Port Wings, 07 Oct 2020.
Cyber security is a modern challenge the shipping industry has to deal with, given the increase in cyber-attacks. Yet, the times are even harder now with modern ships, which are equipped with high-tech systems making them a vulnerable target.
Today, ships are equipped with autonomous technologies and are connected with their onshore facilities, making shipping operations more efficient on the one hand, but the vessels more vulnerable on the other, as they have to deal with several cyber risks.
It is stated that older versions of operating systems are a ship’s vulnerability. Older versions, combined with lack of security patches, can reduce the security of ship systems.
In general, oldest ships are the most vulnerable ones by having the oldest and least updated systems, which operate in a plaintext format or using old protocols for management or operation.
Operational technologies (OT) and information technology (IT) are not always assessed for security when designing and constructing a new vessel, while they are not always updated with new firmware and software updates.
Another vulnerability is third party access. This means that except the shipping company, the seafarers that make use of the ship’s systems, contractors and service providers may also have access.
Each company onboard its smart vessels is advised to implement security controls that will enforce two-party consent prior to a third party is able to access the ships’ systems.
While handling 90 percent of the global economy daily, maritime industry ashore and afloat remains increasingly vulnerable to cyber disruptions and attacks from “ne’er-do-wells and bad actors” that threaten financial markets and the country’s national security
Cybersecurity Experts say that the ship’s navigational system is easy to intercept giving hackers an incredible opportunity to change the course of a cruise or a superyacht. And the news comes just a few months after researchers have proved that the GPS system of a cruise or a boat can be altered to get them into collision with other vessels.
Earlier, experts believed that connected cars and other transport vehicles were at a risk to be ‘cyberjacked’. But now, the maritime industry is also realizing slowly that ships can also be intercepted via the internet by those prowling the web.
Earlier this week, French container shipping giant CMA CGM also confirmed a cyber attack impacting the company’s peripheral servers. CMA CGM thus became the fourth major shipping company to experience a cyber attack, after Swiss Mediterranean Shipping Company (MSC), China’s COSCO Shipping and Danish Maersk.
However, the International Maritime Organization (IMO) has been slow in realizing the fact and is still not showing consideration towards taking appropriate regulation when it comes to cybersecurity.
In the year 2014, the IMO did consult its members in what maritime cybersecurity guidelines should be implemented. The organization also came up with certain stipulations. But they were broad and not particularly maritime specific.
This is where cybercrooks are taking advantage and is doing what they the best- hack the network of a ship and act according to their objective. In some waters such as in the region of Korea, some companies are seen bribing hackers to cause damage to the shipments of their competitors by either changing the course of a ship causing delay or making the vessel collide with others- causing extreme damage to the company which owns the ship. IMO has identified that it has to address many challenges to make cybersecurity for the maritime industry foolproof. First, of all, it has found that there are many different classes of vehicles operating in different environments.
And these vessels have obsolete computer systems built into them. In order words, ships are being pushed towards cyber vulnerabilities due to outdated and unsupportive operating systems, which are often the ones prone to attacks. Note- If the systems onboard and the ones communicating with them on land are obsolete, then the trouble is unimaginable. In 2017, IMO tried to counter all vulnerabilities by offering general security management codes to explicitly include cyber security.
The first one was the International Ship and Port Facility Security Code (ISPS) and International Security Management Code(ISM). Both the codes were offered to educate the port and ship operators to conduct risk management processes. Hopefully, this looks to the start of a new era of a holistic approach to maritime cybersecurity regulation. And let’s hope that it is going to help to strengthen the cybersecurity defenses of Maritime businesses in near future.
In light of the dangers explaining above, it is recommended that the crew onboard a vessel are fully trained and aware of the challenges of network systems.