Maritime Cyber Security Needs Shipping Companies to Focus

Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyber-attacks, however cyber attacks have increased. 
 
The seaborne shipping industry's growing use of industrial control systems (ICS) and satellite communications has given hackers an entire new range of opportunities and cyber protection for shipping is lagging behind many other sectors, just as the threat profile has grown .
 
With  a  majority  of  the  world’s  goods  traveling  through  sea  lanes,  it  is  crucial for members of the maritime industry to understand the risks associated with the maritime  cyber  domain. Cyber security threats to shipping can be malicious actions such as hacking or infection of systems with malware or vessels lacking software maintenance, faulty user permissions, unauthorised access to systems and weak passwords. 
 
Regardless if malicious or benign, both above actions should be taken seriously as credible threats to vulnerabilities in IT or OT systems that can comprise an entire vessel and its crew and the incidence of attacks has increased markedly since the onset of the Coronavirus pandemic.
 
The maritime shipping industry's vulnerability has never been greater as the industry embraces digital transformation continues to accelerate , providing many more opportunities for hackers.
 
The disastrous SolarWinds malware attack, widely thought to be state-sponsored, is estimated to have infiltrated more than 18,000 targets with malicious code which initially lay dormant for some weeks and many leading US ad international companies companies are thought to have been attacked, as well as US Government departments and Microsoft. There is no reason to think that the maritime industry is unaffected and against this  background  of heightened risk and industry experts say that shipping needs to change its thinking. “We need to think security, not just compliance,” said Ben Densham, CTO of Nettitude, a cyber security company owned by Lloyd’s Register at a recent event.
 
Densham stressed the importance of continuous testing of cyber resilience. As remote connectivity and varying degrees of autonomy transform many long-established shipping business models, companies must focus on cyber risks and their possible impact, he said, because they pose a constant threat that runs through all aspects of business. Both cybersecurity and cyber safety are very important because of their potential effect on personnel, the ship, environment, company and cargo. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and operations technology.
 
The US Government has recognised that although cyber security standards and frameworks are widely available, maritime and shipping businesses often lack the resources or expertise to implement them effectively, leaving them open to vulnerabilities which can be exploited to disrupt operations. 
 
To mitigate these risks, the following actions are planned to be activated:
  • Identify gaps in legal authorities and de-conflict government roles and responsibilities for the implementation of maritime cyber security standards.
  • The US Coast Guard will analyse cyber security reporting guidance between 2016 and 2020 to identify trends and attack vectors. The analysis will increase maritime sector situational awareness and decrease maritime cyber risk.
  • Develop and implement mandatory contractual cybersecurity requirements for maritime critical infrastructure owned, leased, or regulated by the Government to decrease cyber security risk because of supply chain attacks.
  • Develop procedures to identify, prioritise, mitigate, and investigate cyber security risks in critical onboard and shore-based systems.
 
Tripwire:    Seatrade-Maritime:     ICS Shipping:     MissionSecure:   Adv-Polymer:    CalhounNPS:   Image: 
 
You Might Also Read: 
 
Maritime Shipping Is A Prime Target In 2021:
 
 
« Cyber Criminals Publish Stolen Files
5G Could Be A Cyber Security Revolution »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

Cybots Pte Ltd

Cybots Pte Ltd

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.