Ways to Improve Cyber Resilience in Shipping and Maritime Industry
This is a guest post by Jane Boyd.
Maritime and shipping organizations are facing an increasing number of malicious cyber attacks. In the past couple of years, we have witnessed a series of events that affected both shipping companies and ports. Cyber resilience refers to an organization’s ability to deal with this type of attack. Despite the IMO’s requirement to build cyber resilience in the shipping and maritime industry by 2021, cybercriminals are not slowing down.
The Shipping Industry Is an Attractive Target
The shipping industry is a $4 trillion global industry in charge of transporting 80% of the world’s energy, goods, and commodities. Many sectors across the globe depend on it. Thus, when an ocean freight carrier goes through a crisis, many related industries can potentially feel the consequences as well. As a lucrative and powerful industry, shipping has become susceptible to persistent cyber attacks.
As technology continues to develop, more and more ships are using systems that rely on digitalization, digitization, integration, and automation. Information technology and operational technology onboard ships are often connected to the internet. As a result, the risk of illegal access to ships’ systems and networks has grown. Another way to endanger the systems is by introducing malware through removable media. Considering the severity of the risks, cyber risk management is more important than ever.
Maritime Cyber Attacks Are Becoming More Frequent
Many major international shipping players have been affected by this issue. Cruise operator Carnival Corp is one of the latest victims. They reported data files being stolen. The attack included illegal access to guests’ and employees’ personal information. To make things worse, this attack may lead to potential claims from employees and guests. The shipping company MSC was also recently hit by malware, and the attack resulted in closing the shipowner’s headquarters for five days. The latest cyber attack victim is the International Maritime Organization (IMO). So far, there is no indication of a connection between the cyber attack on the IMO and the attack on CMA CGM that happened in the same week.
Securing The Operational Technology (OT) Systems
Making the Operational Technology systems secure has relatively recently become vital for the maritime and shipping industry. The IMO has emphasized the need to secure the OT systems, demanding that all maritime administrators adequately address the cyber security risk of their Safety Management Systems by the end of the year.
All ports and terminals have become attractive targets for cybercriminals. Cyber threats that threaten to disturb the maritime operational stability and delay cargo delivery come with additional risks, as infected systems can harm navigation or propulsion, thus putting the safety of the ship and the marine environment at risk. Understanding one’s weaknesses and being prepared for a growing number of cyber threats against port operators and shipping companies is an essential first step. Knowing how you are being targeted is key to an appropriate defense tactic.
It’s Time To Step Up – Traditional Cyber Security Is Insufficient
Thanks to modern technology, the amount of information transmitted from ship to shore has drastically increased. Failing to maintain cyber security and cyber safety could potentially have a harmful effect on the environment, ship, personnel, shipping company, and cargo. Many operators still rely on traditional cyber security. However, the firewalls and software protecting the IT cannot secure individual systems within the OT network. For instance, installing an antivirus on a vessel bridge navigation system (ECDIS) could quickly harm and hinder the system’s performance.
Having security systems like firewalls and detection systems as protection against service attacks and other malware is a vital precaution measure. Still, it is not enough to defend organizations against sophisticated attacks. Proactive cyber security risk management is what every shipping company needs in this day and age. International shipping organizations have started recognizing the importance of cyber resilience in shipping and maritime industry and creating their own cyber risk management strategies. However, due to the lack of definitive information regarding attacks, cyber risk management is more challenging.
Due to traditional cyber security being insufficient, cyber resilience in shipping and maritime industry has become a necessity over the past few years. Cyber resilience is a combination of cyber security and business resilience. The aim of cyber resilience programs is to detect, assess, and address cyber safety risks. The goal is to prevent incidents before they cause irreparable damage and jeopardize the safety of a company’s operational processes. Expecting to avoid every cyber attack is not realistic, especially as they become more frequent and severe. However, with a good incident response management strategy, you can ensure business continuity and proceed with your operations in spite of a cyber incident.
To Sum Up…
Any individual and any company can fall victim to cyber attacks. No industry is safe, and shipping and maritime is no exception. However, timely and thorough preparation can significantly reduce the risks. Malicious cyber attacks cannot be fought with traditional cyber security measures. That is where cyber resilience in shipping and maritime industry steps in. Cyber security and cyber safety protect the environment, company, personnel, ship, and cargo. The role of cyber security is to guard the OT, IT, information, and data from illegal access and manipulation. Cyber resilience in the maritime and shipping sector helps a company have a defense strategy against cyber attacks, reduce the intensity of those attacks, and continue its operations despite the attack. What shipping companies and port operators should focus on is not avoiding every potential attacker, but minimizing the consequences of their attacks.
This was a guest post by Jane Boyd.
Jane Boyd has been working as a writer and editor since 2008. Today, she writes for Purple Heart Moving Group mostly covering current events relating to moving, storage, and similar industries.