The maritime transport industry uses various operational technologies (OT) such as GPS, AIS, ECDIS and information technology (IT).
Damage to these systems can result in physical damage to the ship as well as data leakage, endangering all life on board. Insider threats, whether intentional or not, are considered one of the biggest cyber threats to business.
The inside threats are:
- Human Error - High click rates for phishing campaigns, negligence (leaving technology open and accessible), loss of technology, such as a laptop or a phone;
- Malicious Insider - Criminal insiders leaking sensitive data, infecting computer systems with malware, abuse of internal privileges and disgruntled employees;
- Social Engineering - The manipulation of seafarers to gain sensitive information. This can contribute to spear phishing, senior management spoofing, smishing and vishing
Therefore, the shipping industry should find additional ways to address the cyber attacks:
- The education, training and exercising of the crew and shore based employees enhances their ability to competently react to attacks, find faults, understand the threat;
- A risk management strategy is vital in the assurance of IT/OT system assets. An effective risk management framework can create resilience in people, process and technology;
- The development of an Incident Response Plan (IRP) should provide the vessel with the ability to respond quickly and effectively in a timely manner;
- Information sharing with your community is vital. This will inevitably help in optimising the business recovery process, ensuring business continuity at the earliest opportunity;
- Conduct testing and auditing. Penetration tests by ethical hackers attempt to breach an organisationʼs network to expose vulnerabilities.
Concluding, it's widely considered that the human factor is amongst the most dangerous factors that could lead to a cyber attack; Thus, SAFETY4SEA provides information on 12 Tips to improve human factors and maritime safety, in order for the shipping sector to be alert and acknowledge the risks that are arising through the development of digitalization.