The Maritime Shipping Industry Should Be On Red Alert

Uploaded on 2019-04-11 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The maritime sector is being targeted by highly motivated cyber criminals and the shipping industry should be on the highest alert for a cyber-attack, an industry expert has warned.

Speaking at the Singapore Maritime Technology Conference (SMTC) 2019, organised by the Maritime and Port Authority of Singapore, Naval Dome CEO Itai Sela said: “Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”. 

“The maritime industry is just not prepared,” Sela told SMTC delegates. “Shipping is a US$4 trillion global industry responsible for transporting 80% of the world’s energy, commodities and goods, so any activity that disrupts global trade will have far reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.”

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack. 

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”

Sela said a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether its infected or cyber clean. “I strongly recommend that all Port Authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.

News by CSI: 

You Might Also Read:

Maritime Cybersecurity Takes A Big Step Forward:

 

 

« Websites To Be Fined Over 'online harms' Under New UK Law
Zain Qaider And The Sixty Year Rule »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.