‘Be Cyber Aware at Sea’ campaign issued its latest newsletter ‘Phish & Ships’ sponsored by CSO Alliance Maritime, highlighting that the industry needs sufficient redundancy, to avoid failure and to isolate systems from cyber threats. Among many issues, this edition examines the relationship between ECDIS and cyber security.
It is underlined that, as with any computer based system, ECDIS systems are vulnerable to cyber security threats, but routine cyber security procedures will prevent threats becoming problems. If properly used and maintained, ECDIS has the potential to improve navigational safety, however the knowledge and skills of the user are key, whether in routine use, keeping the system secure or responding to problems.
The campaign cites some of the questions that shippers need to be asking:
- How do I get updated chart data and permit files into the ECDIS? How safe and secure is the process?
- Who has access to the USB ports? Are USB sticks checked every time, before use? Are dedicated USB sticks provided and securely stored?
- Are there any software updates outstanding? Good communication with your ECDIS manufacturer is essential.
- How secure are all the other pieces of equipment connected to the ECDIS?
- Do all the deck officers know what to do when things go wrong?
- A popular tactic hackers employ is social engineering, which means pretending to be someone they are not. For example, they may pretend to be an employee at your company to get you to click on a link in an email, or pretend to be an interview candidate and ask you to retrieve a resume from a USB stick. Blindly complying with these requests could enable malicious software to spread throughout your computer or network, allowing the hacker to either absorb company or personal information or data, or take control of the system. As a best practice, always ask questions before doing something for someone you don’t know, and know its okay to decline a request in an effort to stay secure.
- To reduce risk, separate personal and work life. When using your work computer only for work purposes, you will likely visit fewer websites, install fewer applications, and generally reduce your overall attack surface. To further protect the ship or company systems, the IT team should tightly control administrative credentials, and they should monitor and regularly review newly installed applications, and block categories of websites at our perimete.
- Onboard ship, seafarers should be encouraged to use personal devices, so the temptation or need to use the ship’s PCs or systems are reduced. Human nature can cause problems, so it is important to limit the need or temptation for crews to cross the work/ life divide.
- Training for problems with essential computer based systems must become as integral to the shipboard routine if we are to operate modern, computerised vessels safely and efficiently.
You may click below to read the Newsletter for May 2017:
