Secure A Ship can provide you with solutions for Cyber Security
Cyber threats in the shipping industry can be divided into five major types, Threats to
Ships and safe navigation
Cargo tracking systems
Marine Radar systems
Automatic Identification systems
We can help in developing and implementing such policies that will require a top down approach within a company. At the most basic level a company should:
Set strong user access controls
Set strong network access controls
Perform regular backups
Keep software up to date
Training employees on how to recognize cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are further steps a company should consider.
Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are the two most strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation!
ENISA has published the first EU report ever on cyber security challenges in the Maritime Sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cyber security.
The high-level recommendations are given for addressing these risks, Cyber threats are a growing menace, spreading to all industry sectors that relying on ICT systems. Recent deliberate disruptions of critical automation systems, such as Stuxnet, prove that cyber-attacks have a significant impact on critical infrastructures.
Disruption of these ICT capabilities may have disastrous consequences for the EU Member States governments and social wellbeing. The need to ensure ICT robustness against cyber-attacks is thus a key challenge at national and pan-European level.
Some key findings of the report
Maritime cyber security awareness is currently low, to non-existent. Member States are thus highly recommended to undertake targeted maritime sector awareness raising campaigns and cyber security training of shipping companies, port authorities, national cyber security offices, etc.
Due to the high ICT complexity, it is major challenge to ensure adequate maritime cyber security. A common strategy and development of good practices for the technology development and implementation of ICT systems would therefore ensure security by design for all critical maritime ICT components.
As current maritime regulations and policies consider only physical aspects of security and safety, policy makers should add cyber security aspects to them.
We strongly recommend a holistic, risk-based approach; assessment of maritime specific cyber risks, as well as identification of all critical assets within this sector.
As maritime governance is fragmented between different levels (i.e. international, European, national), the International Maritime Organisation together with the EU Commission and the Member Statesn should align international and EU policies in this sector.
Better information exchange and statistics on cyber security can help insurers to improve their actuarial models, reduce own risks, and thus offering better contractual insurance conditions for the maritime sector.
Information exchange platforms, such as CPNI.NL, should be also considered and by Member States to better communications.
SECURE A SHIP – MARITIME CYBER SECURITY
However, whilst the maritime industry might not seem a likely target, reports of successful cyber-attacks are not unknown. Take, for example, the Port of Antwerp, where hackers working with a drug-smuggling gang repeatedly breached digital tracking systems to locate containers holding large quantities of drugs. They then dispatched their own drivers to retrieve the containers ahead of the scheduled collection time.
After two years, the operation was eventually shut down and there were no major repercussions for the Port of Antwerp or the companies involved. However, according to security experts at Trend Micro, these companies were extremely fortunate. Using the same techniques, it would not be difficult for criminals to cause chaos at sea. By simply accessing and manipulating a vessels AIS, hackers could prevent ships from providing movement information, cause AIS users to detect vessels in false locations or make “phantom” structures or vessels appear.
Other examples of an industry at risk include a drilling rig being hacked and forced to suspend operations, as well as a container lines entire database of cargo information, including container number, location, place of origin, being erased. Furthermore, instances of maritime and offshore companies that have potentially fallen victim to cyber-attacks may be under-reported, as companies may fear appearing to have allowed confidential information to be compromised.