How reliant is your organization on the maritime industry?
Maritime cyber risk management is critical in getting more than 90% of the world’s products to their destinations.
In recent years, shipping has proven an attractive and lucrative target for cyber attackers. Between 2017 and 2020, cyber attacks on the industry increased by 900%, translating to roughly one incident on a ship per day.
Extremely disruptive incidents have occurred. For example, when China Ocean Shipping Company experienced an attack, it was forced to shut down its American IT network in order to prevent the spread of ransomware, leading to potential business continuity challenges.
Maritime cyber risk management
Maritime cyber risk management refers to the notion of protecting the technology operated by ports and vessels. Without proper risk management shipping-related operational, safety or security issues could occur, potentially resulting in information system compromise, data loss or data corruption.
Maritime cyber risk information
Earlier this week, international shipping and container transportation company Hapag-Lloyd warned the shipping community to remain alert regarding sophisticated phishing and spear phishing attacks that leverage fake domains.
Maritime cyber risk categories
For maritime transport groups, cyber security vulnerabilities can be divided into three distinctive categories. These are:
- Traditional computer systems
- Industrial control systems
- Communications protocols
Traditional computing systems
One concern is that Global Positioning Systems (GPS) or Automatic Identification Systems (AIS) rely on radio frequencies while ships are at sea. Radio frequencies are not encrypted, providing threat actors with opportunities for “spoofing”, which occurs when attackers feed ships fake coordinates. Maritime experts state that radios also connect to critical subsystems that control mechanical components of ships.
Another concern is around device connections to shore-based networks. When ships arrive in various ports, and connect with local Wi-Fi, if the network is not secure, a ship’s system may experience a cyber attack. Three major shipping companies have previously experienced ransomware attacks through this threat venue.
Industrial control systems
Within industrial control systems, maritime transporters worry about PLCs and SCADA systems, which have their own functional requirements, and which are often defended by highly specialized cyber security vendors.
Items that fall into this category include depth sounders, navigation instruments, engine instruments, nautical chart plotters and GPS receivers. In the event that hackers manage to coopt these networked systems, extreme consequences could occur.
Fighting maritime cyber crime
The urgency around defending maritime operations has never been greater. The following approaches can help maritime industry organizations remain secure:
Conduct a cyber risk assessment.
Ships with smart functionalities come at a cost. Risks should be assessed both physically and virtually, with a focus on inventory, control systems, data, and roles. If organizations lack the cyber security leadership in-house, or if additional perspectives are desired, third-parties can provide risk and compliance assessments.
Develop a maritime cyber security action plan.
Ensure that weaknesses/vulnerabilities are addressed and patched as needed. Involving all stakeholders in the development of related plans can help with obtaining support, budget, and a near-term timeline.
Leverage artificial intelligence.
Organizations only have so many staff members who can work to identify threats. Artificial intelligence can take on threat detection at-scale. With AI-based tools, organizations can have software working 24/7 to proactively take care of security needs.
Create new cyber security trainings.
Offer employees rich education and awareness opportunities that are tailored to your industry and that provide insights into phishing, physical security and social engineering.
Establish business continuity plans.
As your organization considers possible attack types, simultaneously develop detailed plans for leading your business through those kinds of attacks. In addition, determine how recovery operations would work, especially if internet access is temporarily limited or unavailable.
For more information about maritime cyber risk management and security controls, click here.