CYBER SECURITY Archives - Page 3 of 11

Cyber criminals are increasingly targeting container shipping and ports as ransomware gangs step-up attacks on vulnerable supply chains, according to the latest CyberCube Global Threat Briefing.

Worldwide supply chain disruption and shortages and weak cyber security make the maritime sector an attractive target for cyber criminals, according to William Altman, principal cybersecurity consultant at CyberCube, which provides insurers with cyber threat intelligence and analytics. Other critical supply chains that have single points of failure are also vulnerable, including food and agriculture, and information technology, he said at the launch of the report.

“We should expect more attacks on the maritime sector, in particular. Covid-19, labour shortages, wars, and a myriad of other factors are putting a lot of pressure on global supply chains. In the past two years we have witnessed how crisis events, such as key shipping lane blockages and ransomware port attacks, have contributed to intense global supply chain shortages,” said Altman.

“Cyber criminals are known to take advantage of organisations that are experiencing turmoil, such as hospitals during the pandemic. Ransomware actors in particular are increasingly targeting large cargo ships and their onboard operational systems, as well as compromising connected infrastructure at critical port facilities worldwide. This is something we have seen over the past year, but it has built up over the last few months,” he said.

A number of large ports have been hit by ransomware attacks in the past, while the world’s four largest container shipping companies have been attacked in recent years. In February, India’s Jawaharlal Nehru Port, the country’s busiest container terminal, was hit by a ransomware attack, while in March a cyberattack crippled the systems of US freight forwarding company Expeditors International.

“We have seen that the number of attacks has only gone up over the past year, and over the next six months, as supply chain shortages intensify, we expect hackers to take advantage,” said Altman.

The ongoing digitalisation of logistics and the use of autonomous systems creates more vulnerabilities and loopholes, explained Altman. “There is also often a disconnect between the information technology systems and operational technology systems at ports and onboard ships. These two types of systems should be segregated but they are not, and it poses a lot of danger for machinery that moves cargo and navigates ships. The stuff you don’t want attackers to touch,” he said.

Ransomware gangs are increasingly targeting companies with critical operations, according to Altman. For example, CyberCube warned against the increased threat to space infrastructure and technology, such as satellites, ground terminals and user stations, as governments develop anti-satellite weapons and other space military capabilities.

“These are single points of failure that are critical to the functioning of society that are increasingly being targeted… It’s only a matter of time before there is an attack on a single point of failure in space, such as the global positioning system,” he said.

Following the attack on the Colonial Pipeline in the US, which attracted the attention of law enforcement agencies, ransomware gangs have switched to lower profile critical smaller and mid-sized business. For example, cyber criminals are now targeting the agricultural, food supply and healthcare sectors, which can least afford downtime, yet often lack the cyber security resources to fight off determined attacks, he said.

Ransomware attacks are also growing more sophisticated, timing attacks for maximum damage, as well as using double or triple extortion, and distributed denial-of-service (DDoS) attack to prolong business interruption, he said.

Altman also warned that the LockBit ransomware gang is poised to become the most active ransomware gang in the world. Although it targets a wide range of industries, it prefers vulnerable companies in the legal profession, as well as large manufacturing and construction companies. In May, LockBit hit a manufacturing plant owned by iPhone manufacturer Foxconn, disrupting operations.

However, there are signs that actions taken by insurers in recent years may be stemming the tide of ransomware losses, according to Altman. Ransomware-as-a-service gangs typically target companies with poor cyber hygiene, while insurers increasingly score risks and use analytics tools to identify companies that are most susceptible to losses.

“It is clear that starting in late 2019, loss ratios for P&C industry, aggregate standalone, and packaged cyber risk begin to reflect the rise in ransomware-as-a-service. These criminal actors are largely responsible for the cyber loss experience by companies over the past three years. However, beginning in 2020, and accelerating through 2021, we saw rate increases to account for the outsized frequency and severity of ransomware,” said Altman.

“Today, alongside those rate increases and reductions in coverage, we do see positive signs that cyber insurers are adopting pro-active measures to reduce cyber risk,” he said.

