Maritime Cyber Security Needs Shipping Companies to Focus

Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyber-attacks, however cyber attacks have increased. 
 
The seaborne shipping industry's growing use of industrial control systems (ICS) and satellite communications has given hackers an entire new range of opportunities and cyber protection for shipping is lagging behind many other sectors, just as the threat profile has grown .
 
With  a  majority  of  the  world’s  goods  traveling  through  sea  lanes,  it  is  crucial for members of the maritime industry to understand the risks associated with the maritime  cyber  domain. Cyber security threats to shipping can be malicious actions such as hacking or infection of systems with malware or vessels lacking software maintenance, faulty user permissions, unauthorised access to systems and weak passwords. 
 
Regardless if malicious or benign, both above actions should be taken seriously as credible threats to vulnerabilities in IT or OT systems that can comprise an entire vessel and its crew and the incidence of attacks has increased markedly since the onset of the Coronavirus pandemic.
 
The maritime shipping industry's vulnerability has never been greater as the industry embraces digital transformation continues to accelerate , providing many more opportunities for hackers.
 
The disastrous SolarWinds malware attack, widely thought to be state-sponsored, is estimated to have infiltrated more than 18,000 targets with malicious code which initially lay dormant for some weeks and many leading US ad international companies companies are thought to have been attacked, as well as US Government departments and Microsoft. There is no reason to think that the maritime industry is unaffected and against this  background  of heightened risk and industry experts say that shipping needs to change its thinking. “We need to think security, not just compliance,” said Ben Densham, CTO of Nettitude, a cyber security company owned by Lloyd’s Register at a recent event.
 
Densham stressed the importance of continuous testing of cyber resilience. As remote connectivity and varying degrees of autonomy transform many long-established shipping business models, companies must focus on cyber risks and their possible impact, he said, because they pose a constant threat that runs through all aspects of business. Both cybersecurity and cyber safety are very important because of their potential effect on personnel, the ship, environment, company and cargo. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and operations technology.
 
The US Government has recognised that although cyber security standards and frameworks are widely available, maritime and shipping businesses often lack the resources or expertise to implement them effectively, leaving them open to vulnerabilities which can be exploited to disrupt operations. 
 
To mitigate these risks, the following actions are planned to be activated:
  • Identify gaps in legal authorities and de-conflict government roles and responsibilities for the implementation of maritime cyber security standards.
  • The US Coast Guard will analyse cyber security reporting guidance between 2016 and 2020 to identify trends and attack vectors. The analysis will increase maritime sector situational awareness and decrease maritime cyber risk.
  • Develop and implement mandatory contractual cybersecurity requirements for maritime critical infrastructure owned, leased, or regulated by the Government to decrease cyber security risk because of supply chain attacks.
  • Develop procedures to identify, prioritise, mitigate, and investigate cyber security risks in critical onboard and shore-based systems.
 
Tripwire:    Seatrade-Maritime:     ICS Shipping:     MissionSecure:   Adv-Polymer:    CalhounNPS:   Image: 
 
You Might Also Read: 
 
Maritime Shipping Is A Prime Target In 2021:
 
 
« Cyber Criminals Publish Stolen Files
5G Could Be A Cyber Security Revolution »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.