Most ship cyber security breaches are due to human error. However, this situation can easily be avoided by implementing today’s technology and policies to prevent crews from inadvertently infecting shipboard systems.
This was one of the key messages from a maritime cyber conference held in London recently, at which delegates were informed of the potentially catastrophic consequences when operational technologies were hacked.
“The problem is that when crew or operators use USB sticks to upload system files or log on using their own mobile phones, laptops and tablets or open an infected email, they can potentially upload a malware virus or worse,” Naval Dome CEO, Itai Sela, told delegates attending the European Maritime Cyber Risk Management Summit dated on 15 June 2018.
As 150 mill emails are sent globally every minute by more than 4 bill Internet users, it is safe to assume that some of these will be infected and opened by unsuspecting crew members.
“The biggest issue is the internal attack and the human element is definitely part of the problem. Crew training alone is not a solution,” said Sela. “Also, when a technician boards a vessel and connects a laptop or equipment directly to the ECDIS or Radar to fix or service these systems, can they verify their own systems are secure and have not been infected?” he asked.
But there is also an external threat, he warned. “Since headquarter and vessel operations go hand-in-hand, it is important to know that when a shipping company’s offices have been hacked it means the company’s vessels are also compromised.”
It emerged at the summit that many systems on board are still based on old operating systems, such as Windows XP, Windows 7, or Linux – systems designed and manufactured without consideration of the cyber threat.
The fact that many of these systems were unprotected with critical PC-based IT and OT systems frequently using the same internet connection, was a significant concern raised by Lloyd’s Register’s Elisa Cassi, product manager, Cyber Security.
“Industrial control systems may still run on separate networks, but true physical isolation is becoming the exception rather than the norm. Even with no direct connection, malware can bridge air-gapped networks by exploiting human activity and operator error,” she said.
Templar Executive’s director MCERT, Chris Gibson, said that 47% of ship’s crews have been targeted, with IT and OT systems “very vulnerable to attack”.
“The Maritime sector is a keystone of a modern, digitised world, but remains vulnerable to cyber attack,” he added.
Acknowledging the introduction of legislation and guidelines designed to help safeguard the industry from cyber intrusion, such as the Europe’s General Data Protection Rules, TSMA3 and IMO’s MSC.428(98), which will be in included in the ISM Code, Gibson said there remains a number of maritime industry challenges. He intimated that its fragmented, cost-conscious and competitive nature can make the maritime industry an attractive target for hackers.
Speakers at the event urged the industry to assess their response capabilities. Cassi said: “The earlier the detection point in the chain, the greater the chance that the ship operations centre will be able to identify malicious activity, contain it and prevent it from spreading laterally.”
It was also suggested that the industry should implement an anonymous cyber-attack reporting scheme and consider establishing a Maritime Charter of Trust to establish industry-wide protocols for dealing with the threat.
Source: Tanker Operator