Source: https://www.commercialriskonline.com/cyber-criminals-target-vulnerable-marine-supply-chains/

This new standard has been developed by the IASME Consortium together with the Royal Institution of Naval Architects (RINA), to raise cyber security standards within the maritime sector.

The baseline offers shipping companies the certification required to assert their vessels uphold the maritime cyber security regulation standards. The baseline includes the audit of different types of vessels, such as commercial vessels, especially cargo, passenger ferries, and yachts. It also covers crewed and autonomous vessels.

Nir Ayalon, Cydome’s CEO, said: “We’re very proud to become the first international Certification Body for Maritime Cyber Baseline – and to join the IASME consortium. This step is aligned with Cydome’s vision of providing maritime organisations with the ability to show their cyber resilience through a quick automated process – reducing the friction, hassle, cost and time of manual audits. Getting a Maritime Cyber Baseline certification will give a strong message to the shipping companies, insurance companies and the management of the commitment to having a secure fleet – and to mitigate cyber risks.”

Cydome, a cyber security company for the maritime industry, offers advanced cyber security capabilities designed to fend off maritime cybercrime on and offshore.

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7967-cydome-approved-to-certify-vessels-for-maritime-cyber-baseline

The IMO’s 2021 cyber risk management code (IMO 2021) sets a framework and baseline for cyber security resilience, but Inmarsat advocates for going beyond simple regulatory compliance.

“The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts,” said Ben Palmer, President, Inmarsat Maritime.

With cyberattacks against the maritime sector on the rise, the Inmarsat report promotes Unified Threat Management (UTM) as a foundation for managing cyber risks. UTM combines a range of defences like antivirus programmes, firewalls, intrusion and detection systems and content filters in one software and hardware package. Inmarsat offers its own Fleet Secure UTM which it says streamlines the installation and operation of security infrastructure.

By making security easier to configure and maintain, UTM also makes proactive cyber security more accessible to maritime companies, said Inmarsat.

The report notes a 2021 penetration test across 100 vessels in a particular fleet. Of 292 emails sent to fleet nodes, 92% were opened, a link inside was clicked by 90 seafaring officers and 44 of those went on to enter sensitive information on a website.

Should bad actors succeed in accessing systems, vulnerabilities within our industry include: Bridge systems, Cargo handling and management systems, Propulsion and machinery management and power control systems, Access control systems, Passenger servicing and management systems, Passenger facing public networks, Administrative and crew welfare systems, and Communication systems.

Inmarsat uses Danish tanker company Evergas as an example of a shipping company facing its cyber security responsibilities.

Evergas IT Manager, Poul Rævdal, said: “Regulations provide a good starting point, but it is important from our perspective to go above and beyond the guidelines… Being able to unify the separate parts of our network security into a single solution and deal primarily with one supplier allows our IT team to focus on optimising the day-to-day support given to our ships and systems.”

The report goes into further detail on seafarer training and awareness, the vectors of attack used against the maritime industry, creating a cyber security aware culture, pathways to regulatory compliance and moving beyond compliance.

Source: https://www.seatrade-maritime.com/technology/inmarsat-issues-guidance-fortifying-cyber-security

A new report from Inmarsat, the world leader in global mobile satellite communications, highlights the role of the International Maritime Organization’s (IMO) 2021 Cyber Risk Management Code in providing a framework for cyber resilience , but warns that combating attacks is not limited to compliance alone. Compiled by maritime innovation consultancy Thetius, Beyond Compliance – Cyber Risk Management After IMO 2021 encourages proactivity in preventing and mitigating the impact of cyberattacks.

“Ensuring data resilience and cybersecurity are key concerns for the shipping industry,” said Ben Palmer, president of Inmarsat Maritime. “The IMO guidelines on maritime cyber risk management have helped stakeholders deal with cyber threats, but the nature of digital attacks continues to evolve due to advances in computer technology and the development of geopolitical conflicts. In the 12 months between May 2020 and May 2021, cyberattacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone. [1]

“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to managing cyber risks.”

