Maritime Cyber Security Goes Critical

Uploaded on 2020-12-09 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The maritime shipping industry is increasingly vulnerable to cyber attackers seeking to exploit vulnerabilities in their interconnected systems, as more shipowners and ports adopt digitalisation to optimise operations.

There are thousands of ports around the world receiving more than 50,000 commercial vessels, making over 5 million port calls per year. 

More of these ships and ports are connected to the Internet and online applications, leaving them vulnerable to cyber threats. Shipping companies and organisations are increasingly the victims of criminal cyber attacks over the last few years and recent victims include the International Maritime Organisation’s (IMO) headquarters in London. 

Recent attacks hit the world’s second, third and fourth-largest container lines, Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation. Now, the implementation and control of cyber security has been highlighted as a key aspect of safety by the IMO as technology becomes essential in ship operations. 

International shipping transports more than 80 per cent of global trade to peoples and communities all over the world and is considered the most efficient and cost-effective method of international transportation for most goods, providing a dependable, low-cost means of transporting goods globally, facilitating commerce and helping to create prosperity among nations and peoples but now cyber-attacks are a real risk to shipping.

To mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets" says Andy Powel CISO of AP Moller-Maersk, who thinks that shipping companies should ensure they know how to recover their business after an attack. “Understand the risks and threats, and that you cannot fix everything.... You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees to the recent Inmex SMM Virtual Expo 

The world relies on a safe, secure and efficient international shipping industry, and this is provided by the regulatory framework developed and maintained by IMO. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping those developments,”  Wu Shengwei, head of shipping and technical advisory for DNV GL told confernce delegates.

The transformation towards smart shipping means that technology permeates many aspects of ship operations. Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping, including bridge systems, cargo handling, propulsion, machinery management systems, power control systems and administrative and crew welfare systems.  With the process of digitalisation accelerated by the Covid-19 pandemic maritime cyber attacks have become more common in 2020,  not only in shipping, but worlwide.

In recognition of this, the IMO will require that the cyber security risks be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance with effect from 1 January 2021.

While systems can be protected and recovered using IT systems, it is important  that the human participants have an understanding of  the risks associated with the operation of critical systems and that mariners get the training they need to practice good cyber discipline in the maritime industry.

IMO:        SeaTrade-Maritime:           RivieraMM:    BIMCO:      SeaTrade-Maritime:         RivieraMM:

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Data Breaches: 40% of SME Employees Think They Will Be Blamed
Connected Devices Must Be More Secure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.