Maritime Cyber Risks and Security
As businesses rapidly start moving their workloads to the cloud, impact of Covid-19 is beyond just enabling remote working for employees. It has also increased cyber threats multi-fold for industries across the board.
One of the majorly impacted (and unlikely you’d think) sectors, is the maritime and shipping industry. On the contrary, the magnitude of impact of lack of appropriate Cyber Security systems is the highest on Shipping companies. These shipping and maritime companies have for long paid heavy prices for faults in their cyber security systems. How, you ask?
Here are a few incidents of cyber security attacks on Shipping companies:
- Research has shown that it is possible to change a vessel’s course by interfering and manipulating its GPS system and disrupt the navigation systems
- Not so long ago, a hacker removed containers with illegal drugs from a port, by accessing its cyber systems
- Somali pirates often use hacking to access cyber systems of ships and determine their route, valuable cargo information and on-board security, before finalising their hijack strategies
- The ever increasing number of devices connected to the internet are now vulnerable to being attacked
The International Maritime Organisation (IMO), via its Resolution MSC.428(98) has directed its members to assess and resolve cyber risks in their respective safety management systems and has made cyber security management onboard ships, mandatory as of 1 January 2021.
As per the IMO’s cyber risk management guidelines, “One accepted approach to achieve this, is to comprehensively assess and compare an organisation’s current, and desired, cyber risk management postures.
Such a comparison may reveal gaps that can be addressed to achieve risk management objectives through a prioritised cyber risk management plan. This risk-based approach will enable an organisation to best apply its resources in the most effective manner.”
So what are the potential threat points that can be exposed on-board a vessel or ship? We list a few, although not exhaustive list:
- Bridge systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
What makes Cyber Security particularly critical for the Shipping industry?
- Emerging technologies and digitisation, increasing dependencies on software systems for operations on and off sea. Lack of cyber security measures not only affect vessel operations, but also endanger the safety of on-board staff and crew
- Higher the number of integrated vessels, the higher the new threats which can remotely attack vessels and potentially gain access to or impact the vessel’s control systems
- Increasing cyber attacks make it difficult for company cyber security experts to monitor and keep threats at bay
- Mandatory guidelines such as the ones from IMO, that make compliance a long, cumbersome process, but equally necessary
Here’s a quick look at the numerous vulnerabilities that attackers can turn into opportunities for themselves:
- VSAT hacking using common login
- GPS jamming and spoofing
- AIS spoofing
- ECDIS ransomeware and chart spoofing
- Ransomeware on cruise ships migrated to control systems
- Malware Notpetya caused Maersk losses of $300 million
- Hacking of cargo tracking systems for smuggling purposes
- Loss of main switchboard, due to ransomeware
- PMS system shore and vessel attack
- Pirate attacks facilitated by cyber attacks
At CodeCulture Technologies, we offer a range of Managed Security services, such as testing your cyber systems such as for vulnerabilities, implementing anti-DDoS firewalls to protect you against ICMP floods, penetration testing to simulate a real attack, cyber risk assessments, or, securing your communication channels.
With extensive experience in various aspects of Cyber Security, CodeCulture Technologies and its partner ecosystem has the experience to design custom security strategies for the maritime industry.