It is an undeniable fact that the last few years the world have witnessed a meteoric rise of Cyber-attacks. The maritime industry is not an exception to this rule. The new technologies that are being introduced to modern ships make operations more efficient and they are responsible for continuously improving time management; but those positives come with a negative, since ships are now constantly online, they are vulnerable to cyber-attacks. By proactively taking actions that minimise that risk and consider solutions for both on-shore/off-shore operations, you can fortify your organisation from cyber criminals.
The threats come in many forms and they can target maritime firms’ operations on shore and on board.
On shore Cyber threats
The most common threat is an infiltration on the company’s main offices systems that can lead to a major leakage of sensitive information either to competitors or to the public by hacktivists. This means that Legal consequences will follow suit, depending on the privacy legislation applied per region.
By taking over the systems based on the main offices there is a possibility that the criminals might gain a foothold to the vessel’s Operational and Informational Technology, since as already mentioned a majority of modern ship’s systems are remotely managed.
Furthermore, malicious actors could gain access to the financial information of the firm causing serious monetary incidents.
Finally, when it comes to on shore security the firm must invest a lot of time and effort on internal infrastructure security even more than the amount invested in keeping the corporate perimeter secure. Contemporary reports have shown that roughly 70% of the security incidents originate internally.
On board Cyber threats
Key threats are reflected in every category of on-board IT/OT equipment, including and not limited to internal and external bridge systems, business and crew networks, engine and machinery equipment monitoring, cargo control & management systems.
Indicatively, compromising the control of AIS/ECDIS can have consequences, varying from short time delays to loss of route for a significant period of time.
Furthermore, tampering with cargo management and control systems, allows for different engineering setups to be configured including pump pressure, temperature controls and more. Such a misconfigured installation may lead to potential damages or even explosions on board with significant safety ramifications for the crew, the vessel, and everything in their proximity.
Due to their nature, highly sensitive industrial control systems managing and monitoring the engine and its components status, are very prone to Denial of Service (DoS) attacks, leaving the vessel vulnerable to a lack of control and telemetry against critical components and equipment.
Cyber Security Solutions
What we as TwelveSec suggest that a maritime organisation should do in order to secure its operations as much as humanly possible are as follows.
Have certified Cyber Security professionals to check your security status either remotely or onboard to find your security holes, if any. In case they do find some vulnerabilities that need addressing, have them assist you into addressing them in order to keep those prying eyes away from your organisation’s internal data.
Be proactive, instead of handling the outcome of a security breach, set up an internal InfoSec framework that meets your firm’s needs instead. Prevention is always preferable to treatment and usually it costs less.
More importantly you have to address the most vulnerable point on the security of every organisation, and that is Mary from Accounting and John from the Sales department. Joking aside, our personal experience and research have shown that the easiest thing to hack are people. Invest on training programmes for the staff, all the staff not only the IT department, never forget that your security is as strong as your weakest link.
For organisations that are confident for their security level we would advise that they also need to be tested. Hire a Red team to test your security in a real-life situation. You can always improve your security.
We hope that this sort post could prove helpful to reduce the threat maritime firms are facing in this digital era.