Maritime Cyber Security Needs Shipping Companies to Focus

Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyber-attacks, however cyber attacks have increased. 
 
The seaborne shipping industry's growing use of industrial control systems (ICS) and satellite communications has given hackers an entire new range of opportunities and cyber protection for shipping is lagging behind many other sectors, just as the threat profile has grown .
 
With  a  majority  of  the  world’s  goods  traveling  through  sea  lanes,  it  is  crucial for members of the maritime industry to understand the risks associated with the maritime  cyber  domain. Cyber security threats to shipping can be malicious actions such as hacking or infection of systems with malware or vessels lacking software maintenance, faulty user permissions, unauthorised access to systems and weak passwords. 
 
Regardless if malicious or benign, both above actions should be taken seriously as credible threats to vulnerabilities in IT or OT systems that can comprise an entire vessel and its crew and the incidence of attacks has increased markedly since the onset of the Coronavirus pandemic.
 
The maritime shipping industry's vulnerability has never been greater as the industry embraces digital transformation continues to accelerate , providing many more opportunities for hackers.
 
The disastrous SolarWinds malware attack, widely thought to be state-sponsored, is estimated to have infiltrated more than 18,000 targets with malicious code which initially lay dormant for some weeks and many leading US ad international companies companies are thought to have been attacked, as well as US Government departments and Microsoft. There is no reason to think that the maritime industry is unaffected and against this  background  of heightened risk and industry experts say that shipping needs to change its thinking. “We need to think security, not just compliance,” said Ben Densham, CTO of Nettitude, a cyber security company owned by Lloyd’s Register at a recent event.
 
Densham stressed the importance of continuous testing of cyber resilience. As remote connectivity and varying degrees of autonomy transform many long-established shipping business models, companies must focus on cyber risks and their possible impact, he said, because they pose a constant threat that runs through all aspects of business. Both cybersecurity and cyber safety are very important because of their potential effect on personnel, the ship, environment, company and cargo. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and operations technology.
 
The US Government has recognised that although cyber security standards and frameworks are widely available, maritime and shipping businesses often lack the resources or expertise to implement them effectively, leaving them open to vulnerabilities which can be exploited to disrupt operations. 
 
To mitigate these risks, the following actions are planned to be activated:
  • Identify gaps in legal authorities and de-conflict government roles and responsibilities for the implementation of maritime cyber security standards.
  • The US Coast Guard will analyse cyber security reporting guidance between 2016 and 2020 to identify trends and attack vectors. The analysis will increase maritime sector situational awareness and decrease maritime cyber risk.
  • Develop and implement mandatory contractual cybersecurity requirements for maritime critical infrastructure owned, leased, or regulated by the Government to decrease cyber security risk because of supply chain attacks.
  • Develop procedures to identify, prioritise, mitigate, and investigate cyber security risks in critical onboard and shore-based systems.
 
Tripwire:    Seatrade-Maritime:     ICS Shipping:     MissionSecure:   Adv-Polymer:    CalhounNPS:   Image: 
 
You Might Also Read: 
 
Maritime Shipping Is A Prime Target In 2021:
 
 
« Cyber Criminals Publish Stolen Files
5G Could Be A Cyber Security Revolution »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

Acuity Risk Management

Acuity Risk Management

Acuity Risk Management helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

MindForge Group

MindForge Group

MindForge invests into promising companies who offer innovative solutions to modern challenges. We have a deep knowledge in the fields of AI, big data, location intelligence, cyber security.

Bridgecrew

Bridgecrew

Secure public cloud infrastructure. Our platform automates security engineering, allowing teams to automatically fix configuration errors in AWS, CloudFormation and Terraform.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.