One of the pillars of this approach is Unified Threat Management (UTM). By combining solutions such as firewalls, anti-virus programs, content filters, and intrusion detection and detection systems into a single hardware and software package, Inmarsat’s Fleet Secure UTM streamlines installation, configuration, administration and maintenance of the network security infrastructure. It helps shipping companies, like Denmark-based Evergas, raise safety standards beyond regulatory compliance.

Evergas IT Manager, Poul Rævdal, said: “The regulations are a good start, but it is important from our point of view to go beyond the guidelines, and Inmarsat’s comprehensive Fleet Secure solution facilitates a proactive approach to network security. Being able to unify the different parts of our network security into one solution and deal primarily with one vendor allows our IT team to focus on optimizing day-to-day support to our vessels and systems.

The continued development of seafarer training has been another key bulwark in shipping cybersecurity defenses. Inmarsat’s Fleet Secure Cyber Awareness training program contains everything crew need to know to be aware of vulnerabilities and suspicious behavior online with guidance on best practices. This training module is offered free of charge to all Fleet Secure Endpoint users.

Effective cyber risk management must consider multiple attackers and various lines of attack – targeted and random. Threat actors are making continuous efforts to update their strategies, developing malicious coding, scanning for vulnerabilities in hardware and software, and responding to human behavior. Only by being proactive can shipping stay ahead of cybercriminals.

Source: https://rushhourtimes.com/cyber-risk-management-beyond-imo-2021-compliance/

Cydome has been confirmed as the first international certification body for Maritime Cyber Baseline, a new programme developed by the IASME consortium, together with the Royal Institution of Naval Architects, to raise cybersecurity standards within the maritime sector.

Based in the UK, IASME works alongside a network of certification bodies to help certify organisations of all sizes in both cyber security and counter fraud, with Cydome the latest to be added to that list.

The newly developed baseline offers shipping companies certification to assert that their vessels uphold maritime cybersecurity regulation standards and includes audits of different types of vessels, such as commercial vessels, passenger ferries, and yachts. It also covers both crewed and autonomous ships.

Cydome has been approved to provide certification services for the baseline, with its automated compliance system able to be applied to assess an entire fleet’s cyber risk status.

“We’re very proud to become the first international certification body for Maritime Cyber Baseline and to join the IASME consortium,” said Nir Ayalon, Cydome’s CEO.

“This step is aligned with Cydome’s vision of providing maritime organisations with the ability to show their cyber resilience through a quick automated process – reducing the friction, hassle, cost and time of manual audits.”

“Getting a Maritime Cyber Baseline certification will give a strong message to the shipping companies, insurance companies and the management of the commitment to having a secure fleet – and to mitigate cyber risks.”

Source: https://smartmaritimenetwork.com/2022/07/19/cydome-approved-to-offer-maritime-cyber-baseline-certification/

NEW YORK, May 13, 2022 (GLOBE NEWSWIRE) — Guardforce AI Co., Limited (“Guardforce AI” or the “Company”) (GFAI, Financial)(GFAIW, Financial), an integrated security solutions provider, announced today that Handshake Networking Limited (“Handshake”), a subsidiary of the Company, has developed an automated marine scanning service designed to address key security vulnerabilities in the maritime transportation industry. The Company also announced it has launched this new service with one of the world’s leading operators of global container vessels based in Hong Kong.

Handshake Networking is a premier information security service provider, with a track record of providing network security solutions, including penetration testing, to multinational corporations since 2004. Assessing vulnerabilities and cyber-attacks on vessels at sea is complex, as these vessels move unpredictably between network providers. However, the new service, provided by the Company under a Software-as-a-Service (SaaS) model, addresses these vulnerabilities by allowing marine vessel operators to schedule security scans, adapting to unpredictable changes in the network and speeding up response time to a ship, even in the middle of the ocean. Once a scan is completed, the vessel operator receives a report showing any exposed services and vulnerabilities. This scanning platform provides global coverage and is hosted within the Company’s cloud environment.

