Article written by Eric Klopper , Senior Cybersecurity Consultant at CYBER1 It is not surprising that way technology continues to dominate over our lives, given the exponential rate of development in the field of software development, evidenced by the continuing applicability of Moore’s Law, the observation that the number of transistors in an integrated circuit would double every two years, predicted that leading to faster, more powerful devices. The proliferation of ever faster, ever more efficient and numerous devices means that what also should come as no surprise is the unfortunate corollary of this technological advancement, namely an ever-increasing number of cyberattacks. With vastly expanded computer networks and complex Information Technology (IT) infrastructure systems come new attack vectors ready to be exploited by cyber attackers with a growing arsenal of tools that mirrors the observed increase in technological advancement itself. The effect of the above is that traditional methods of protection are no longer sufficient to guard against this evolving digital landscape.

Although, as is evident, cyber threats are becoming significantly more complex and increasing exponentially across all sectors, the maritime sector in particular is potentially vulnerable to this new threat landscape, as knowledge and application relating to cyber security is arguably in its relative infancy in this sector. Due to the lack of a comprehensive understanding of the threat landscape across the maritime industry, it is particularly to quantify the price of potential exposures and breaches, other than to assert that preparation for such events could, and should, be significantly improved across the sector.

There now exist vast new globally connected networks and infrastructures that are frequently reliant on legacy technologies, with such infrastructures comprising complex Operation and Information Technology (OT / IT) environments: these large and potentially vulnerable systems are utilized by both public and private entities, meaning that the footprint for compromise by hackers has never been bigger. The traditional mechanisms of cyber protection against attacks by these ‘bad actors’ are simply inadequate to meet these threats. The statement that ‘IT compromise can cost money, but OT compromise can cost lives’ is truly relevant in the Maritime Industry, especially if we recognise the importance of a vessel’s OT systems operating reliably whilst at sea, and the potentially catastrophic effect of OT Technology failure: when OT systems go down, infrastructure can stop permanently, with potentially disastrous consequences.

The scope of potential attack relating to a vessel’s OT is vast, and can comprise, for example, navigation and propulsion systems, as well as all connected software systems related to cargo handling, container tracking systems, and port and shipyard inventory management processes. This scope can extend to a massive supply chain, that includes cargo delivery to and from ports, bunkering services supplying fuel to vessels, as well as all provisioning services that make a trip possible for crew and passengers alike. If we combine the fact that the maritime industry is an important global industry that is, as evidenced above, vulnerable on an infrastructural level to cyber attack, with increasing media exposure around the risks to the sector and its related supply chains, the opportunity and incentive for the highly skilled hacker has never been greater, meaning far reaching consequences not just at an industry level, but on a national and potentially international level as well. The last few years have seen many events that have given the industry cause for concern and increased its exposure. Some of these have been unrelated to cyber security, such as the attacks on oil tankers in the Straits of Hormuz, where the vessels and cargo have become little more than pawns in a geopolitical war, while others were directly cyber security-related, such as the Ransomware attack on Mersk, the $10 million bunkering scam, and the Rotterdam drug trafficking incident to name but a few.

Two significant events occurring in 2019 that should focus the maritime industry’s attention were the Norsk Hydro Aluminium Smelter attack that caused crippling infrastructural damage, and in February 2019, the Port of New York incident, where the US Coast Guard announced that a ‘deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that it was experiencing a significant cyber incident impacting its shipboard network.’ During 2018 alone, the global maritime merchant fleet moved more than 10 billion tonnes of cargo, comprising more than 80% of all global goods transported during that period, with shipping bringing more than $100bn, $80bn, and $79bn respectively to the economies of Greece, China, and Japan alone. The maritime sector is a multi-trillion-dollar critical infrastructure industry, one that touches the lives of the majority of the global population: as a consequence, any significant attack (or attacks) on any part of this critical industry will undoubtedly result in untold disruption, that could have a truly global impact on people’s day-to-day lives. However, the last few years have seen a drive from a regulatory perspective, to create awareness around these emergent cyber security risks to the maritime industry, which has, through legislative means, compelled the industry to action . The new International Maritime Organization (IMO) Cyber Security regulations come into effect from the 1^st of January 2021: these could see a vessel heavily sanctioned for lack of compliance and, coupled with the already in force Intertanko Cyber Security Guidelines, could mean the difference between, for example, the major oil companies shipping cargo on board a vessel or not. A partnership with Cyber1 and the concomitant implementation of best-of-breed monitoring solutions, will give a unique view of the critical OT on-vessel systems that are essential to the proper functioning of a vessel, allowing, via satellite internet connection, an organization a fleet-wide view of real-time activities, While also giving Maritime Cyber Security Operations Centre analysts a real-time data flow, allowing them to inspect and respond to any important events, not just cyber security but also fleet maintenance-related. Cyber 1’s extensive network of third-party vendors enables access not only to industry-leading technology, but additionally to important connections with niche and visionary partners well-placed to facilitate the implementation of a cyber security solution best tailored to individual vessel and operator needs. The maritime cyber security industry may be in its very early days of development, but the risk to life, reputation, in addition to financial implications, has never been greater. However, this does not mean that organizations have to face this risk alone and unprepared. To learn more about how CYBER1, with its world-leading strategic approach and maritime IT, OT and Industrial Control System cyber security experience can help, through both our in-house technical team, as well as our advanced network of over 100 Cyber security vendors, please contact us at [email protected].