Just when you thought it was safe to go back in the water, a new Maritime Cyber Safety report highlights Cyber Threats
Traditionally, attacks on marine vessels have included piracy, boarding, theft, and/or destruction, and while these attacks have often been successful and continue, they are well understood maritime vessels are being monitored online for their own safety. According to a new research, maritime vessels need to deal with cyber safety because they are under significant threat of cyber-attacks since many are carrying outdated software and were not designed with cyber security in mind.
Plymouth University’s Maritime Cyber Threats Research Group suggests – Cyber-attacks are stealthier, and have a range of potential implications including business disruption, financial loss, damage to reputation, damage to goods and environment, incident response cost, and fines and/or legal issues.
Professor Kevin Jones, Executive Dean of Science and Engineering, is lead author on the paper which also involved Dr. Maria Papadaki, Lecturer in Network Security at Plymouth University, and staff from the Security and Management Lab at HP Enterprise in Bristol. Said: “In an increasingly connected and technologically dependent world, new areas of vulnerability are emerging. However, this dependency increases the vessel’s presence in the cyber domain, increasing its chances of being targeted and offering new vectors for such attacks. Longer term, there needs to be a fundamentally different approach to security of the entire maritime infrastructure meaning there is great need for specific cyber security research programs focused on the maritime sector.”
The article published in Engineering and Technology Reference – suggests maritime cyber-attacks would most likely target systems responsible for navigation, propulsion, and cargo-related functions, with many incentives for attackers given that over 90% cent of world trade occurs via the oceans.
The paper adds: “As things stand, there are fundamental issues with securing the technology used in the maritime industry and the sector is probably the most vulnerable aspect of critical national infrastructure. Both security firms and hackers have found both general flaws and specific, real-world, flaws within the navigation systems of ships, and it seems plausible that similar outdated systems for propulsion and cargo handling may also be compromised and abused by cyber-attackers.”
Emma Ward, editor of The Navigator, said this about Marine Cyber Safety :
“As onboard technology increases in sophistication, this subject should concern everyone, not just computer buffs.” Simple precautions – such as not plugging your smartphone into a USB port on the ECDIS – can help keep both ship and crew cyber safe at sea.
9 Key points to consider for cyber safety on marine vessels:
- Attacks happen – Cyber security should concern everybody, even those who are not computer experts. All seafarers can make a difference.
- Data protection – Ship’s officers must make sure they know who can access what data, and who is allowed in rooms containing key technical equipment.
- Personal Risk – Personal devices (smart phones, laptops, USB sticks) and ship systems (navigation, cargo, control, communication) are susceptible to attacks. Connecting personal devices to ship systems for exchanging data or even for charging is highly risky. Don’t do it!
- Know your weaknesses – Vulnerable systems include cargo, bridge, propulsion, access control, passenger services, public networks, administrative and crew welfare systems, and all external communication systems.
- Be prepared – Cyber security plans require both safety and security aspects. All procedures for cyber risk management should complement existing requirements contained in the ISM Code and ISPS Codes. Contingency plans must be ready and well-rehearsed for when something goes wrong
- App awareness – Android software and apps have a 90% likelihood of carrying malware; iOS have an 80% likelihood; of which you will be entirely unaware until it is plugged into something else
- Social Skills – Social media is a key source of viruses or information for targeting individuals. Be aware of what you post!
- Jamming and spoofing – Global Navigation Satellite Systems (GNSS – including GPS) are vulnerable to intentional and unintentional jamming and spoofing. By following conventional best practice, such as observing radar and visual references, you can minimize the risks
- Risk Training – Every ship will have different risks and levels of risk. All crew should be informed and trained about the risks appropriate to their roles, how to manage them and how to react to an incident. Regular onboard updates, drills and mentoring are also key.
More Here [safety4sea]