Subscribe to our Mailing Lists (It's free!)
Friday, June 24, 2022
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    shipping harassment

    Seafarers’ unions urge industry for harassment-free workplace

    intercargo

    INTERCARGO thanks seafarers for their vital contribution

    fire on bulker

    Fire breaks out onboard bulk carrier in Ghent

    shipping safety

    InterManager: Shipping must embrace change and improve safety record

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    uk ports

    UK ports call for supercharging energy infrastructure

    chevron

    Chevron: High cleaning performance from cylinder oils necessary for new fuels

    SeaShuttle

    Project for hydrogen-fueled, remotely controlled containerships receives funding

    mol

    MOL to tackle ships’ emissions through digital solutions

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Autonomous Ship Project

    Watch: Documentary released on autonomous ship project

    SeaShuttle

    Project for hydrogen-fueled, remotely controlled containerships receives funding

    mol

    MOL to tackle ships’ emissions through digital solutions

    cma cgm mpa singapore

    CMA CGM, MPA Singapore collaborate on shipping decarbonisation and digitalisation

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    yang ming hmm

    US shipper accuses Yang Ming and HMM of collusion

    paris mou

    Paris MoU refuses access to ship after skipping Ukrainian repair call because of waiting time

    black sea mou

    Black Sea MoU PSC Annual Report 2021

    prestige sinking

    “Prestige” insurer must pay Spanish claim over oil spill, EU Court decides

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    Autonomous Ship Project

    Watch: Documentary released on autonomous ship project

    uk ports

    UK ports call for supercharging energy infrastructure

    port of long beach

    San Pedro Bay Port Complex commits to 100% zero-emissions shipping by 2030

    medisea

    Watch: Shipowners’ Club launches “Medical Enhancement Scheme for Seafarers”

  • Columns
    adaptability in maritime

    Cyprus: A cultural shift is needed for seafarers to become the visible and respected workforce

    SEA Europe: Shipbuilding industry needs to adopt a maritime industrial strategy

    SEA Europe: Shipbuilding industry needs to adopt a maritime industrial strategy

    CSM: The younger generation plays vital role to industry’s progress in diversity

    CSM: The younger generation plays vital role to industry’s progress in diversity

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    shipping harassment

    Seafarers’ unions urge industry for harassment-free workplace

    intercargo

    INTERCARGO thanks seafarers for their vital contribution

    fire on bulker

    Fire breaks out onboard bulk carrier in Ghent

    shipping safety

    InterManager: Shipping must embrace change and improve safety record

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    uk ports

    UK ports call for supercharging energy infrastructure

    chevron

    Chevron: High cleaning performance from cylinder oils necessary for new fuels

    SeaShuttle

    Project for hydrogen-fueled, remotely controlled containerships receives funding

    mol

    MOL to tackle ships’ emissions through digital solutions

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Autonomous Ship Project

    Watch: Documentary released on autonomous ship project

    SeaShuttle

    Project for hydrogen-fueled, remotely controlled containerships receives funding

    mol

    MOL to tackle ships’ emissions through digital solutions

    cma cgm mpa singapore

    CMA CGM, MPA Singapore collaborate on shipping decarbonisation and digitalisation

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    yang ming hmm

    US shipper accuses Yang Ming and HMM of collusion

    paris mou

    Paris MoU refuses access to ship after skipping Ukrainian repair call because of waiting time

    black sea mou

    Black Sea MoU PSC Annual Report 2021

    prestige sinking

    “Prestige” insurer must pay Spanish claim over oil spill, EU Court decides

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    Autonomous Ship Project

    Watch: Documentary released on autonomous ship project

    uk ports

    UK ports call for supercharging energy infrastructure

    port of long beach

    San Pedro Bay Port Complex commits to 100% zero-emissions shipping by 2030

    medisea

    Watch: Shipowners’ Club launches “Medical Enhancement Scheme for Seafarers”

  • Columns
    adaptability in maritime

    Cyprus: A cultural shift is needed for seafarers to become the visible and respected workforce

    SEA Europe: Shipbuilding industry needs to adopt a maritime industrial strategy

    SEA Europe: Shipbuilding industry needs to adopt a maritime industrial strategy

    CSM: The younger generation plays vital role to industry’s progress in diversity

    CSM: The younger generation plays vital role to industry’s progress in diversity

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

6 common cyber risks affecting maritime industry

by The Editorial Team
December 4, 2019
in Cyber Security
maritime security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

Vessel and facility operators use computers and cyber dependent technologies for navigation, communications, engineering, cargo, ballast, safety, environmental control, and for many other purposes. Emergency systems such as security monitoring, fire detection, and alarms increasingly rely on cyber technology and may be affected by attacks. As such, it is essential that companies prepare for a cyberattack and expeditiously address identified vulnerabilities both ashore and on-board ships.

