns. They want a ‘digital anti-aircraft gun’ against Russian cyberattacks in the port of Rotterdam, as their fear of digital sabotage is growing (Ornstein, 2022).

It is all unclear, but such ambiguousness is exactly what is typical of hybrid warfare. What if organized (cyber)crime is used by important foreign powers that can hide behind the façade of these cyberattacks “just” benefitting organized crime? The goal of creating societal and economic chaos, at least, is still achieved if that was the aim of such powers.

On May 14, 1940, the German bombardment of Rotterdam took place, destroying an entire city center in less than fifteen minutes. It was a matter of shutting down the ports of Rotterdam, because, and although not digitally yet, it was most definitely a vital infrastructure already back then. The Nazis similarly tried to bring the United Kingdom to its knees when they bombed British ports during the Liverpool Blitz.

Transport hubs have been a target throughout war history and they remain to be considered as such, also now in modern hybrid warfare.

What is different during WW2 is that now “only” Russia and Ukraine are at war officially. But hybridly spoken, maybe it is not necessary to have actors and acts of war clearly set out. These may include the cyberattacks on European ports as hybrid acts of war, and thus would constitute a hybrid declaration of war. Ports remain to be energy storage places to keep countries running. Shutting them down seems to indicate more that here is involvement of foreign powers, than that there is of organized crime that needs ports to transport illegal drugs through.

What the questions here show, is that cybersecurity awareness and resilience against the hybridification of organized crime actors and warring actors are of utmost importance, more than before. If only to get it clear what actually an act of war is and what a criminal act these days consists of, and why European maritime ports are used in order to protect them.

This article is based on and consists in part of the original piece in Dutch: https://fd.nl/opinie/1429712/zijn-de-hacks-van-europese-havens-een-hybride-oorlogsverklaring


Gallagher, R. (2022) ‘Black Cat’ Ransomware Tied to Attacks on Germany’s Fuel Systems. From: https://news.bloomberglaw.com/privacy-and-data-security/black-cat-ransomware-tied-to-attacks-on-germanys-fuel-systems.

Jansen, J. (2022) Oekraïne: ‘we hebben bewijs dat Rusland verantwoordelijk is voor cyberaanval’. From: https://tweakers.net/nieuws/192094/oekraine-we-hebben-bewijs-dat-rusland-verantwoordelijk-is-voor-cyberaanval.html.

NCTV (2017) Weerbare vitale infrastructuur. From: https://www.nctv.nl/binaries/nctv/documenten/publicaties/2018/02/01/factsheet-weerbare-vitale-infrastructuur/Factsheet+Weerbare+Vitale+Infrastructuur+NL+2018.pdf.

Ornstein, K. (2022) Rotterdamse haven wil ‘digitaal luchtafweergeschut’ tegen Russische aanvallen. From: https://nos.nl/nieuwsuur/collectie/13893/artikel/2419696-rotterdamse-haven-wil-digitaal-luchtafweergeschut-tegen-russische-aanvallen.

Port of Rotterdam (2022) Impact conflict Rusland-Oekraïne op Rotterdamse haven. From: https://www.portofrotterdam.com/nl/nieuws-en-persberichten/impact-conflict-rusland-oekraine-op-rotterdamse-haven.

Reyntjens, S. en Meulemans, I. (2017) Verdachte hacking Antwerpse haven opgepakt in Spanje. From: https://www.gva.be/cnt/dmf20170725_02987359.

Scheer, P. (2022) Oorlog Oekraïne zet Cybersecurity op Scherp. From: https://www.vno-ncw.nl/forum/inge-bryan-fox-it-oorlog-oekraine-zet-cybersecurity-op-scherp.

Tamman et al. (2022) Ukraine’s farmers stalled, fueling fears of global food shortages. From: https://www.reuters.com/world/ukraines-farmers-stalled-fueling-fears-global-food-shortages-2022-03-11/.

Van Marle, G. (2022) Why war in Ukraine could be catastrophic for container shipping. From: https://theloadstar.com/why-war-in-ukraine-could-be-catastrophic-for-container-shipping/.

Van de Pol, W. (2015) Gehackte haven, cokesmokkel 2.0. From: https://www.crimesite.nl/gehackte-haven-cokesmokkel-2-0-6/.

Van Roosbroeck, G. (2022) Antwerpse haven slachtoffer van cyberattack, experts waarschuwen voor meer aanvallen in de toekomst: “Ontregel één klein bedrijf en je creëert een hele file”. From: https://www.gva.be/cnt/dmf20220203_97523795.

WODC (2021) Eindrapport state-of-the-art onderzoek Statelijke Dreigingen. From: https://open.overheid.nl/repository/ronl-ad4d6ee0-e9ad-4dfe-9efa-dab615ff719a/1/pdf/tk-bijlage-wodc-rapport-state-of-the-art-statelijke-dreigingen-fase-1.pdf.

Send this to a friend