Based on recent shipping fleet statistics from UK Department for Transport, at the end of 2021, there were an estimated 63,000 trading vessels in service around the world. Each of these ships contains complex computer systems for managing the engines, fuel and navigation, as well as e-mail, software updates, and access to cloud applications. Connection to global networks via satellite and cellular data is critical; however, this multiple network connectivity makes ships vulnerable to cyber-attack.

Terence Yap, Chairman of Guardforce AI, stated, “We are pleased to announce the launch of our automated marine scanning platform with one of the premier operators of global container vessels. Prior to our selection, our new automated marine scanning service was heavily evaluated by this customer, providing strong validation of the robustness of this cyber intelligence offering and application within the maritime transportation industry. With rapid digitalization of the industry, more and more global shipping companies have come to realize the economic impact of cybercrimes and the need for efficient solutions to help prevent these risks. Cybersecurity solutions are more urgent than ever as International Maritime Organization regulation requires that all vessels and ships worldwide include cyber risk management in their safety management systems in accordance with the International Safety Management (ISM) code. Cybersecurity attacks represent an unprecedented threat to the shipping industry, as well as to the global community, and we anticipate that the demand for our solutions will continue to grow.”

Richard Stagg, Managing Director of Handshake, stated, “International logistics is a prime target for cyber-attack and threats directed at vessels can affect crew, cargo and even ports – as well as the smooth functioning of the ships’ operations. Through our SasS offering, we can provide our customers with a truly cost-effective solution that encourages frequent security checks. With more than 17 years of experience as a provider of information security services, Handshake is well positioned to efficiently assess information security even on container vessels, despite the technical constraints. We look forward to accelerating the commercial rollout of our marine scanning service, which we believe will play an invaluable role in defending corporations and critical infrastructure worldwide.”

Source: https://www.gurufocus.com/news/1820121/guardforce-announces-its-subsidiary-handshake-networking-has-launched-a-new-cybersecurity-marine-scanning-service-with-a-leading-operator-of-global-container-vessels

With crew welfare and cyber security at the forefront of shipping’s operations, in the post-pandemic world, satellite services are becoming ever so important. Hellenic Shipping News Worldwide , discusses with Mr. Damian Staples, Vice President, Wholesale with Inmarsat about the company’s offerings and latest market trends.

Inmarsat has a long-lasting record of strong presence among Greek shipowners. How was this relationship forged and where is it moving today, in terms of new technologies?

Yes, the relationship with the Greek maritime community goes way back, almost 40 years now and it was forged on safety, an issue which has remained the core of our proposition to the market and the shipping industry until today and obviously is also critical in the Greek market. The other thing that makes us strong in Greece, are our local partnerships. We’ve worked consistently with a number of partners in this region, who themselves have maintained a very close relationship with ship owners. These partners are very loyal to Inmarsat and have worked very closely with us on our technology roadmap to make sure that we are considering the needs of the owners and the managers, in the way that we evolve ourselves in the future.

You mention loyalty. Do you see that many owners do infact stay loyal with one brand or partner throughout many years? If so, which are the reasons behind this?

It comes down to close collaboration and this is the reason that we are so focused to working with local partners in this region; because of how important those close relationships are to the owners. Having a close relationship with the people that they work with, who are based here, who understand how their business works, who are close to them in the way that they are evolving their business and their technology needs. So for us, based in the UK, it’s very important to work through those local resellers who are very close to the market and the local requirements, to help us understand how to evolve our services. I think it’s that integrated collaboration between the owners, their local partners and those partners with Inmarsat that’s helped us maintain and strengthen this partnership over the years.

How is technology evolution helping companies like Inmarsat advance their product and service offerings in the maritime market?

The key is increased bandwidth consumption and its importance to the evolution of the industry. Everywhere you look around Posidonia, the conferences are highlighting the importance of technological evolution of the entire maritime industry and most of what you see, depends on connectivity. Without it none of this works. So, as the industry grows and becomes more technologically advanced in a digital direction, the connectivity becomes more important, it needs to be reliable and secure and these are the things that have made Inmarsat very strong through the years and that’s why we continue to invest in our network to make sure that we provide a global, reliable and secure service to make sure that we meet the increasing bandwidth requirements of the industry.