Modern technologies can add vulnerabilities to the ships especially if there are insecure designs of networks and uncontrolled access to the internet. Additionally, shore side and onboard personnel may be unaware how some equipment producers maintain remote access to shipboard equipment and its network system. The risks of misunderstood, unknown, and uncoordinated remote access to an operating ship should be taken into consideration.

Cyber Risks detected onboard

The following are common cyber vulnerabilities, which may be found onboard existing ships, and on some newbuild ships:

RelatedNews

NAPA: Shipping must improve its cyber resilience

Cyber-attack targets Port of London Authority

  1. obsolete and unsupported operating systems
  2. outdated or missing antivirus software and protection from malware
  3. inadequate security configurations and best practices, including ineffective network management, the use of default administrator accounts or passwords, and also ineffective network management which is not based on the principle of least privilege
  4. shipboard computer networks, which lack boundary protection measures and segmentation of networks
  5. safety critical equipment or systems always connected with the shore side
  6. inadequate access controls for third parties including contractors and service providers.

Procedural Control: 8 key elements

Some procedural controls are focused on how seafarers use the onboard systems, as listed below:

#1 Training and awareness

The internal cyber threat is considerable and should not be underestimated. Personnel, even with the best intentions, can be careless, so data can be mishandled, and files disposed of incorrectly. Training and awareness should be tailored to the appropriate levels for onboard personnel, including the master, officers, seafarers and shoreside personnel who support the management and operation of the ship.

#2 Upgrades and software maintenance

Hardware or software that is no longer supported by its producer or software developer will not receive updates to address potential vulnerabilities. For this reason, the use of hardware and software which is no longer supported should be carefully evaluated by the company as part of the cyber risk assessment.

*Note: Procedures for timely updating of software may need to be put in place taking into account the ship type, speed of internet connectivity, sea time, etc.

#3 Anti-virus and anti-malware tool updates

In order for scanning software tools to detect and deal with malware, they need to be updated. Procedural requirements should be established to ensure updates are distributed to ships on a timely basis and that all relevant computers onboard are updated.

#4 Remote access

Policy and procedures should be established for control over remote access to onboard IT and OT systems. Clear guidelines should establish who has permission to access, when they can access, and what they can access. Any procedures for remote access should include close co-ordination with the ship’s master and other key senior ship personnel. Systems should be monitored and reviewed periodically.

#5 Use of administrator privileges

Administrator privileges allow full access to system configuration settings and all data and should only be given to appropriately trained personnel who log into systems using such privileges. User accounts should be removed when they are no longer in use and should not be passed on from one user to the next using generic usernames. IT department is responsible for the monitoring and the privilege level of each employee.

#6 Physical and removable media controls

A clear policy for the use of such media devices is essential; it must ensure that media devices are not normally used to transfer information between un-controlled and controlled systems. In cases where it is unavoidable to use such media devices, for example during software maintenance, there should be a procedure in place to require checking of removable media for malware.

#7 Equipment disposal, including data destruction

Obsolete equipment can contain data which is commercially sensitive or confidential. The company should have a procedure in place to ensure that the data held in obsolete equipment is properly destroyed prior to disposing of the equipment thereby ensuring that vital information cannot be retrieved.

#8 Obtaining support from ashore and contingency plans

Ships should have access to technical support in the event of a cyber-attack. Details of this support and associated procedures should be available on board

The ‘defence in depth’ approach

Vessel and facility operators should view cyber along with the physical, human factor, and other risks they already face. It is essential to protect critical systems and data with multiple layers of protection measures which take into account the role of personnel, procedures and technology. Defence in depth approach encourages a combination of physical security of the ship in accordance with SSP, protection of networks, intrusion detection, software whitelisting, access and user controls as also, the appropriate procedures regarding the use of removable media and password policies and, of course, personnel’s awareness.

Tags: cyber incidentscyber riskcyber securitydigitalizationsm

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Autonomous Ship Project

Watch: Documentary released on autonomous ship project

June 24, 2022
uk ports

UK ports call for supercharging energy infrastructure

June 24, 2022
MARITIME EVENTS

Newsletter

GET THE SAFETY4SEA IN YOUR INBOX!

Explore

  • Safety
  • Green
  • Smart
  • Risk
  • Others
  • Events
  • Plus

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Contact

© 2021 SAFETY4SEA

No Result
View All Result
  • Safety
    • Alerts
    • Accidents
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Opinions
    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus

© 2021 SAFETY4SEA

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Disclaimer.