The Maritime Shipping Industry Should Be On Red Alert

Uploaded on 2019-04-11 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The maritime sector is being targeted by highly motivated cyber criminals and the shipping industry should be on the highest alert for a cyber-attack, an industry expert has warned.

Speaking at the Singapore Maritime Technology Conference (SMTC) 2019, organised by the Maritime and Port Authority of Singapore, Naval Dome CEO Itai Sela said: “Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”. 

“The maritime industry is just not prepared,” Sela told SMTC delegates. “Shipping is a US$4 trillion global industry responsible for transporting 80% of the world’s energy, commodities and goods, so any activity that disrupts global trade will have far reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.”

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack. 

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”

Sela said a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether its infected or cyber clean. “I strongly recommend that all Port Authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.

News by CSI: 

You Might Also Read:

Maritime Cybersecurity Takes A Big Step Forward:

 

 

« Websites To Be Fined Over 'online harms' Under New UK Law
Zain Qaider And The Sixty Year Rule »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.