Cyber Security Is Crucial For Maritime Shipping

The global economy relies heavily on maritime transport as the majority of international trade is conducted via the sea. A delay in shipping can lead to severe financial loss, especially for firms higher up in the distribution channel and it is this heavy reliance makes the maritime transport industry an appealing target for cyber criminals.

In fact, the maritime industry is now facing an increasing number of new threats and regulatory requirements as it undergoes digital transformation. 

Widespread digitalisation has brought many benefits to shippingCritical vessel systems required for the safety of navigation, power supply and cargo management are increasingly digitised and connected to the Internet to perform a wide range of legitimate functions.

  • Seafarers can call home more easily and frequently. 
  • Port management systems are now much smarter.
  • Digital navigation tools are improving voyage times and reducing emissions. 
  • Vessels are increasingly integrated with onshore operations. 
  • Digital communications are used to conduct business, manage operations, and keep in touch with office managers. 

Shipping’s increased reliance on digital systems has also created new vulnerabilities. Some of these are relatively easy to fix. Paper charts and working knowledge of a sextant have guided mariners for centuries, and can fully overcome any ECDIS failure. Others are both harder to detect and less easily fixed. For example, criminals are using GPS jamming to help them to plunder cargoes. Similarly, the technology needed to spoof, or deceive a vessel as to its actual location, is inexpensive and easy to find online. Should a hacker be able to access a ship’s digital core, it could prevent any internet-enabled activity and ship without the ability to communicate could quickly be deemed ‘off hire’ by a charterer.

Maritime cyber security is concerned with the protection of IT systems, onboard hardware and sensors and data leak from unauthorised access, manipulation and disruption. Unfortunately, effective cyber security measures are not keeping pace with the threats the industry faces. 

Recent Major Incidents

  • Naval Dome, an Israeli a maritime cyber defence company, estimates there had been a 400% growth in attempted attacks on maritime targets between February and June 2020. 
  • A study by the German research institute DLR found interference on GPS frequencies during every phase of a year-long voyage between Europe, the Far East and back.
  • In 2019, the US Guard brought up interference with GPS navigation signals as an “urgent issue” to the UN shipping governing agency, the International Maritime Organisation (IMO).
  • The social restrictions imposed by the Coronavirus have increased the use of connectivity by OEMs, technicians and others to service ships. This is likely to have increased the possible attack surfaces and number of incidents further still.

Shipowners and operators must now ensure that they are regularly working to improve their risk management and adapting their procedures and processes as the complexity and danger from digital attacks evolves.

The first step to take when updating your cyber risk management is to specify who will be responsible for administering and supervising, and identifying which systems are vulnerable to attack. Once that is complete, risk control processes must be regularly tested, and the lessons learned embedded within ongoing resilience and contingency planning.  

If an owner of a vessel cannot show that it has performed appropriate due diligence in managing its cyber risks in line with the new guidelines, the vessel may be found to be unseaworthy.  Should this happen, it’s likely to jeopardise contracts of carriage and could compromise a shipowner’s ability to rely on the international regulations,to protect their legal and commercial interests. Also,many financing agreements require compliance with the IMO's International Safety Management (ISM) Code. The ISM Code provides welcome standardisation and updates to enhance the safety of ships and the seafarers that crew them and it possible that a breach of the ISM Code could put a borrower in default on his loan contracts.

At present there is a limited cyber insurance market for marine risks but because of the growing number of cyber attacks and the very visible consequences to some of shipping’s biggest companies demand for maritime cyber insurance cover is likely to grow.

Changes introduced by the IMO to deal with cyber risk management came into effect at the beginning of 2021 and require new ways of working, the deployment of new skills and investment in training, equipment and processes.

These changes start with the board: without resolute board leadership, compliance with the standards will not be possible. It is shipping companies and their Directors who are ultimately responsible for the safety of the vessels, and will be required to decide how much and on what to invest to mitigate significant risks. 

Penta Security:       Marine-Digital:      Astaara:     Maritime Executive:       Maritime Executive:    Image: Unsplash

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Cyber Security Training Goes Gaming
GCHQ Jammed ISIS Drones & Servers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.