Maritime asset owners can reduce risk with improved cybersecurity and operational resiliency.

By Andrea Carcano

Transportation organizations are rapidly evolving to improve their service levels and efficiency. At the same time, safety has never been more important, with cyber threats on the rise. The World Economic Forum cites cyberattacks on critical infrastructure, including transportation, as the world’s fifth highest risk in 2020. The maritime industry in particular transports 90% of the world’s trade, and like other industries, is becoming increasingly connected, automated and remotely monitored. Shippers want to optimize voyages by track load conditions, fuel consumption. route positions, machinery performance and other operational functions. Rapid digitization is fueling the development of Maritime Autonomous Systems (MAS), where new generation ships can be remotely controlled from land. With this new connectively and automation comes new risk.

In September tug owners were warned to be on the lookout for cyberattacks and malware after a US tug was targeted with a phishing attack, the first ever involving a tug.  A week later, the website and applications for French shipping carrier CMA GCA were temporarily halted when its servers were hit with ransomware. Both attacks are grim reminders that even in maritime, threat actors are lurking.

A recent (SAS/BIMCO) Maritime Cyber Security Survey found 31% of organizations surveyed reported they had experienced a cyber incident in the 12 months, up from 22% in 2019. Others indicate cyberattacks on the maritime industry’s OT systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end.

The level of system visibility and cybersecurity maturity in this sector is relatively low. Many ships carry devices and systems that their operators aren’t aware of. Crews are not typically trained to identify phishing emails or manage network access control.

While dramatic situations like a vessel being capsized via hacking are not out of the realm of possibility, they are still unlikely. Disruptive events that are more likely to occur include employees or suppliers unintentionally causing cyber incidents, cyber criminals disrupting a company’s shipping operations or threat actors stopping ship-to-shore functions.

Crews constantly observe ship behavior and have the ability to employ manual or safety systems to correct performance that is out of normal range. Now, driven by the needs to reduce risk, comply with international shipping standards, and meet insurer requirements, shipping companies are investing in cyber resiliency.

Ship owners are improving the visibility and security of control systems on ships, in part due to international shipping standards.
Ship owners are improving the visibility and security of control systems on ships, in part due to international shipping standards.

An important capability lies in identifying maritime assets and their communications. Networks should be monitored for vulnerabilities, threats, and unusual behavior that could indicate a cyberattack. Just as water always flows downhill, cybercriminals will always attack at the weakest part of a system.

The best defense covers people, process and technology and has multiple reinforcing layers. From the “people” perspective, those using the system are oftentimes the weakest element, opting to click a link in an email that says “URGENT” or voluntarily giving up their credentials when somebody named “IT Support” asks. It’s important to make all crew members aware of the threat of phishing attacks, training them to recognize suspicious messages. It’s also important to continually train and complement the learning process with testing and reinforcement. To continue reinforcing protections against a real world phishing attack, organizations should consider providing added protections to email attachments and browser links. Additionally, implement two-factor authentication whenever possible to minimize the risk of stolen credentials.

Finally, be sure to have a robust security process and response plan in place to quickly find, contain and sanitize incidents as soon as possible should they happen. Gaining the visibility and monitoring capabilities necessary to stay on top of what’s happening on the network is also critical. Spotting and troubleshooting issues that threaten reliability requires real-time visibility. Technology is available to give asset owners the insight they need into their devices, connections, and communications. With the right technology and a focus on best practices, maritime organizations can increase operational resiliency.

andrea carcano nozomi networks
Andrea Carcano

Nozomi Networks Co-founder Andrea Carcano is an international expert in industrial network security, having published a number of academic papers on the subject. Carcano worked on the European Commission Power Plant Security Program, was a Senior Security Engineer for global oil and gas supermajor Eni, and most recently (through his work at Nozomi Networks) developed intrusion detection software for operational networks. In his current role at Nozomi Networks, Carcano is helping build a new generation of OT and IoT security solutions.

Contact:
www.nozominetworks.com
+1 800 314 6114