23 Mar 2022
Cyber Security in the Shipping Industry
Data security and safety are among the biggest concerns of today's industrial world in the information age, and the shipping industry is not untouched by it. You must have heard about the cyberattack on some big IT companies. Despite the fact that some of them secure the data from other big corporations, they are attacked. The reason is that simple businesses cannot provide the level of cyber security required to cope with current security threats. We have recently heard that companies like Colonial Pipeline, Brenntag, Acer, Quanta, NBA, etc., have been cyberattacked in 2021. These are some prominent companies; besides, countless companies have been attacked through the internet but are not in the limelight. Any cyber-attack directly affects us because we are their customer directly or indirectly or in a similar business.
The Maritime OT Systems include:
Significant cybersecurity challenges in the Maritime SectorCybersecurity risks take advantage of the connection and complexity of critical IT (Informational Technology) and OT (Operational Technology) systems onboard ships, putting the ship's and crew's safety, as well as the cargo, at threat. So, it's evident that cybersecurity should be an integral aspect of the shipping industry's risk and management strategy. The significant cybersecurity threats include infecting vessel systems with malware, lack of software maintenance onboard vessels, improper user permissions, weak passwords, etc. All these actions should be taken seriously, as they are the major security threats to IT or OT systems vulnerabilities. Let's take a look at OT and IT Maritime systems.
The Maritime OT Systems include:
- Vessel Integrated Navigation System (VINS) that allows ships to navigate
- The GPS (Global Positioning System), a satellite navigation system
- Satellite communications that include Radar systems and electronic charts
- Automatic Identification system
- Planned Maintenance
- Administration, Crew lists, and Accounts
- Certificates and manuals in electronic format
- Work Permit
- Charter party, a notice of readiness
- Spares management and requisitioning
- They are in charge of real-time performance, and they must respond quickly to any events to maintain the systems' high dependability and availability.
- Access should be closely monitored while maintaining the necessary human-machine interaction.
- Safety is paramount because downtime at even a single point may not be acceptable.
- They have a lengthy lifespan. Any upgrades must be carefully prepared and implemented (usually by the vendor).
- They're made to help you do a specific task. As a result, they may be unable to support the addition of security features due to a lack of memory and processing resources.
Common Security Threats in Maritime IndustryThe most prevalent cyber vulnerabilities in the maritime industry detected existing onboard ships.
- Obsolete or missing Antivirus software as well as malware protection
- Outdated Operating systems that are no longer supported.
- Shipboard computer networks, which lack network segmentation and boundary protection features
- There are inadequate access controls for third parties, such as contractors and service providers, to safety-critical equipment or systems that are always connected to the shore-side.
- Encryption of the data onboard the vessel and inability of the vessel to use loading systems to conduct cargo operations safely.
- Migration of the virus to the shore servers to spread the infection and probably hold Company data to ransom
- Cargo Management Systems: Because they are incorporated into the ship's electronic data systems, systems used for cargo loading and unloading, as well as cargo management and control, are vulnerable to cyber-attacks.
- Bridge Systems: As the usage of electronic navigational equipment grows, bridge systems are becoming increasingly vulnerable to cyber threats, as many of the interfaces interact with onshore computers or systems.
- Electronic programs that regulate the physical operations of the ship: Systems such as propulsion, machinery, and power control systems can fall victim to a cyber attack and jeopardize ship control, especially when connected to remote condition-based monitoring and integrated with navigational systems.
- Passenger Service and Management Systems: Passenger data is stored in property management, boarding, and access systems. Handheld tablets, scanners, and other devices send the information they capture to a larger server, which might be hacked.
- Passenger facing Public Networks: The public network on ships ensures its availability for passengers and crew's personal use, but it should be kept distinct from any non-personal systems. It is vulnerable to cyber-attacks. On insecure networks, passengers and crew should be cautious about the websites they access.
- Communication Networks: The internet or satellite communication systems can make a ship's systems more vulnerable. Though service providers possess counter-measures in place to protect themselves from cyber-attacks,