Cyber Security in the Maritime Industry

In an increasingly data-driven environment, 24/7 connectivity is, naturally, expected. Ships operate akin to offices at sea and reliable connectivity with secure data back-up has become critical to business continuity and competitiveness. Digitalisation of onboard services has been fast-tracked in recent years, with 50% of data expected to be stored in the cloud by 2025 and about 30% of data generated expected to be consumed in real-time.

These rapidly evolving operational conditions make it imperative that vital services are delivered over both VSAT and back-up systems, seamlessly. Satellite communications are crucial to enable access to data in remote and unreachable places in an affordable way. Managing large volumes of critical data, relying on robust data transfers between ship and shore, activating real-time vessel monitoring, and remotely operating onboard vessel systems are just some of the heavy duty processes that require dependable digital systems to function over GSM and satcom.

Digitalisation empowers vessel owners to optimize operational processes, improve efficiency, increase productivity and reduce costs. However, as ships become more digitalised, it is important to ensure the security and authenticity of data. As the maritime industry faces a rising threat from cyber-attacks, there has been a significant increase in interest in cybersecurity packages.

Besides posing a risk to the processes and infrastructure of vessels and ports, cyber-attacks can have a significant impact on stakeholder companies and the entire maritime supply chain.

At some point in time, malicious actors have taken control of computer systems onboard a vessel, which has caused some vessels to be hijacked. Port operations have also been hit by hackers who want to disrupt trade or information technology networks.

Why does cybersecurity matter to the maritime industry?

The IMO requirement for cybersecurity in vessel Planned Maintenance and Safety Management Systems (PMS & SMS) is certainly a driving factor, together with awareness of recent damaging high-profile cyber-attacks on companies such as Maersk.

The maritime industry is facing a rising threat from cyber-attacks. These are becoming more sophisticated and frequent, and they can cause significant damage to the maritime industry. 

For example, in 2018, when the WannaCry ransomware virus attacked computer systems around the world, it caused disruption to shipping operations as well as financial losses for many companies. On top of this, there has been an increase in malicious activity on offshore oil platforms: by 2020, 75% of oil rigs will be located at sea, where it is difficult for them to secure their networks.

The maritime industry has become increasingly reliant on technology in recent years, with many of its operations now being carried out by computers rather than people. This has brought with it an increased risk of cyber-attacks that can affect the safety of ships at sea or ports on land.

The most common types of attack include:

  • Password breaches – A person or program gains unauthorized access to a computer system by guessing passwords or bypassing security measures such as firewalls or encryption software
  • Network intrusion – A hacker inserts malicious code into an organization’s computer system
  • Malware infection – Malicious software (malware) is installed on computers without users’ knowledge

With research indicating that cyber-attack incidents are increasing at an alarming rate, it is important for companies within the maritime industry to be aware of the threats posed by cybercrime so they can take steps towards protecting their assets from potential attacks.

Connected vessels and fleets

Connectivity is the future, and it will be an integral part of business. But, as with any new technology, it also comes with risks. The ability to connect fleets and vessels brings with it security risks that need to be addressed.

There is no ‘one size fits all’ solution for ship cybersecurity. Everyone needs a specialist system suitable for their individual vessel needs. Every vessel should be individually assessed to consider how it operates, what systems it is running, and where it sails. It is important to know, for example, how many terminals are in use, who accesses them, what data is produced and what is done with this data. Each company should produce a carefully thought-out cybersecurity policy, which is rigorously implemented and regularly updated.

It is important to ensure that critical systems such as bridge navigation or main propulsion systems, or the many vessel sensors which provide mission-critical data are not compromised. It is not just crew members using the internet, plugging in an infected USB, or corrupted phone that pose a risk. It is important to consider how many other people are given access to the vessel’s technology.

IEC Telecom’s OneGate network management system ensures that critical vessel functions and crew welfare traffic are carefully compartmentalized. Moreover, OneGate eliminates the risk inherent in content sharing between the crew by providing a secure local FTP server. This avoids the need to use memory sticks and, thus, prevents potential exposure to virus and malware risks.

Cybersecurity in maritime industry-related businesses

Connectivity is a risk for the maritime industry as a whole. If one company has an issue with their network infrastructure or loses data due to negligence or malice from hackers, then all others connected could also be affected. The maritime supply chain is a perfect example of an ecosystem with many connected parties and varying degrees of security. This means that a single cyber-attack could affect multiple companies at once, causing significant damage to the industry as a whole.

The maritime industry must, therefore, work together to prevent attacks—and prepare for worst-case scenarios if they should occur.

The majority of cyber threats originate from misuse of personal devices. To minimize a risk of cross-contamination, IEC Telecom supports its maritime customers in keeping mission-critical and crew welfare networks segregated with multiple access levels. Moreover, keeping software up-to-date is essential to the cyber security of a fleet. IEC Telecom is committed to providing remote deployment of software update patches as well as replicating data between ship and shore.

Connectivity is also a risk to the maritime supply chain. If there is a disruption in connectivity at sea, this can have a significant impact on insurance companies who rely on data from connected vessels. These companies calculate premiums or payouts based on the risk associated with transporting goods by ship instead of by plane or truck (or other means). 

It is vital to implement risk control measures and contingency plans, conduct a phishing penetration test, and segregate mission-critical and welfare networks. IEC Telecom’s multi-layer cybersecurity coverage includes advanced threat protection, antivirus, scanning, continuity, anti-phishing and provision reports on threats detected. This helps to ensure business continuity by implementing a comprehensive cybersecurity policy onboard.

The best cybersecurity solution for the maritime industry

IEC Telecom offers a comprehensive portfolio of cybersecurity solutions for the maritime industry. The company’s products are based on advanced encryption and authentication technologies, which help to protect information from being stolen or modified by unauthorized third parties.

Integrating cybersecurity into the maritime supply chain is one of the main priorities at IEC Telecom. Commitment to initiatives that will make it easier for organizations to integrate cybersecurity into their business operations, with a focus on protecting vessels and fleets, is central to the development of IEC Telecom satcom solutions.

With a comprehensive portfolio of cybersecurity solutions, maritime businesses can ensure that their data is safe and secure while complying with the ISM Code. The state-of-the-art solutions are specially optimized for the maritime environment, and thus, sensitive to the evolving needs of the industry.

The multi-layer cyber security packages by IEC Telecom safeguard onboard systems from all known viruses and detect potential threats. Restoring data is another concern addressed by IEC Telecom VAS, supporting the continuity of operations by enabling IT personnel to retrieve data following any interruption.Stay one step ahead of hacking attempts and malware using a range of cybersecurity solutions by IEC Telecom, including vulnerability scanning, penetration testing, risk assessment and management, incident response, forensics, and more.

Leave a Reply

Back To Top