The Maritime Shipping Industry Should Be On Red Alert

Uploaded on 2019-04-11 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The maritime sector is being targeted by highly motivated cyber criminals and the shipping industry should be on the highest alert for a cyber-attack, an industry expert has warned.

Speaking at the Singapore Maritime Technology Conference (SMTC) 2019, organised by the Maritime and Port Authority of Singapore, Naval Dome CEO Itai Sela said: “Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”. 

“The maritime industry is just not prepared,” Sela told SMTC delegates. “Shipping is a US$4 trillion global industry responsible for transporting 80% of the world’s energy, commodities and goods, so any activity that disrupts global trade will have far reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.”

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack. 

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”

Sela said a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether its infected or cyber clean. “I strongly recommend that all Port Authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.

News by CSI: 

You Might Also Read:

Maritime Cybersecurity Takes A Big Step Forward:

 

 

« Websites To Be Fined Over 'online harms' Under New UK Law
Zain Qaider And The Sixty Year Rule »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

LRQA

LRQA

LRQA is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

ArmourZero

ArmourZero

ArmourZero help organisations redefine their cybersecurity strategy - increase visibility, minimise complexity, manage risk, and enhance protection, all under a unified security operations platform.