(www.MaritimeCyprus.com) As the world becomes increasingly connected, the threat of cyber attacks on ships and shipping companies also increases. In this blog, we will explore the current cyber security landscape in the maritime industry, the differences between IT and OT systems, common cyber threat actors, common types of cyber threats, and strategies to increase vessel cybersecurity and manage cyber risks.
What is maritime cybersecurity?
Maritime cybersecurity refers to the protection of vessels and the systems they use from cyber attacks. It is the comprehensive approach of implementing security procedures, concepts, guidelines, risk management approaches, training, best practices, and technologies to protect maritime organizations and their vessels.
Maritime cybersecurity is becoming more important with the increased ship connectivity and reliance on digital solutions. The connectivity increases the risk of cyber attacks, which can have significant consequences for ships, crews and shipping companies. As a result, governments, industry groups, and shipping companies are investing in maritime cybersecurity measures such as network security, incident response planning, and employee training. The ultimate goal of maritime cybersecurity is to guarantee the safe and secure operations of ships and the security of sensitive information and assets.
What are the differences between IT and OT systems in the maritime industry?
Operational technology (OT) is hardware and software that monitor and control vessel systems such as propulsion, steering, and cargo handling. OT primarily is responsible for the physical operation of the ship.
Information technology (IT) covers a wider range of solutions, which also include hardware and software. Examples of IT in maritime include email servers, databases, and planned maintenance systems (PMS).
Another key distinction between IT and OT systems is their security requirements. IT systems are mainly focused on protecting data and preventing unauthorized access, while OT systems are more focused on maintaining the safe and reliable operations of the ship.
Who are common cyber threat actors in maritime?
There are several different types of cyber threat actors that target the maritime industry. These include:
Individuals who are working or worked before in the company and still have authorized access to the systems. They may use that access to steal sensitive information or disrupt operations. Insiders may also cause accidental damage, e.g. by inserting a malware USB in board computer.
⟩⟩ Criminal groups
Individuals or groups that act for financial gain. They may target the maritime industry to steal sensitive information or disrupt operations in order to squeeze money from ship operators or other companies.
⟩⟩ Cyber terrorists
Individuals or groups may target the maritime industry as part of a wider campaign to disrupt critical infrastructure, creating unstable and chaotic situations.
⟩⟩ State or state-sponsored organizations
Individuals or groups that are funded or supported by a government. They usually have access to advanced tools and resources and may target the maritime industry as part of a larger espionage or sabotage campaign.
These groups may overlap and work together, and that the maritime industry is not only targeted by cyber actors but also physical threat actors.
What are common types of cyber threats in maritime?
There are several different types of cyber threats that can target the maritime industry, including:
This is a type of cyber attack when the attacker is pretending to be from a legitimate source, e.g. an onshore team member, and trying to fraud the recipient to provide sensitive information or pushing to click a link which looks authentic but actually contains malware.
It is malicious software that can be exploited to get access to sensitive information, disrupt operations, or gain unauthorized access to systems. Examples of malware that can target the maritime industry include ransomware, which encrypts ship's data and mandates payment to restore access, and remote access trojans (RATs), which allow an attacker to control systems remotely.
⟩⟩ Brute-force attacks
It is a type of cyber attack when an attacker tries various combinations of characters to guess a password or other authentication credentials. Often, crews may share the same account for multiple functions on the ship, therefore, getting unauthorized access may cause dangerous consequences.
⟩⟩ Distributed Denial of Service (DDoS) attacks
These attacks increase traffic to systems multiple times to the aim to disrupt functions or take the infrastructure offline.
⟩⟩ Advanced Persistent Threats (APTs)
Long-term cyber espionage campaigns are typically carried out by state or state-supported actors. They may target the maritime industry to get access to sensitive information or disrupt operations.
⟩⟩ Highly targeted attacks
These represent cyber-attacks that are intentionally designed to exploit a particular vessel or shipping company. They typically involve the combination of malware usage or social engineering tactics.
⟩⟩ Industrial Control Systems (ICS) attacks
This type is focused on exploiting or disrupting the control systems of ships, such as navigation or propulsion systems, which can have severe consequences on the ship's operations and the crew's safety.
Cyber threats are constantly evolving and new ones can appear in near time. With the increased use of digital solutions and increased connectivity, cybersecurity takes a significant place in the operations of shipping companies.
