The Maritime Shipping Industry Should Be On Red Alert

The maritime sector is being targeted by highly motivated cyber criminals and the shipping industry should be on the highest alert for a cyber-attack, an industry expert has warned.

Speaking at the Singapore Maritime Technology Conference (SMTC) 2019, organised by the Maritime and Port Authority of Singapore, Naval Dome CEO Itai Sela said: “Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”. 

“The maritime industry is just not prepared,” Sela told SMTC delegates. “Shipping is a US$4 trillion global industry responsible for transporting 80% of the world’s energy, commodities and goods, so any activity that disrupts global trade will have far reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.”

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack. 

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”

Sela said a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether its infected or cyber clean. “I strongly recommend that all Port Authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.

News by CSI: 

You Might Also Read:

Maritime Cybersecurity Takes A Big Step Forward:

 

 

« Websites To Be Fined Over 'online harms' Under New UK Law
Zain Qaider And The Sixty Year Rule »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.