#41 Maritime Cybersecurity

-

Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade.

Ships and other vessels may seem like unusual targets for cyberattacks. But with their growing use of industrial control systems (ICS) and satellite communications, hackers have a new playground that’s ripe for attack.

In a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey, despite the majority of respondents (77%) viewing cyber-attacks as a high or medium risk to their organizations, few appear to be prepared for the aftermath of such an attack, 64% of respondents said their organization has a business continuity plan in place to follow in the event of a cyber incident, but only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 42% of respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”

As hackers become even more sophisticated in their tactics, it’s inevitable that cyber-attacks against OT on ships are becoming the norm rather than the exception. It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats.

What is Maritime Cybersecurity?

In order to defend marine enterprises, their ships, and their cyber environment, a variety of tools, policies, security concepts, security safeguards, guidelines, risk management techniques, actions, training, best practices, assurance, and technology are utilized.

The International Maritime Organization (IMO) defines maritime cyber risk as a measurement of the degree to which a technological asset could be threatened by a conceivable event or circumstance that could lead to operational, safety, or security failures in the shipping industry as a result of information or systems being corrupted, lost, or compromised.

Many of the internationally interconnected networks and facilities at sea continue to rely on antiquated methods of connectivity. These intricate networks combine information technology (IT) and operational technology (OT) systems used by internal staff and outside vendors, increasing the risk of a hack or insider threat. We'll explore those in the next section.

When connection on a ship was low, ship control engineers used air gapping to physically separate a secure network from unsecured networks in order to solve security concerns. An air-gapped system is by definition not linked to the Internet or any other system. But now, a malevolent hacker or even a less-than-experienced insider may access and infect crucial systems using something as easy as a USB flash drive or an unprotected Wi-Fi connection. Given the interconnection of contemporary naval boats, this development is particularly problematic.

Connectivity on a Modern Maritime Vessel

Bridge Control

Bridge systems, automatic identification system (AIS), voyage data recorder (VDR), automatic RADAR plotting aid (ARPA)

Propulsion & Power

Engine control, fuel management, onboard machinery monitoring and control, generators.

Navigation

GPS/GNSS, electronic chart display and information system (ECDIS), radar, weather systems.

Loading & Stability

Ballast systems, hull stress, stability control, stability decision support systems, cargo management systems.

Safety Systems

Fire and flood control, tracking, shipboard security, CCTV, emergency shutdown.

Communications

Satellite internet communications, ship-to-shore, ship-to-ship, handheld radios, voice-over-IP (VoIP).

Operations Security

Human-machine interfaces (HMIs), logic controllers (PLCs), digital and analog sensors, electronics.

Network Security

Firewalls, segmentation devices, antivirus software, software updates, vendor patches.

Physical Security

Server rooms, access control, bridge, machinery spaces, network infrastructure.

Ship Networks

Email, customs and immigration, personnel administration, maintenance and spares management.

Crew Network

Email, Wi-Fi, wired, bring your own device (BYOD).

Supply Chain

Remote or on-shore vendor updates, maintenance, and administration.

The marine sector is a crucial pillar of our global economy, whether it be for the transportation of crude oil, goods, or chemicals, containers, cars, or liquid or dry bulk. With operation centers and fleets of various classes and vintages dispersed across the globe, operations becoming more digital, and a complex environment fusing IT with industrial control systems (ICS) & operational technology (OT), protecting a vessel's critical operations from cyber threats presents unique challenges.

Comments

  1. Divine Intentions IndiaDecember 6, 2023 at 10:37 PM

    ..well cyber security issues always bring to fore the debate of Man V/s Advanced Machines in Maritime and to some extent highlights the few negative aspects of our over-reliance on Technology. However, I feel ,only time will tell if our industry is prepared to protect ourselves from these fundamental risks.

    ReplyDelete

Post a Comment

Popular posts from this blog

#21 What is Mooring of Ships

-
Image
We have been intrigued by this question: How are ships ‘parked’ upon their arrival in ports, jetties, and piers? Unlike cars, they can’t simply be put off gear and parking brakes! Ships don’t have brakes in the first place. Ships need to be fastened and fixated soundly for conducting all kinds of shore operations such as cargo loading/unloading, refuelling, bunkering, ballasting/deballasting, boarding/deboarding, maintenance, repairing, and often for idle times based on voyage schedules and berth or workforce availability. So, mooring or the system of securing a vessel soundly for the purposes mentioned above is indispensable in studying ships and offshore structures.  Differences between mooring, docking and anchoring It is common to get confused with the terms mooring, docking and anchoring and may use them interchangeably. But there are stark differences between them.  Anchoring is the system of securing a vessel amid the sea when the ship is not near the vicinity of a per
Read more

#59 Manned to AI Ships Era (iota/1): Navigating the Future with Technological Waves

-
Image
“Investing on Yourself is the best investment”. 2030 year going to be a massive change throughout the world in all the fields. Starts from pollution norms, recycling, IIOT etc. Technology developments will take over all industry in a prompt time. AI is the field of conceiving, designing and developing machines which should perform tasks that usually   requires human intelligence. AI is the art and science of developing machines running  on intelligent algorithms that make them capable of   thinking, acting and learning like human beings.  In lay-man language we are expecting a intelligent machines in the field of engineering and technology. Scanner and sensors types going to increase more like thermal, light, proximity, chemicals, barometric, speech, audio, image. Human Machine Interface to synchronization for commanding/operating the ship from shore requires. Education and training are required to meet AI and to with the emerging accomplishments, experts say that full artificial intel
Read more