Shipping accounts for 90% of world trade making the maritime sector an attractive target for hackers. With the continued attacks by the Houthis on the Red Sea the threats to maritime safety have become even more serious.
Food, energy, and goods are all transported by shipping and any attack on this global economy can disrupt vital trade routes and cause financial problems for those concerned.
The maritime industry is a complex ecosystem with a mixture of old and new systems. In recent years new technologies and applications have been introduced designed to improve efficiencies and productivity. These inter-connected software-based solutions contain a lot of data but also provide the opportunity for exploitation by bad actors.
The International Maritime Organisation guidelines provide recommendations on maritime cyber risk management to safeguard shipping from cyber threats and vulnerabilities. Its Resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems states administrations should ensure “cyber risks are appropriately addressed in existing safety management systems”.
Chris Blake, Director, and Principal Data Protection & Privacy Consultant, said: “Those involved in the maritime industry need to balance the improved efficiency that new technology brings with the risk of keeping vessels operational and crews safe.”
The threats come from two areas, Information Technology (IT) systems and Operational Technology (OT) systems.
IT threats focus on the use of data such as admin, accounts, crew lists, and permits to work. It also includes equipment accessible to employees, like computers, and mobile phones, and equipment accessible to passengers, like Wi-Fi routers and connections.
OT is the use of data to control or monitor physical processes, including onboard measurement and control, GPS, remote support for engines, data loggers, heating, ventilation, and air conditioning (HVAC) systems, passenger servicing and management systems, and passenger-facing public networks.
A breach of IT and OT systems can cause reputational and financial impacts as well as jeopardise the safety of the vessel, crew, and passengers.
Chris added: “Vulnerabilities can result from inadequacies in the design, integration, or maintenance of systems, as well as lapses in cyber discipline, such as having weak passwords or having an insecure WiFi connection.
“A diverse range of people work across the maritime industry so regular training for staff members is good practice. Educating everyone from those who work at port authorities, customer officials, logistics, agents, and vendor reps in cyber awareness is vital. It’s also important to be involved in the design, pen testing, and training stages. You just need one weak link in this chain of people for a hacker to cause havoc.”
Firesand cyber security maritime services are designed to give you peace of mind and create safe and secure shipping, resilient to cyber risks. These include penetration testing, vulnerability scanning, system design consultation, cyber security training, and 24 / 7 cyber security monitoring.
You will also benefit from our unrivalled cyber security and data privacy qualifications including CEH, SABSA, CCISO, CISSP, CIPP/E, and FIP.
You can find out more about how we can help you keep secure by visiting our Maritime Cyber Security Services page on our website.
Cookie Notice
We use cookies to ensure that we give you the best experience on our website. Please confirm you are happy to continue.