Subscribe to our Mailing Lists (It's free!)
Saturday, May 27, 2023
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Chinese fishing boat capesizes in Indian Ocean

    French navy seizes $108 million drugs in Indian Ocean

    #WomenInMaritimeDay: How the industry mobilizes networks for gender equality

    ISWAN: The stigma of on-board menstruation should be ended

    RightShip: Deficiencies and non-conformities involving pilot ladders and arrangements show increase

    RightShip: Deficiencies and non-conformities involving pilot ladders and arrangements show increase

    dry dock

    Lessons learned: Protect yourself by working according to the precautions on the permit

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    power of hug

    The power of hugging: How it affects our health

    Impostor Syndrome

    Mental Health Focus: How to deal with Impostor Syndrome

    wellbeing at sea

    World Laughter Day 2023: Laughter is the best medicine

    mental fatigue

    Stay SEAFiT: How to cope with mental fatigue

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Watch: PowerX introduces Battery Tanker X

    Watch: PowerX introduces Battery Tanker X

    busy anchorage

    Nautilus and BIMCO urge the industry to rethink charter party frameworks

    dhl hapag lloyd

    ExxonMobil and Hapag-Lloyd sign for B30 marine bio fuel

    ibia

    GMF: Maritime decarbonisation presents opportunities in Latin America

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    communication onboard, connectivity

    IMO Sub-Committee considers introduction of VDES into SOLAS

    Modern navigation requires modern training

    IMO makes progress on navigational safety

    ecdis

    IMO Sub-Committee updates ECDIS performance standards

    GMF: What are the legal implications of operational efficiency

    GMF: What are the legal implications of operational efficiency

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
    civil penalties, fines

    ONE and Wan Hai to pay $2.65 million in civil penalties

    uk mca

    Cyprus PSC Performance Report 2022: Fire safety is the most common ship deficiency area

    USCG PSC Report 2022: BWM compliance remains challenging

    indonesia illegal anchoring

    Tanker detained off Malaysia for anchoring illegally

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    #WomenInMaritimeDay: How the industry mobilizes networks for gender equality

    ISWAN: The stigma of on-board menstruation should be ended

    lifeboats

    Canadian Government invests $2.5 billion into Coast Guard vessels

    ESG Watch: Expert thinking on ESG in the maritime industry

    ESG Watch: Expert thinking on ESG in the maritime industry

    industry standard on in-water cleaning

    BIMCO: Container spot rates 32% up on 2019 despite weaker supply and demand balance

  • Columns
    shore power genoa sanova

    Powering the future: Reducing carbon footprint with shore power

    ships dismantled

    Sustainable Ship Recycling & EU Taxonomy

    Armada Risk Partners: Ports and terminals need to become more aware of the imminent threats

    Armada Risk Partners: Ports and terminals need to become more aware of the imminent threats

    Trending Tags

    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Chinese fishing boat capesizes in Indian Ocean

    French navy seizes $108 million drugs in Indian Ocean

    #WomenInMaritimeDay: How the industry mobilizes networks for gender equality

    ISWAN: The stigma of on-board menstruation should be ended

    RightShip: Deficiencies and non-conformities involving pilot ladders and arrangements show increase

    RightShip: Deficiencies and non-conformities involving pilot ladders and arrangements show increase

    dry dock

    Lessons learned: Protect yourself by working according to the precautions on the permit

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    power of hug

    The power of hugging: How it affects our health

    Impostor Syndrome

    Mental Health Focus: How to deal with Impostor Syndrome

    wellbeing at sea

    World Laughter Day 2023: Laughter is the best medicine

    mental fatigue

    Stay SEAFiT: How to cope with mental fatigue

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Watch: PowerX introduces Battery Tanker X

    Watch: PowerX introduces Battery Tanker X

    busy anchorage

    Nautilus and BIMCO urge the industry to rethink charter party frameworks

    dhl hapag lloyd

    ExxonMobil and Hapag-Lloyd sign for B30 marine bio fuel

    ibia

    GMF: Maritime decarbonisation presents opportunities in Latin America

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    communication onboard, connectivity

    IMO Sub-Committee considers introduction of VDES into SOLAS

    Modern navigation requires modern training

    IMO makes progress on navigational safety

    ecdis

    IMO Sub-Committee updates ECDIS performance standards

    GMF: What are the legal implications of operational efficiency

    GMF: What are the legal implications of operational efficiency

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
    civil penalties, fines

    ONE and Wan Hai to pay $2.65 million in civil penalties

    uk mca

    Cyprus PSC Performance Report 2022: Fire safety is the most common ship deficiency area

    USCG PSC Report 2022: BWM compliance remains challenging

    indonesia illegal anchoring

    Tanker detained off Malaysia for anchoring illegally

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    #WomenInMaritimeDay: How the industry mobilizes networks for gender equality

    ISWAN: The stigma of on-board menstruation should be ended

    lifeboats

    Canadian Government invests $2.5 billion into Coast Guard vessels

    ESG Watch: Expert thinking on ESG in the maritime industry

    ESG Watch: Expert thinking on ESG in the maritime industry

    industry standard on in-water cleaning

    BIMCO: Container spot rates 32% up on 2019 despite weaker supply and demand balance

