As the industry moves into a cyber-shipping era, the risk of cyber threats is at an all-time high. State-of-the-art ships, increasing interconnectedness and electronic navigation necessitate guidelines and contingency plans to support secure cyber operations. Cyber threats and even physical loss of cargo is on the rise as hackers rapidly learn how to seamlessly navigate holes in cyber security. In this day of digitalisation, the impact of cyber operations and cyber threats cannot be overstated.
Fathom Maritime Intelligence takes a look at the maritime security threats facing the shipping industry and examines recent developments that will support safer cyber operations.
1. Increasing Digitalisation Drives Cyber Threat
The digital era that the shipping industry is now immersed in is ineluctable. Increasing digitalisation has been coupled with advances in ship to shore communications. Digitalisation has also spurned great leaps towards e-navigation becoming the norm, with some help from the regulators of course.
Integrating technologies onboard the ship, all supported by advanced electronics and software, is advancing streamlined shipping operations. Digital systems have evolved at a rate which enables mass data collection to improve analysis and operational profile of the ship.
However, as more and more data is collected and stored, the more information and data is at risk of being hacked to devastating effect.
The operation of a ship itself and the operation of entire fleets, from the bridge onboard and the office onshore, is increasingly reliant on digital systems. No matter how ‘secure’ a digital system is, the volume of data exchange and layers of integrated digital systems ensure that a ship and its controls are vulnerable to those who have even the slightest knowledge of opening up gateway access.
2. The Risk Of Physical Access Is A Very Real Threat
With increasingly networked systems, readily available wireless networks, blue-tooth and commonly used removable devices such as USBs and DVDs, the ability to acquire data physically is less challenging than previously when hardcopy was the norm.
Diagnostic ports on equipment and the availability of malware along with wireless networks means that communication links can be intercepted from anywhere in the globe. Furthermore, radio communications provide an easy pathway for hackers to gain information via eavesdropping while jamming of data means it can disappear and end up in an unknown location (potentially at the hands of an experienced hacker).
3. Crew and Onshore Staff Pose the Biggest Risk to Cyber Security
Essentially, the largest threat to cyber security is humans.
Data breaches, sharing of personal information and downloading of embedded malware are all at the cause of human error or naivety when it comes to safe cyber operation. Hackers may have the knowledge to exploit vulnerable or weak systems once they’ve gained network access, but it is often the human user which gives them the key to do so.
Technology cannot be manipulated in the same way humans can. Humans are led into a false sense of security, thinking systems are safe and operations are protected because they have access using passwords and because they are told the system is ‘highly secure’. However, a system is only as secure as its user will let it be.
Functional firewalls and safe gateways are paramount to preventing data leakage and hacker interception. Even the inclusion of employee security awareness training may help to mitigate security threats and deter hackers, continuous assessments and unpredictability in data operations may also serve to minimise the risk of exposure and reduce vulnerability.
Stolt Tankers, for example, has separate networks for engineering and navigation, completely isolating them from one another. Business networks are connected only to the office and the crew network sits separate from any other network. The more isolation you can create, the harder it is to break into.
4. E-Navigation Puts Your Ship At A Higher Cyber Risk
Any ship that uses GPS, ECDIS and AIS are vulnerable to attacks and asset loss. Nowadays every ship is operating with the latest navigational systems to drive smarter and smoother operations. Trading is co-ordinated across multiple time zones using atomic clocks on GPS systems. However, if these are hacked into, control is at the hands of the hacker and the information already acquired is unknown. Disrupting global transactions could ultimately end with serious economic outcomes and the pause of vital trading operations.
5. Secondary And Tertiary Uses Of Technology Create Potential Security Issues
Historically, ships would be fitted with technologies to manage the purpose for which they were designed. For instance, GPS would be simply used for navigation, whereas today they are integrated with other capabilities such as weather forecasting to assist with time-keeping and routing. However, the system initially fitted may have been designed with security issues in mind for which it is to operate. Therefore, it may be less secure in its secondary and tertiary functions, leaving the technology vulnerable to security threats.
With technological advancements growing at an unpresented rate and global connectivity increasing the data we store online, the reasons for a cyber-attack is far and wide spread. No data is truly safe. One way or another there is a reason for someone else wanting your data or your goods. Whether it is down to terrorism, smuggling, piracy, fraud, hackers or economic espionage, from whichever direction you look, a cyber threat is there. Accepting and understanding the risk is essential to the future of shipping in a digital era.
In next week’s “In The Spotlight” feature Fathom Maritime Intelligence will look at the Top 5 Actions to that the industry can take to ensure ultimate cyber security.
To round off this year, Fathom will be re-posting our top 2016 articles. Keep an eye out for some of our most popular and most-read stories this festive period here at Ship Efficiency Review!
Ship Efficiency Review News
To contact the editor responsible for this article email firstname.lastname@example.org