Which is the main trend now, in terms of companies’ focus?

The climate element is key. How do you invest in advanced services that will make you more ecologically conscious, reduce your carbon footprint while also helping your company’s bottom line? This is particularly true for owners who are incentivized by banks, for other reasons, to reduce their environmental impact. Crew welfare is also an important theme, one that we’ve highlighted ourselves as well, in Inmarsat. As we’ve seen through the pandemic years, we need to make sure that we look after crew members, both from an entertainment perspective, but also from a health perspective, as they’ve been forced to remain on board the vessel for an increasing amount of time. All of these things can only be delivered by high bandwidth connectivity services and we’ve seen the consumption of our network increasing dramatically particularly over the pandemic and we don’t see that going backwards, it’s a one-way street.

In terms of bandwidth growth, which is the current situation? When should we see the next incremental step?

It’s hard to predict, as there are different phenomenons happening in parallel. On the one hand we’re seeing dramatic bandwidth growth, but on the other hand, as a result of that, we’re seeing a lot of innovation around how the bandwidth is being used, both in terms of more effective bandwidth management and also services that are more efficient in the way that they consume the bandwidth. So I think that those two things will sort of intercept at one point, but it’s hard to predict when will that arrive. For the moment the push is to continue to increase capacity which are doing through our growth roadmap over the next 12-18 months to ensure that we are responding the meeting the increasing demand. I don’t see it plateauing within that time period, but as a result of the increased network bandwidth and the fact that that’s not going to abate anytime soon, I think that we can expect that there will be more innovation in bandwidth efficiency and they way it’s been consumed over time. But we’re probably talking two or three years down the line for these applications coming through.
Nikos Roussanoglou, Hellenic Shipping News Worldwide

Source: https://www.hellenicshippingnews.com/satellite-services-even-more-important-in-the-post-pandemic-shipping-era/

KOCHI: The sixth Deputy National Adviser level meeting of the Colombo Security Conclave held in Kochi resolved to join hands to ensure maritime safety and security and to fight terrorism, radicalization, trafficking and organized crime. In the opening session, the delegates called for greater cooperation among the member countries.

Representatives of India, Maldives, Mauritius, and Sri Lanka and observer countries Bangladesh and Seychelles attended the conclave. The delegation from Bangladesh, who arrived in Kochi, could not attend the conclave due to medical reasons.

In his opening remarks, Deputy National Security Advisor of India Vikram Misri said the efforts to tackle narcotics trafficking and organized crime and mitigation of ill effects of pollution were concrete examples of the cooperation among law enforcement agencies of member countries. “Cyber security and cyber technology will play an important role in our efforts to manage threats and build cooperation in an ever challenging environment,” he said.

Seeking India’s help to ensure the safe repatriation of displaced Myanmar nationals to their country of origin, Defence Advisor at the Bangladesh High Commission in New Delhi, Mohammed Abdul Kalam Azad, said India should play an effective role in addressing the issue. “Thousands of displaced Myanmar nationals are facing an uncertain future and they are getting attracted to extremism, radicalism and drugs,” he said.

Sri Lanka’s Chief of Defence Staff General Shavendra Silva suggested that joint working groups should be formed to collect and disseminate intelligence to tackle various threats including terrorism and radicalisation. Pointing out that trafficking and organised crimes have been a major security threat, he said the conclave is an ideal platform for cooperation in tackling the trafficking of drugs and terrorism.

Stressing on the need for collaboration and coordination to address issues of common concern and outlook, Maldives foreign secretary Ahmed Latheef said the country’s economy is heavily dependent on maritime security and Maldives has remained vulnerable to threats of trafficking, organised crime and terrorism, which emanate through the maritime domain.

“Protection of coastal community, marine environment and resources have been out priority. The security dimensions are large and complex. We have to share information, knowledge and skills to improve maritime security,” he said.

