Maritime Cyber Security Goes Critical

The maritime shipping industry is increasingly vulnerable to cyber attackers seeking to exploit vulnerabilities in their interconnected systems, as more shipowners and ports adopt digitalisation to optimise operations.

There are thousands of ports around the world receiving more than 50,000 commercial vessels, making over 5 million port calls per year. 

More of these ships and ports are connected to the Internet and online applications, leaving them vulnerable to cyber threats. Shipping companies and organisations are increasingly the victims of criminal cyber attacks over the last few years and recent victims include the International Maritime Organisation’s (IMO) headquarters in London. 

Recent attacks hit the world’s second, third and fourth-largest container lines, Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation. Now, the implementation and control of cyber security has been highlighted as a key aspect of safety by the IMO as technology becomes essential in ship operations. 

International shipping transports more than 80 per cent of global trade to peoples and communities all over the world and is considered the most efficient and cost-effective method of international transportation for most goods, providing a dependable, low-cost means of transporting goods globally, facilitating commerce and helping to create prosperity among nations and peoples but now cyber-attacks are a real risk to shipping.

To mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets" says Andy Powel CISO of AP Moller-Maersk, who thinks that shipping companies should ensure they know how to recover their business after an attack. “Understand the risks and threats, and that you cannot fix everything.... You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees to the recent Inmex SMM Virtual Expo 

The world relies on a safe, secure and efficient international shipping industry, and this is provided by the regulatory framework developed and maintained by IMO. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping those developments,”  Wu Shengwei, head of shipping and technical advisory for DNV GL told confernce delegates.

The transformation towards smart shipping means that technology permeates many aspects of ship operations. Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping, including bridge systems, cargo handling, propulsion, machinery management systems, power control systems and administrative and crew welfare systems.  With the process of digitalisation accelerated by the Covid-19 pandemic maritime cyber attacks have become more common in 2020,  not only in shipping, but worlwide.

In recognition of this, the IMO will require that the cyber security risks be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance with effect from 1 January 2021.

While systems can be protected and recovered using IT systems, it is important  that the human participants have an understanding of  the risks associated with the operation of critical systems and that mariners get the training they need to practice good cyber discipline in the maritime industry.

IMO:        SeaTrade-Maritime:           RivieraMM:    BIMCO:      SeaTrade-Maritime:         RivieraMM:

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Data Breaches: 40% of SME Employees Think They Will Be Blamed
Connected Devices Must Be More Secure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Center for Education & Research in Information Assurance & Security (CERIAS)

Center for Education & Research in Information Assurance & Security (CERIAS)

CERIAS is one of the world’s leading centers for research and education in areas of information and cyber security.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.