𝐌𝐚𝐫𝐢𝐭𝐢𝐦𝐞 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
With the advent of Industry 4.0, OT and IT systems have converged and exposed to Cyber world. It has increased possibilities for operational optimisation, cost savings and more sustainable business. However, it has also brought in inherent cyber risks.
Maritime Industry which is entering the digital era to become smart and autonomous has similar characteristics. However, Cyber risks and challenges posed for Maritime industry is more elevated compared to other industries.
It is significant to know that starting from January 2021, it is now mandated for Maritime companies to include Cyber Risk Management in their Security Management System.
While all other known cyber threats and challenges for IT & OT systems are equally applicable to this industry, below are some elevated risks and challenges considerable to note.
Significant Financial Losses: Losses incur due to disruption of operations are significant. For example, NotPetya attack on Maersk in 2017 suffered financial losses up to USD300M due to disruption of operations.
Disruption of Essential Goods and Supplies: This industry transports essentials goods in bulk and cross borders. Halting or delays in the supplies can have its own cumulative impacts.
Threat to Lives: Not only passenger ships but goods carrying vessels are also manned with crew and poses threat to their lives.
Man in the Middle (Sea): Information intercepted by pirates can reveal the location of sea to them.
Data Manipulation: By manipulating data of navigation system like ECDIS, ships can be navigated to wrong destination for robbery or hacks.
Discovery and Monitoring of devices: Many of the legacy devices deployed on vessels don’t support IP stack and communicate using RS232/Radio technology which are difficult to discover and monitor using available tools.
Global Supply Chain Risks: Ships that interface online with shoreside parties and other parts of the global supply chain inherits cyber risks from those suppliers.
Air Gap Controls: The air gap between OT systems on Vessel and IT systems is quite wider and require stringent administrative controls to address security challenges.
GDPR/International Compliances: Determining applicability and addressing GDPR or other international privacy/security compliances is a challenge.
Management Buy-in: In order to seek complete support and buy-in of management, need to talk in the language of International Marine Organizations and Associations.