There should be a coordinated effort to tackle common security threats, said representative of Mauritius Yoidhisteer Thecka.

“The member countries should cooperate to tackle the threats involving cyber security, terrorism, radicalisation and drug trafficking. Illegal, unreported and unregulated fishing and damages to environment are other challenges. Mauritius is eager to participate in joint security initiatives,” said Thecka, who is the Principal Coordinator of Security Matters at the Mauritius Prime Minister’s Office

Chief of Staff of Defence Forces of Seychelles Colonel Simon Archange Dine sought collaboration to protect the marine resources.

Source: https://www.newindianexpress.com/cities/kochi/2022/jul/07/colombo-security-conclave-agrees-to-fight-maritime-threats-jointly-2474005.html

PUBLISHED JUL 6, 2022 5:18 PM BY THE MARITIME EXECUTIVE

The National Maritime Law Enforcement Academy (NMLEA) has selected HudsonCyber’s innovative cyber risk management program, PortLogixTM, to drive organizational cybersecurity resilience in its recently launched port digitalization and accreditation initiative. Unique in the maritime industry, PortLogix enables cybersecurity self-assessment, program management, dynamic investment and resource planning, real-time trend analysis, and long-term benchmarking.

Launched in early 2021, PortLogix has since served a wide range of port authorities, terminal operators, and port community systems around the world. Part of its success lies in the fact that PortLogix integrates the cybersecurity best practices and standards published by NIST, ISO and ENISA and seamlessly harmonizes them with national and IMO regulatory requirements. Significantly, PortLogix’s maturity-model approach and vendor-agnostic recommendations have also been embraced by many leading global insurance brokerages and underwriters to support the evolving cybersecurity insurance market in the global maritime industry.

As the maritime industry rapidly digitalizes, the physical and cyber threat landscapes are increasingly overlapping. To address the growing threat to the maritime sector, the NMLEA has launched its Maritime Security Accreditation and Digitization Program (“MARSEC ADaPt”) to establish a baseline pre-requisite standard that will enhance and drive maritime security readiness and resiliency. The program will integrate asset digitalization capabilities with maritime security vulnerability assessments, training, exercises, and cybersecurity.

As part of its MARSEC ADaPt implementation, the Tampa Port Authority d/b/a Port Tampa Bay successfully completed its PortLogix implementation this past May. After engaging and committing to the cybersecurity assessment process, Ken Washington, Chief Information Officer and Mark Dubina, Vice President of Security at Port Tampa Bay, expressed their enthusiasm and strong support for the PortLogix evaluation and assessment process.

NMLEA founded MARSEC ADaPt on the core capabilities of two key organizations: ARES Security and HudsonCyber. ARES Security drives the accreditation initiative by digitizing critical maritime infrastructure, known as Digital Twins, and offering digital data to optimize security risk management, vulnerability analysis, and security training functions. HudsonCyber drives cybersecurity resilience through its award-winning platform, port-tailored platform PortLogix.

“Ports will benefit through a reduction in annual costs associated with ongoing Maritime Transportation Security Act (MTSA) regulatory compliance,” said NMLEA Executive Director Mark DuPont. “Through the NMLEA MARSEC ADaPt Program, ports will be able to implement a nationally-recognized baseline standard for maritime security – a standard that has not previously been established.”

“Advancements in maritime digitalization are accelerating and have broad security implementations for today’s ports and port terminal operators. It makes data security a top concern for port executives,” added Max Bobys, vice president of HudsonCyber. “Through in-depth multi-stakeholder engagement, we’re able to not only assess a port’s overall cybersecurity capabilities, we’re also able to drive cross-functional cybersecurity awareness and from there facilitate consensus-driven buy-in regarding prioritization and resource allocation decision-making. And that ultimately drives organization wide cultural change, improved accountability, and board level engagement.”

Source: https://www.maritime-executive.com/index.php/corporate/hudsoncyber-portlogix-selected-as-cybersecurity-core-of-marsec-program

Shipowners, operators and managers need greater cyber resilience as they introduce higher levels of digitalisation across their fleets

Ships and ports are increasingly becoming victims of cyber attacks as networks and vessel IT is further linked to online and cloud-based services.

