Maritime Cyber Security
With the digitisation of industrial control systems (ICS), vessels and ports are left exposed to new cyber security risks.
Maritime is the 5th most likely sector to be attacked
There has been a 400% increase in maritime related cyber attacks since February 2020. Cyber threats to operation technology like ECDIS and GPS, dynamic positioning, engine and cargo management no longer pose commercial and logistical risks to companies, but danger to life and the environment.
Maersk, the maritime giant responsible for 76 ports, 800 vessels and a fifth of the world’s shipping, was hit in 2017 by the encrypted malware called Petya. The attack was so devastating, that all employees of the company were locked out of their computers, key card access systems stopped working and container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers were affected.Maersk
Maritime Security Needs
Like many industries, the maritime sector depends increasingly on digitalisation, integration of operations, and automation in a global real-time management of worldwide shipping.
Vessel navigation, propulsion systems, emergency systems, cargo handling and container tracking systems onboard ships and in ports are all at risk of cyber attacks. The massive logistical challenges associated with shipyard inventories requires technology and automation to ensure the smooth running of operations.
Digitalisation and the increasing connection between information systems and operational systems is bringing new vulnerabilities. Hackers have demonstrated the ability to penetrate the systems used by the maritime industry. As cyber attacks increase in complexity and number, so does your need for a 24×7 Operational Technology (OT) Security Platform, designed specifically for Operational Technology.
Operational Technology (0T)
Maritime now has a greater reliance on digitalisation, integration, automation and network-based systems, creating an
increasing need for cyber risk management in the shipping industry. Some examples of Operational Technology include:
AIS (Automatic Identification System) that broadcasts the vessel’s identification data, cargo, current position and course.
CTS (Container Tracking System), used to track the contents and movement of containers using GPS.
ECDIS (Electronic Chart Display and Information System), the navigation information system that uses AIS messages, radar data and GPS to automate navigation tasks.
VDR (Voyage Data Recorder), the black box for a vessel.
EPIRB (Emergency Position Indicating Radio Beacon), used to broadcast emergency distress signals.
Generic security products can be used to gather high-level production data and monitor general activity, but alone have limited ability to protect the physical specialist maritime equipment.
Maritime Security Platform
Fundamentals First have taken an industry standard, Operational Technology platform and combined it with an enterprise Security Operations Centre (SOC). Not only can we offer you state of the art protection within your operational technology, but we can also patch, safeguard, and proactively hunt security issues across your desktop, server and network estate.
Put yourself in control, with a single pane of glass service that protects both your information technology and operational technology in one.
“Develop an integrated security strategy across IT, OT and Risk teams.”
“Complex and high impact cyber attacks which target operational industries are increasing exponentially. Many styles of Operational Technology cyber attacks are being seen, from malware attacks targeting safety systems, to ransomware locking companies out of their core IT systems. Focus on a holistic approach that covers general controls, enterprise architecture, enterprise risk management, IT service management, physical security, IT security, and OT security.”
IMO Cyber Security Guidance
the IMO (International Maritime Organisation) recognises cyber security as a significant threat to shipping, publishing the Maritime Cyber Risk Management Guidance, MSC-FAL.1/Circ.3 and adopting Resolution MSC.428(98).
The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems no later than the first annual verification of the company’s Document of Compliance after 1st January 2021. The resolution highlights ‘vulnerabilities arising from inadequate operation, integration, maintenance and design of cyber-related systems’ relating to operational technology and information technology.
The need for specific operational technology security as a result is clear. Talk to us about our integrated cyber-protection platform, providing complete visibility, segmentation, protection, and monitoring of your business.
Operational Technology Cyber Security Platform Benefits
24×7 Remote OT Monitoring
In 2017 twenty ships in the Black Seas had their GPS systems hacked, with all of their AIS (Automatic Identification System) reporting their location as being 32km inland. The incident was reported by US Maritime Administration, who believe that the attack was a new Russian weapon.US Maritime Administration
Get In Touch
Operating a shipping business or port without the appropriate Operational Technology cyber security is high risk.
To help you discover your level of risk, and to illustrate return on investment, we offer you a free consultation. Based on the consultation, a set of recommendations will be presented.
We help businesses of all sizes release their potential
Get in touch and we’ll advise how we can help.