  • Columns
    shore power genoa sanova

    Powering the future: Reducing carbon footprint with shore power

    ships dismantled

    Sustainable Ship Recycling & EU Taxonomy

    Armada Risk Partners: Ports and terminals need to become more aware of the imminent threats

    Armada Risk Partners: Ports and terminals need to become more aware of the imminent threats

    Trending Tags

    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

6 common cyber risks affecting maritime industry

by The Editorial Team
December 4, 2019
in Cyber Security
maritime security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

Vessel and facility operators use computers and cyber dependent technologies for navigation, communications, engineering, cargo, ballast, safety, environmental control, and for many other purposes. Emergency systems such as security monitoring, fire detection, and alarms increasingly rely on cyber technology and may be affected by attacks. As such, it is essential that companies prepare for a cyberattack and expeditiously address identified vulnerabilities both ashore and on-board ships.

Modern technologies can add vulnerabilities to the ships especially if there are insecure designs of networks and uncontrolled access to the internet. Additionally, shore side and onboard personnel may be unaware how some equipment producers maintain remote access to shipboard equipment and its network system. The risks of misunderstood, unknown, and uncoordinated remote access to an operating ship should be taken into consideration.

Cyber Risks detected onboard

The following are common cyber vulnerabilities, which may be found onboard existing ships, and on some newbuild ships:

RelatedNews

IMO makes progress on navigational safety

EU Blue Economy report: Shipping is the most carbon-efficient mode of transport

  1. obsolete and unsupported operating systems
  2. outdated or missing antivirus software and protection from malware
  3. inadequate security configurations and best practices, including ineffective network management, the use of default administrator accounts or passwords, and also ineffective network management which is not based on the principle of least privilege
  4. shipboard computer networks, which lack boundary protection measures and segmentation of networks
  5. safety critical equipment or systems always connected with the shore side
  6. inadequate access controls for third parties including contractors and service providers.

Procedural Control: 8 key elements

Some procedural controls are focused on how seafarers use the onboard systems, as listed below:

#1 Training and awareness

The internal cyber threat is considerable and should not be underestimated. Personnel, even with the best intentions, can be careless, so data can be mishandled, and files disposed of incorrectly. Training and awareness should be tailored to the appropriate levels for onboard personnel, including the master, officers, seafarers and shoreside personnel who support the management and operation of the ship.

#2 Upgrades and software maintenance

Hardware or software that is no longer supported by its producer or software developer will not receive updates to address potential vulnerabilities. For this reason, the use of hardware and software which is no longer supported should be carefully evaluated by the company as part of the cyber risk assessment.

*Note: Procedures for timely updating of software may need to be put in place taking into account the ship type, speed of internet connectivity, sea time, etc.

#3 Anti-virus and anti-malware tool updates

In order for scanning software tools to detect and deal with malware, they need to be updated. Procedural requirements should be established to ensure updates are distributed to ships on a timely basis and that all relevant computers onboard are updated.

#4 Remote access

Policy and procedures should be established for control over remote access to onboard IT and OT systems. Clear guidelines should establish who has permission to access, when they can access, and what they can access. Any procedures for remote access should include close co-ordination with the ship’s master and other key senior ship personnel. Systems should be monitored and reviewed periodically.

#5 Use of administrator privileges

Administrator privileges allow full access to system configuration settings and all data and should only be given to appropriately trained personnel who log into systems using such privileges. User accounts should be removed when they are no longer in use and should not be passed on from one user to the next using generic usernames. IT department is responsible for the monitoring and the privilege level of each employee.

#6 Physical and removable media controls

A clear policy for the use of such media devices is essential; it must ensure that media devices are not normally used to transfer information between un-controlled and controlled systems. In cases where it is unavoidable to use such media devices, for example during software maintenance, there should be a procedure in place to require checking of removable media for malware.

#7 Equipment disposal, including data destruction

Obsolete equipment can contain data which is commercially sensitive or confidential. The company should have a procedure in place to ensure that the data held in obsolete equipment is properly destroyed prior to disposing of the equipment thereby ensuring that vital information cannot be retrieved.

#8 Obtaining support from ashore and contingency plans

Ships should have access to technical support in the event of a cyber-attack. Details of this support and associated procedures should be available on board

The ‘defence in depth’ approach

Vessel and facility operators should view cyber along with the physical, human factor, and other risks they already face. It is essential to protect critical systems and data with multiple layers of protection measures which take into account the role of personnel, procedures and technology. Defence in depth approach encourages a combination of physical security of the ship in accordance with SSP, protection of networks, intrusion detection, software whitelisting, access and user controls as also, the appropriate procedures regarding the use of removable media and password policies and, of course, personnel’s awareness.

Tags: cyber incidentscyber riskcyber securitydigitalizationsm

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

shore power genoa sanova

Powering the future: Reducing carbon footprint with shore power

May 26, 2023
Chinese fishing boat capesizes in Indian Ocean

French navy seizes $108 million drugs in Indian Ocean

May 26, 2023
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Contact

© 2021 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Opinions
    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2021 SAFETY4SEA

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Disclaimer.