Delegates at Riviera Maritime Media’s Maritime Cyber Risk Management Forum, held 28 June in association with Norton Rose Fulbright, heard they need to integrate cyber security into their digitalisation programmes.

International Seaways vice president and chief information and security officer Amit Basu said cyber resilience should be embedded in newbuild projects and retrofitted into existing ship systems. “Digitalisation is growing at an extremely swift rate, which is causing a significant increase of the cyber-attack surface on the ships,” he said.

On the other side, cyber criminals are innovating and are more sophisticated in their approach to the maritime industry with targeted attacks more common.

“Cyber security alone is not enough anymore, it is time to aim for cyber resilience,” said Mr Basu. “Cyber resilience is an organisation’s ability to withstand and quickly recover from cyber events disrupting usual business.”

He recommends owners manage cyber security with a multi-layered approach encompassing people, processes and technology.

“Align IT and business for a united front against the cyber threats,” said Mr Basu.

Cyber resiliency objectives need to be aligned with digital transformation business goals and these initiatives must embed cyber-security measures in the project specifications from the initiation stage.

“Integrate cyber security into digital transformation programmes,” said Mr Basu. “Our entire industry must build together a cyber resilient ecosystem.”

Wärtsilä Voyage head of cyber security technology Paivi Brunou said evolving technologies driving shipping forward increase the risk of cyber attacks.

“With the advent of highly digitalised shipping, remote operations andautonomous navigation, cyber security is becoming critical to the emerging technological improvements in maritime environments,” she said.

Shipowners should therefore implement context-relevant and effective cyber controls and capabilities to reduce attack surfaces in their systems. Vessel operators need to identify the residual risks and “work together to implement best way to minimise those through layered security activities,” said Ms Brunou.

She suggested working with third parties on security, collaborating with partners and sharing information on cyber security related near-misses and incidents via a trusted channel.

“The industry needs to take action to increase cyber security and resiliency by leveraging public and private partnerships and collaboration,” she said.

“Maritime cyber security needs to be ready not only for what is happening today, but what will be a reality during the next decade.”

Inmarsat director Laurie Eve said achieving cyber resilience requires many elements of security and threat intelligence as well as training, secure network connections and incident response plans.

“Training needs to refreshed, updated and continuous, with a no-blame culture to encourage issue reporting,” said Mr Eve.

He said shipowners should consider employing a security operations centre to provide intelligence and monitor onboard networks to maintain a situational awareness of threats.

An incident response plan can be used when security is overcome by a cyber threat.

“Assume there will be a breach at some point and be ready to limit the damage,” Mr Eve said. “Invest in an incident management policy, provide training and do rehearsals and use existing guidance.”

Inmarsat has a Fleet Secure portfolio of products and services for securing end points, communications and email, and increasing crew awareness and unified threat management.

Newer Posts

Older Posts

Cyber criminals target vulnerable marine supply chains

Cydome approved to certify vessels for Maritime Cyber Baseline

Inmarsat issues guidance on fortifying cyber security

Cyber risk management beyond IMO 2021 compliance

Cydome approved to offer Maritime Cyber Baseline certification

Guardforce Announces its Subsidiary, Handshake Networking, has Launched a New Cyber-Security Marine Scanning Service with a Leading Operator of Global Container Vessels

Satellite Services Even More Important in the Post-Pandemic Shipping Era

Colombo security conclave agrees to fight maritime threats jointly

HudsonCyber PortLogix Selected as Cybersecurity Core of MARSEC Program

Cyber resilience is core for ship security

News

Latest Flag State Announcements on Electronic Record Books (ERBs) for Ships

Enhanced Guidelines for Maritime Safety: Key Updates in RightShip's RISQ v3.1

US Coast Guard releases final rule on maritime security and cybersecurity standards

Quick Menu

Company DETAILS

ISO 9001:2015 CERTIFIED