Maritime Cyber Security Goes Critical

The maritime shipping industry is increasingly vulnerable to cyber attackers seeking to exploit vulnerabilities in their interconnected systems, as more shipowners and ports adopt digitalisation to optimise operations.

There are thousands of ports around the world receiving more than 50,000 commercial vessels, making over 5 million port calls per year. 

More of these ships and ports are connected to the Internet and online applications, leaving them vulnerable to cyber threats. Shipping companies and organisations are increasingly the victims of criminal cyber attacks over the last few years and recent victims include the International Maritime Organisation’s (IMO) headquarters in London. 

Recent attacks hit the world’s second, third and fourth-largest container lines, Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation. Now, the implementation and control of cyber security has been highlighted as a key aspect of safety by the IMO as technology becomes essential in ship operations. 

International shipping transports more than 80 per cent of global trade to peoples and communities all over the world and is considered the most efficient and cost-effective method of international transportation for most goods, providing a dependable, low-cost means of transporting goods globally, facilitating commerce and helping to create prosperity among nations and peoples but now cyber-attacks are a real risk to shipping.

To mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets" says Andy Powel CISO of AP Moller-Maersk, who thinks that shipping companies should ensure they know how to recover their business after an attack. “Understand the risks and threats, and that you cannot fix everything.... You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees to the recent Inmex SMM Virtual Expo 

The world relies on a safe, secure and efficient international shipping industry, and this is provided by the regulatory framework developed and maintained by IMO. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping those developments,”  Wu Shengwei, head of shipping and technical advisory for DNV GL told confernce delegates.

The transformation towards smart shipping means that technology permeates many aspects of ship operations. Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping, including bridge systems, cargo handling, propulsion, machinery management systems, power control systems and administrative and crew welfare systems.  With the process of digitalisation accelerated by the Covid-19 pandemic maritime cyber attacks have become more common in 2020,  not only in shipping, but worlwide.

In recognition of this, the IMO will require that the cyber security risks be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance with effect from 1 January 2021.

While systems can be protected and recovered using IT systems, it is important  that the human participants have an understanding of  the risks associated with the operation of critical systems and that mariners get the training they need to practice good cyber discipline in the maritime industry.

IMO:        SeaTrade-Maritime:           RivieraMM:    BIMCO:      SeaTrade-Maritime:         RivieraMM:

You Might Also Read:

Why Real-Time Data Matters To The Maritime Industry:

 

« Data Breaches: 40% of SME Employees Think They Will Be Blamed
Connected Devices Must Be More Secure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies is a software company specializing in trusted computing products and services.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Kingston Technology

Kingston Technology

Kingston is a leading global manufacturer of memory and storage solutions including encrypted storage solutions to protect data inside and outside the firewall.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).