Maritime Cyber Security Goes Critical

The maritime shipping industry is increasingly vulnerable to cyber attackers seeking to exploit vulnerabilities in their interconnected systems, as more shipowners and ports adopt digitalisation to optimise operations.

There are thousands of ports around the world receiving more than 50,000 commercial vessels, making over 5 million port calls per year. 

More of these ships and ports are connected to the Internet and online applications, leaving them vulnerable to cyber threats. Shipping companies and organisations are increasingly the victims of criminal cyber attacks over the last few years and recent victims include the International Maritime Organisation’s (IMO) headquarters in London. 

Recent attacks hit the world’s second, third and fourth-largest container lines, Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation. Now, the implementation and control of cyber security has been highlighted as a key aspect of safety by the IMO as technology becomes essential in ship operations. 

International shipping transports more than 80 per cent of global trade to peoples and communities all over the world and is considered the most efficient and cost-effective method of international transportation for most goods, providing a dependable, low-cost means of transporting goods globally, facilitating commerce and helping to create prosperity among nations and peoples but now cyber-attacks are a real risk to shipping.

To mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets" says Andy Powel CISO of AP Moller-Maersk, who thinks that shipping companies should ensure they know how to recover their business after an attack. “Understand the risks and threats, and that you cannot fix everything.... You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees to the recent Inmex SMM Virtual Expo 

The world relies on a safe, secure and efficient international shipping industry, and this is provided by the regulatory framework developed and maintained by IMO. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping those developments,”  Wu Shengwei, head of shipping and technical advisory for DNV GL told confernce delegates.

The transformation towards smart shipping means that technology permeates many aspects of ship operations. Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping, including bridge systems, cargo handling, propulsion, machinery management systems, power control systems and administrative and crew welfare systems.  With the process of digitalisation accelerated by the Covid-19 pandemic maritime cyber attacks have become more common in 2020,  not only in shipping, but worlwide.

In recognition of this, the IMO will require that the cyber security risks be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance with effect from 1 January 2021.

While systems can be protected and recovered using IT systems, it is important  that the human participants have an understanding of  the risks associated with the operation of critical systems and that mariners get the training they need to practice good cyber discipline in the maritime industry.

IMO:        SeaTrade-Maritime:           RivieraMM:    BIMCO:      SeaTrade-Maritime:         RivieraMM:

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Data Breaches: 40% of SME Employees Think They Will Be Blamed
Connected Devices Must Be More Secure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Interlock

Interlock

Interlock are building blockchain-based security products that solve legacy web2 security issues - phishing and social engineering.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.