How to increase vessel cybersecurity: plan & strategies
A vessel cybersecurity plan is a set of procedures to protect a ship and its system from cyber threats. It is a comprehensive document that outlines the potential risks, vulnerabilities and impacts of a cyber incident and includes measures that will be taken in case of a cyber attack. Some common strategies to secure vessels from cyber threats include:
⟩⟩ Network segmentation
The strategy is about dividing a ship's network into smaller segments, which are isolated to limit the spread of malware or unauthorized access.
⟩⟩ Firewalls and intrusion detection/prevention systems
These include security measures to block unauthorized access and detect and prevent cyber-attacks.
⟩⟩ Patch management
This is the procedure of regular software updates and security patches to systems and devices on a ship to protect from known vulnerabilities.
⟩⟩ Employee training
Crew members should be aware of the risks and take measures to minimize being hacked.
⟩⟩ Identity management
Assign unique identity to physical person, for auditing, identification and authentication purposes. For example, each employee should use their email address to get access to the systems and not a common email that is shared with multiple employees.
⟩⟩ Incident response planning
This is a comprehensive plan that outlines every step that will be taken in the event of a cyber incident, including who will be responsible for reactive actions and how to communicate the updates.
⟩⟩ Risk assessment
This covers the process of identifying and evaluating the potential cyber risks and vulnerabilities to the ship and its systems.
⟩⟩ Regularly testing & monitoring
The process of running regular tests and monitoring the ship systems to detect any potential threats.
⟩⟩ White hat testing
The strategy of commissioning white hat hackers or white hat companies to test the systems and conduct penetration testing.
The vessel cybersecurity plan should be reviewed and updated regularly to ensure that it remains effective and up-to-me in securing the ship and its systems from cyber threats.
How to manage cyber risks?
A cyber risk management approach in the maritime industry represents a process of identifying, assessing, and mitigating potential cyber risks. The process typically involves several fundamental steps.
⟩⟩ Identify threats and vulnerabilities
This is the process of identifying the potential cyber risks to the ship, its network and its equipment, which covers both internal and external threats. This step may involve conducting a risk assessment to identify vulnerabilities and potential consequences.
⟩⟩ Assess risk exposure
This step involves conducting a risk assessment of potential vulnerabilities. This includes assessing the probability of a cyber incident and its potential impacts, such as data loss, disruption of operations, ship damage, or reputational damage to the shipping company.
⟩⟩ Develop and implement protective measures
Involves implementing measures and procedures to reduce or eliminate the identified cyber risks. This typically is represented by vessel cybersecurity plans and strategies.
⟩⟩ Monitor and respond
Constant monitoring of the vessel's systems and network, detection of any cyber dangers, and response with the required actions to recover from an incident.
⟩⟩ Review and update
Regularly reviewing the current cybersecurity state, updating standards and implementing best practices to minimize risks from existing and new cyber threats.
Therefore, the cyber risk management approach should be tailored to the specific needs of the shipping company and its fleet. This is an ongoing process, as the maritime industry is continuously evolving and adopting digital solutions.
Bonus: Cybersecurity checklist for vessels that can be implemented now
(based on best practices and Kaiko Systems experience)
⟩⟩ Password Management
- Update the admin password (always use a strong password) on critical systems and devices on your network.
- Update your passwords regularly and use multi-factor authentication, where applicable.
- Train your crew about cybersecurity. Explain how to store passwords, use multi-factor authentication and protect from phishing and other social engineering attacks.
⟩⟩ Network Security
- Eliminate access via the Internet to your critical infrastructure.
- Double-check all onboard Wi-Fi networks.
- Segment networks for your bridge, engine room, crew, and Wi-Fi on board.
- Eliminate unsecured wireless devices and services on your network.
⟩⟩ Equipment Security
- Update the software on your critical systems and devices
- Lock up USB ports on all ship systems
- Lock up your IT and OT equipment on the ship
Cybersecurity must be an essential part of any maritime organization’s risk management strategy. With a comprehensive plan to address the cybersecurity landscape, maritime companies can better protect their vessels, cargo and crew from cyber threats. Furthermore, by implementing best practices and a checklist provided by Kaiko Systems, shipping companies can ensure that the important aspects of maritime cybersecurity are taken into account.
About Kaiko Systems
Kaiko Systems allows safer, smarter, and more collaborative technical operations. With Kaiko Systems, inspections and maintenance are digitized and verified, enabling shore teams to have data-driven insights, streamline findings, and manage off-hire risks proactively. Hundreds of vessels managed by Columbia Shipmanagement, C Transport Maritime, and USC Barnkrug are now confident with their vessel conditions. Learn more about Kaiko Systems.