In the latest issue of Phish and Ships in May, Be Cyber Aware At Sea focused on cyber crime that seems to be getting more dangerous and is now becoming a highly automated business that attacks the most vulnerable part of an organisation. Based on A.P. Møller-Maersk Chairman Jim Hagemann Snabe’s presentation on a panel at the World Economic Forum in 2018, the response to the NotPetya ransomware attack of the previous year had required the re-installation of 4,000 new servers, 45,000 new PCs, and 2,500 applications, all within 10 days. During this period, the company reverted to manual systems.
Concerning the cyber attack to A.P. Møller-Maersk, NotPetya showed that the cyber threat is as real for shipping as it is for any other connected business, especially where legacy systems proliferate.
In the possibility that the infection had affected onboard systems, the attack would have been much worse.
Although the shipping industry is being more aware of cyber attacks, it seems to be slower in coping with it.
In light of the Inmarsat Research Programme report ‘The Industrial IoT on Land and at Sea (2018)‘ the maritime way of thinking is slow to change.
The 2018 study drew on testimony from 750 survey respondents across a range of industries to establish preparedness and perceptions regarding the adoption of Internet of Things (IoT)-based solutions.
According to the survey:
- 87% of maritime respondents believed that their cyber security arrangements could be improved;
- 55% of sizeable proportions of them identifying data storage methods;
- 50% poor network security;
- 44% potential mishandling/misuse of data;
- 39% as more likely to lead to breaches in cyber security than outright cyber attack.
Given the self-diagnosis, it is perhaps surprising to find that only 25% of maritime respondents said they were working on new IoT-based security policies.
Moreover, Mr Jim Hagemann Snabe noted that software is only a part of the answer. Vigilance for ‘the human element’ and a well-thought-out recovery strategy to mitigate against multiple, automated assaults are also critical.
Around 70% of respondents identify reducing marine insurance premiums as a main driver for IoT uptake, where insurers have shown themselves as especially sensitive to cyber threats.
At the same time, other studies have found attitudes such as “Iʼm not the target /we have security in place, donʼt we?/I will be protected by AntiVirus” alive and well among seafarers.
Inmarsat firmly supports that a collaborative approach, including shipboard systems and crew operating, is crucial in having a mature response demanded by multiple threats from cyber villains, whatever their origin.
Therefore, Inmarsat collaborated with Singtel cyber security subsidiary, providing Trustwave, bringing Fleet Secure into the industry as the first independent service designed to detect vulnerabilities, provide alerts, respond to threats and protect ships from cyber attack.
