Why is the maritime sector so vulnerable?
As outlined in the first part of this series, the maritime sector is becoming increasingly vulnerable to cyber threats on its operational technology due to the large-scale digital transformation recently undertaken.
But we’re wondering, just how susceptible is this industry to cyber threats? Let’s take a closer look at some of the main cybersecurity flaws that could be exploited:
- The cargo management system
The cargo control room, its materials and its accompanying systems all benefit from the advance of technology. The systems are becoming increasingly connected to each other and are using programmes that connect to the internet and therefore increase their vulnerability. They have also inherited the flaws that come with digitization and, like all IT systems, are susceptible to cyberattacks.
- Lack of encryption
Cyber hackers can take advantage of these open systems, that lack any inbuilt encryption or authentication code, by creating a non-existent vessel and assigning it static information. This is referred to as ‘ship spoofing’ and means that it can appear as though a vessel is in a different place, causing issues for automated systems that identify data and make inferences based on data collected from AIS.
- Crew are not aware or trained in cyber security
Futurenautics reports: “Only 12% of crew had received any form of cyber security training. In addition, only 43% of crew were aware of any cyber-safe policy or cyber hygiene guidelines provided by their company for personal web-browsing or the use of removable media (USB memory sticks etc.). Perhaps unsurprisingly, given the above statistics, fully 43% of crew reported that they had sailed on a vessel that had become infected with a virus or malware.”
Public networks that are deployed for passenger use (such as entertainment, LAN network, communications) are extremely sensitive access points. In order to guarantee the security of these systems, public networks “for enjoyment” should be 100% contained.
Complacency has been described as the biggest single issue the shipping and maritime industry must guard against. Whilst cyber is, undoubtedly, rising up the management agenda, it is too easy to think that it’s other companies who will be attacked and not take it seriously enough now.
Do you agree with this list? Is there anything else you think is impacting the vulnerability?