Shipping writes a new chapter of its cybersecurity story with every successful hack, co-ordinated attack or accidental infection. But at least for shipping leaders and decision-makers, there is an awareness that cyber is not the millennium bug; something that will go away if left alone.
Cybersecurity is a complex problem, not least because of its ability to mutate and present new threats from which businesses must defend themselves. For shipping, the increasingly connected nature of assets that were previously remote is only serving to heighten the need for a robust cyber strategy.
Our perspective on the challenges is formed at first hand through on-board service staff experience. Often former mariners, but hardwired to the organisation, these individuals are able to take off the rose-tinted spectacles and judge the situation dispassionately.
The level of awareness of shipboard cyber risks remains highly variable, ranging from safety-first operators in the tanker and cruiseship sectors to those whose practices are somewhat behind the curve.
This can be a function of the company’s commitment to IT in general. There are plenty of instances where requests we receive related to cybersecurity demonstrate that operators are taking the issue seriously, others where we quickly push back.
Oh, and the horror stories are true: it’s quite possible to find wireless mobile devices charging off the ECDIS USB port. Many ships have no system for ‘sheep dipping’ memory sticks or external drives when crew or service personnel bring them onboard, when scanning for viruses and malware should be the default procedure.
Connectivity on and off the ship is critical but just as important is managing the risk on the bridge itself, specifically the temptation to connect the regulated front of bridge systems to the wider ship’s network.
The anecdotal evidence from our service personnel is that the majority of electronic navigation chart data, which is these days received on-board ship via satellite, is still transferred from the unregulated back of bridge space to the front of bridge by – you guessed it – a USB stick.
The inherent lack of security in this process has led some operators to reason that the way to remove this layer of vulnerability is to connect the bridge to the wider network. Bridge systems have traditionally been ‘air-gapped’ to the main network which has provided a degree of comfort that the operational and information technology are separated.
More sophisticated hacking techniques mean this comfort may in reality be slim, but by connecting front and back of bridge networks directly, operators risk removing their main physical defence.
What this reinforces for us is that cybersecurity is a mindset, not just a piece of software or hardware alone. It requires a clear thought process and a layered approach. It starts with improving awareness and goes on to encompass training and role-based expertise, but it also means giving bridge teams tools that provide a degree of assurance without increasing complexity or slowing down critical processes.
With processes and procedures baked in, the operator can move on to a hardening programme for the navigational equipment which understands the evolving nature of cyber vulnerabilities.
Drawing on the expertise of our parent company, Northrop Grumman, we offer a solution which uses multiple firewalls and a ‘demilitarised zone’ as a staging post between front and back of bridge to ensure there is no direct connection between the navigation systems and the main ship network. The solution is a key part of the technical defences available to ship operators and can be certified to the IEC’s 61162-460 standard for networking where additional safety and security is needed.
Looking beyond the measures that owners can take to manage cyber risks day-to-day, it is clear that understanding where risks come from benefits from having an expert physical presence regularly onboard ship.
What a global service network uniquely brings to a layered cybersecurity model can be felt all the way to next generation product and service development cycle. This feedback loop is vital to understand not just what owners are thinking but how navigators work on the bridge. It gives us a vital understanding of an environment very different from the average office.
As engineers, it is easy to make assumptions of what’s happening in the field and what might therefore drive a design solution. Bringing in the service team leaders during the design review process gives a vital perspective on behaviours in an operational context.
The easiest mistake to make is to say ‘that doesn’t happen onboard ship’ and design a solution accordingly. Having a service team that can say ‘absolutely it does happen, we see it all the time’ means we are getting closer to providing the best possible cyber solution onboard ship.
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.