Cyber Security Characteristics of the Maritime Industry
Cybersecurity is crucial due to its potential impact on personnel, vessels, the environment, companies, and cargo. It involves protecting IT platforms, operational technology (OT) platforms (including hardware and software that directly monitor/control physical equipment and processes, often on ships), and information/data from unauthorized access, manipulation, and destruction.
Cyber incidents can arise from:
- Cybersecurity breaches affecting the availability and integrity of OT, such as corrupted chart data in ECDIS (Electronic Chart Display and Information System).
- Unintended system failures during maintenance and patching processes, such as using an infected USB drive during maintenance.
- Loss or manipulation of external sensor data (critical for vessel operations), including but not limited to Global Navigation Satellite System (GNSS), where Global Positioning System (GPS) is most frequently used.
- System failures due to software crashes and/or “bugs” in software.
- Crew interactions with phishing attempts, a common attack vector, leading to data loss and malware introduction into onboard systems.
The maritime industry has several characteristics that affect its vulnerability to cyberattacks, including:
- Multiple stakeholders in vessel operations and chartering can lead to a lack of accountability for IT infrastructure, OT platforms, and shipboard networks.
- Use of outdated IT and OT systems that are no longer supported or rely on obsolete operating systems.
- OT systems that cannot be patched or run unapproved antivirus software.
- Vessels communicate online with shore-based entities and other parts of the global supply chain.
- Shipboard equipment is monitored and accessed remotely, such as by manufacturers or service providers.
- Sharing critical business information, sensitive data, and commercially sensitive information with shore-based service providers, including ports and cargo handling companies, and possibly public authorities.
- Availability and use of critical systems for vessel safety and environmental protection, which may not have the latest patches or be properly secured.
- The need to further improve cybersecurity risk management culture, for example through training, formal exercises, and clarifying roles and responsibilities.
- Automation systems often include numerous subsystems from multiple vendors integrated by shipyards, which may not address network issues
These factors should be considered and included in the company’s cybersecurity policies and quality management systems.
The increasing use of comprehensive data analytics tools, smart vessels, and the Industrial Internet of Things (IIoT) will raise the volume of information available to threat actors and potential cyberattacks. This necessitates robust approaches to cybersecurity risk management.
Cybersecurity risk management should be an integral part of the company’s safety and security culture, benefiting the safe and efficient operation of vessels and being implemented at various levels of the company, including senior management ashore and crew onboard.
Cyber risk management should:
- Define roles and responsibilities for users, key personnel, and management ashore and onboard.
- Identify systems, assets, data, and capabilities that, if disrupted, could pose risks to vessel operations and safety.
- Implement technical measures and procedures to protect against cyber incidents, promptly detect incidents, and ensure operational continuity.
- Regularly perform contingency planning.
Aspects of cybersecurity risk management may involve sensitive or commercially confidential information, such as cybersecurity risk assessments and inventories of relevant hardware, software, and network diagrams. Therefore, companies should consider appropriately protecting this information and, where possible, avoid incorporating sensitive information into their quality management systems.
Ref: Seafarer Club