Maritime Cyber Security Goes Critical

Uploaded on 2020-12-09 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The maritime shipping industry is increasingly vulnerable to cyber attackers seeking to exploit vulnerabilities in their interconnected systems, as more shipowners and ports adopt digitalisation to optimise operations.

There are thousands of ports around the world receiving more than 50,000 commercial vessels, making over 5 million port calls per year. 

More of these ships and ports are connected to the Internet and online applications, leaving them vulnerable to cyber threats. Shipping companies and organisations are increasingly the victims of criminal cyber attacks over the last few years and recent victims include the International Maritime Organisation’s (IMO) headquarters in London. 

Recent attacks hit the world’s second, third and fourth-largest container lines, Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation. Now, the implementation and control of cyber security has been highlighted as a key aspect of safety by the IMO as technology becomes essential in ship operations. 

International shipping transports more than 80 per cent of global trade to peoples and communities all over the world and is considered the most efficient and cost-effective method of international transportation for most goods, providing a dependable, low-cost means of transporting goods globally, facilitating commerce and helping to create prosperity among nations and peoples but now cyber-attacks are a real risk to shipping.

To mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets" says Andy Powel CISO of AP Moller-Maersk, who thinks that shipping companies should ensure they know how to recover their business after an attack. “Understand the risks and threats, and that you cannot fix everything.... You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees to the recent Inmex SMM Virtual Expo 

The world relies on a safe, secure and efficient international shipping industry, and this is provided by the regulatory framework developed and maintained by IMO. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping those developments,”  Wu Shengwei, head of shipping and technical advisory for DNV GL told confernce delegates.

The transformation towards smart shipping means that technology permeates many aspects of ship operations. Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping, including bridge systems, cargo handling, propulsion, machinery management systems, power control systems and administrative and crew welfare systems.  With the process of digitalisation accelerated by the Covid-19 pandemic maritime cyber attacks have become more common in 2020,  not only in shipping, but worlwide.

In recognition of this, the IMO will require that the cyber security risks be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance with effect from 1 January 2021.

While systems can be protected and recovered using IT systems, it is important  that the human participants have an understanding of  the risks associated with the operation of critical systems and that mariners get the training they need to practice good cyber discipline in the maritime industry.

IMO:        SeaTrade-Maritime:           RivieraMM:    BIMCO:      SeaTrade-Maritime:         RivieraMM:

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Data Breaches: 40% of SME Employees Think They Will Be Blamed
Connected Devices Must Be More Secure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.