2017 has been awakening call due to the back to back attacks by ransomware like WannaCry & NotPetya. Many shipping companies were duped of thousands of dollars and a lot of data was lost. This alarming situation has made us realize that it is important to be aware of cyber threats in the maritime industry.
Gathering knowledge about it is the first step and improving cybersecurity comes second. So, in this post, we have listed cyber threats & vulnerabilities in the maritime industry, pre-assessment checklist along with the suggestions to improve cybersecurity.
How to identify the Maritime Industry Cybersecurity threats ?
The first and foremost step to handle a cybersecurity risk is recognizing and identifying the vulnerabilities. So, before moving forward, you need to make sure that you have created an environment where employees can share their opinions. This activity is going to provide the honest feedback about the hardware and the management can get the key information.
Here are the Cybersecurity agendas focus on 5 key elements:
Locate the loopholes:
Locating and recognizing the information, systems, assets, data, and capabilities which can easily be disrupted and become a threat to ship operations.
Perform various processes to control the risk and threats. It is also important to plan to make sure to continue the shipping operations at the time of an emergency.
Track or Detect:
The various approaches and strategies are required to track and detect a cyber activity the moment it is instated.
If any cyber event occurs in the shipping operations then a counter plan should be ready to protect the system information & to restore and run backup systems.
In order to recover and get back to basics, it is important to identify the measures to make the entire system work effectively.
Now, let’s have a look on the pre-assessment checklist that should be considered and performed before any third-party security audit:
- The major pre-assessment that should be performed is Map the organization along with the ship’s key system and functions.
- Detect the basic and major producers of crucial shipboard Information Technology and other onboard equipment.
- Go through the essential credentials and documentation those are related to maritime systems and crucial Information Technology.
- Built the relation and bonds with all manufacturers and develop working relationships.
- Evaluate the information on the ship’s maintenance and support records.
Once performing the above-mentioned tasks, hopefully, you will figure out the loopholes and the area of weakness that can create an issue for you.
These are some of the basic and general cybersecurity vulnerabilities and threats are found in a corporate environment. So, let’s have a look at the general vulnerabilities:
- Using the unsupported and Obsolete operating systems and equipment.
- Relying on the non-operational or outmoded antivirus software.
- Unimplemented best practices.
- Restricted or poor security configurations.
- Lack of adequate network segmentation in shipboard computer networks.
- Limited boundary protection.
- The absence of security especially for critical equipment.
- Inadequate security for systems that are always connected to the shore.
- Poor access controls for third parties such as service providers, manufacturers, contractors.
How to Improve Cybersecurity?
To improve cybersecurity in the maritime industry, we need to take a holistic approach to effective results:
1. Skills Development
Focus on learning, and behavior.
The first important thing is to raise the awareness about the threats and its improvement by providing various training and meetings.
Focus on rules, strategies, practices and risk assessments.
It is important to associate cyber risk with current security and risk management needs included in the ISPS and ISM Codes.
Contain Needs such as operation, training and preservation of cyber systems in documentation on-board.
3. Information Technology Systems
Focus on security using antivirus, firewalls, and encryption.
It is important to make sure that proper safety and security is given at all the levels of the organization, be it senior manager or the crew onboard to ensure the security is on-board for each person.
After the continuous attack in the shipping industry, it seems like now attackers are keeping their eyes on shipping industry as well. The safest way to protect ships from the cyber threats are that organizations should go along with the International Maritime Organization approved advice on cyber risk management.
We hope now you know what are the cyber threats & vulnerabilities in the maritime industry and how to improve cybersecurity.