Maritime Cyber Security Needs Shipping Companies to Focus

Uploaded on 2021-01-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyber-attacks, however cyber attacks have increased. 
 
The seaborne shipping industry's growing use of industrial control systems (ICS) and satellite communications has given hackers an entire new range of opportunities and cyber protection for shipping is lagging behind many other sectors, just as the threat profile has grown .
 
With  a  majority  of  the  world’s  goods  traveling  through  sea  lanes,  it  is  crucial for members of the maritime industry to understand the risks associated with the maritime  cyber  domain. Cyber security threats to shipping can be malicious actions such as hacking or infection of systems with malware or vessels lacking software maintenance, faulty user permissions, unauthorised access to systems and weak passwords. 
 
Regardless if malicious or benign, both above actions should be taken seriously as credible threats to vulnerabilities in IT or OT systems that can comprise an entire vessel and its crew and the incidence of attacks has increased markedly since the onset of the Coronavirus pandemic.
 
The maritime shipping industry's vulnerability has never been greater as the industry embraces digital transformation continues to accelerate , providing many more opportunities for hackers.
 
The disastrous SolarWinds malware attack, widely thought to be state-sponsored, is estimated to have infiltrated more than 18,000 targets with malicious code which initially lay dormant for some weeks and many leading US ad international companies companies are thought to have been attacked, as well as US Government departments and Microsoft. There is no reason to think that the maritime industry is unaffected and against this  background  of heightened risk and industry experts say that shipping needs to change its thinking. “We need to think security, not just compliance,” said Ben Densham, CTO of Nettitude, a cyber security company owned by Lloyd’s Register at a recent event.
 
Densham stressed the importance of continuous testing of cyber resilience. As remote connectivity and varying degrees of autonomy transform many long-established shipping business models, companies must focus on cyber risks and their possible impact, he said, because they pose a constant threat that runs through all aspects of business. Both cybersecurity and cyber safety are very important because of their potential effect on personnel, the ship, environment, company and cargo. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and operations technology.
 
The US Government has recognised that although cyber security standards and frameworks are widely available, maritime and shipping businesses often lack the resources or expertise to implement them effectively, leaving them open to vulnerabilities which can be exploited to disrupt operations. 
 
To mitigate these risks, the following actions are planned to be activated:
  • Identify gaps in legal authorities and de-conflict government roles and responsibilities for the implementation of maritime cyber security standards.
  • The US Coast Guard will analyse cyber security reporting guidance between 2016 and 2020 to identify trends and attack vectors. The analysis will increase maritime sector situational awareness and decrease maritime cyber risk.
  • Develop and implement mandatory contractual cybersecurity requirements for maritime critical infrastructure owned, leased, or regulated by the Government to decrease cyber security risk because of supply chain attacks.
  • Develop procedures to identify, prioritise, mitigate, and investigate cyber security risks in critical onboard and shore-based systems.
 
Tripwire:    Seatrade-Maritime:     ICS Shipping:     MissionSecure:   Adv-Polymer:    CalhounNPS:   Image: 
 
You Might Also Read: 
 
Maritime Shipping Is A Prime Target In 2021:
 
 
« Cyber Criminals Publish Stolen Files
5G Could Be A Cyber Security Revolution »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.

Styx Intelligence

Styx Intelligence

Styx Intelligence’s platform provides visibility and supports remediation against threats targeting your digital assets.

CheapSSLWEB

CheapSSLWEB

Buy SSL Certificates for your Website at Affordable Prices – Save Up to 90%