#41 Maritime Cybersecurity
Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade.
Ships and other vessels may seem like unusual targets for cyberattacks. But with their growing use of industrial control systems (ICS) and satellite communications, hackers have a new playground that’s ripe for attack.
In a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey, despite the majority of respondents (77%) viewing cyber-attacks as a high or medium risk to their organizations, few appear to be prepared for the aftermath of such an attack, 64% of respondents said their organization has a business continuity plan in place to follow in the event of a cyber incident, but only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 42% of respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”
As hackers become even more sophisticated in their tactics, it’s inevitable that cyber-attacks against OT on ships are becoming the norm rather than the exception. It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats.
What is Maritime Cybersecurity?
In order to defend marine enterprises, their ships, and their cyber environment, a variety of tools, policies, security concepts, security safeguards, guidelines, risk management techniques, actions, training, best practices, assurance, and technology are utilized.
The International Maritime Organization (IMO) defines maritime cyber risk as a measurement of the degree to which a technological asset could be threatened by a conceivable event or circumstance that could lead to operational, safety, or security failures in the shipping industry as a result of information or systems being corrupted, lost, or compromised.
Many of the internationally interconnected networks and facilities at sea continue to rely on antiquated methods of connectivity. These intricate networks combine information technology (IT) and operational technology (OT) systems used by internal staff and outside vendors, increasing the risk of a hack or insider threat. We'll explore those in the next section.
When connection on a ship was low, ship control engineers used air gapping to physically separate a secure network from unsecured networks in order to solve security concerns. An air-gapped system is by definition not linked to the Internet or any other system. But now, a malevolent hacker or even a less-than-experienced insider may access and infect crucial systems using something as easy as a USB flash drive or an unprotected Wi-Fi connection. Given the interconnection of contemporary naval boats, this development is particularly problematic.
Connectivity on a Modern Maritime Vessel
Bridge Control
Bridge systems, automatic identification system (AIS), voyage data recorder (VDR), automatic RADAR plotting aid (ARPA)
Propulsion & Power
Engine control, fuel management, onboard machinery monitoring and control, generators.
Navigation
GPS/GNSS, electronic chart display and information system (ECDIS), radar, weather systems.
Loading & Stability
Ballast systems, hull stress, stability control, stability decision support systems, cargo management systems.
Safety Systems
Fire and flood control, tracking, shipboard security, CCTV, emergency shutdown.
Communications
Satellite internet communications, ship-to-shore, ship-to-ship, handheld radios, voice-over-IP (VoIP).
Operations Security
Human-machine interfaces (HMIs), logic controllers (PLCs), digital and analog sensors, electronics.
Network Security
Firewalls, segmentation devices, antivirus software, software updates, vendor patches.
Physical Security
Server rooms, access control, bridge, machinery spaces, network infrastructure.
Ship Networks
Email, customs and immigration, personnel administration, maintenance and spares management.
Crew Network
Email, Wi-Fi, wired, bring your own device (BYOD).
Supply Chain
Remote or on-shore vendor updates, maintenance, and administration.
The marine sector is a crucial pillar of our global economy, whether it be for the transportation of crude oil, goods, or chemicals, containers, cars, or liquid or dry bulk. With operation centers and fleets of various classes and vintages dispersed across the globe, operations becoming more digital, and a complex environment fusing IT with industrial control systems (ICS) & operational technology (OT), protecting a vessel's critical operations from cyber threats presents unique challenges.
..well cyber security issues always bring to fore the debate of Man V/s Advanced Machines in Maritime and to some extent highlights the few negative aspects of our over-reliance on Technology. However, I feel ,only time will tell if our industry is prepared to protect ourselves from these fundamental risks.
ReplyDelete