banner shipping

Cyber Security in the Shipping Industry

 

With more than 90% of the world’s trade being carried by shipping, according to the United Nations’ International Maritime Organization, the maritime industry is an attractive target for cyber attackers. The European Union has recognized the importance of the maritime sector to the European and global economy and has included shipping in the Network and Information Systems (NIS) Directive, which deals with the protection from cyber threats of national critical infrastructure.

Ships are increasingly using systems that rely on digitalization, integration, and automation. While the IT world includes systems in offices, ports, and oil rigs, the OT world is used for a multitude of purposes, such as controlling engines and associated systems, cargo management, navigational systems, administration, etc.

The OT systems used aboard include:

  • Vessel Integrated Navigation System (VINS)
  • Global Positioning System (GPS)
  • Satellite Communications
  • Automatic Identification System (AIS)
  • Radar systems and electronic charts

Increased cyber safety risks

Until recently these systems were isolated from each other and from any external shore-based systems. However, the evolution of digital and communications technology has allowed the convergence of these two worlds.

While these technologies and systems provide significant efficiency benefits for the shipping industry, they also present risks to critical systems and processes linked to the operation of systems integral to shipping. These risks may result from vulnerabilities arising from inadequate operation, integration, maintenance, and design of cyber-enabled systems, and from intentional or unintentional cyber threats.

shaah shahidh subrrYxv8A unsplash

Guidelines for cyber resilience in the shipping industry

The IMO recommendations are aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and its core functions of:

  • Identify Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
  • Protect Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
  • Detect Develop and implement activities necessary to detect a cyber event in a timely manner.
  • Respond Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
  • Recover Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
shipping3

How ADACOM can help

 

CPS systems are key components of Industry v4.0, and they are already transforming how humans interact with the physical environment by integrating it with the cyber world. More specifically, IoT based oil spill detection solutions can greatly advance the preservation of oceanic ecosystems and help minimize the impact of such events. Securing these systems in the maritime environment requires careful consideration and planning.

ADACOM can help shipping organizations be resilient against cyber incidents and data breaches through a comprehensive risk management and cyber security technology adoption program, which includes the following:

Identify, evaluate and propose treatment for the cyber security related risks

Define and develop the information security management system in compliance with the international requirements

Maximize the effectiveness and the adoption of the required Information Security controls in both Company premises and Vessels.

Adoption of the required cyber security technology such as, endpoint protection, threat protection, privileged access management, identity management.

CONTANT US

Contact our experts to learn how you can enable your security online

info@adacom.com

ADACOM Solutions and Products

Cyber Security Consulting

Cyber Security Consulting team assists shipping companies, offering the following cyber security consulting services for headquarters and vessels:

  • Cyber Security Risk Assessment: Identify, evaluate and propose treatment for the cyber security related risks,
  • Cyber Security Awareness: Enhance the level of cyber security awareness to seafarers and employees of headquarters,
  • Cyber Security Policies & Procedures: Development of cyber security policies & procedures to cover the operation of a shipping company and vessels,
  • CISO Services: Undertake the task of being the Chief Information Security Officer of the company by conducting continuous support, monitoring and maintenance of the Information Security Management System of the company.

For the provision of the above services, we take into account below guidance and standards:

  1. IMO Guidelines on Cyber Risk Management
  2. The Guidelines on Cyber Security Onboard Ships produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
  3. ISO/IEC 27001 standard on Information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
  4. United States National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework).

TLS certificates and IoT devices

SSL certificates are widely used to ensure the security, identity, and integrity of websites, but they can also be used to increase the security of IoT devices.

Device authentication

The best security practices and security and privacy regulations, such as GDPR or NIS Directive, require strong security credentials to trust IoT devices on networks and in online applications. Before secure communications can take place between connected devices (e.g., device and a server or a device and a mobile phone), proper authentication must take place.

TLS certificates are installed (embedded) on connected devices and used to securely authenticate one device to another, ensure that only trusted devices are allowed to connect to a server, and enable trusted communications between devices to take place.

Data encryption

Further, the IoT ecosystem is composed of interconnected networks of diverse systems allowing a variety of communications. Because these communications facilitate powerful services, secure communication capabilities become a critical matter. IoT brings the benefit of being able to analyze information in real-time but that same benefit can expose systems to risks such as eavesdropping on sensitive messages and/or sending fraudulent messages.

Digital certificates guarantee that the highest level of encryption is being used to secure messages and ensures that exchanged messages are not intercepted, modified, or replaced with false messages.

Enhanced IoT security

SSL/TLS certificates can be used to greatly strengthen security in internet connected IoT devices of “smart ships”:

  • An IoT device can be given a publicly trusted TLS certificate, which allows users to connect to it (via their smartphone or other device) just as they would to a secure website. Because this SSL certificate is also publicly trusted, a user will not have to click through a security warning, or to add an exception on their device for a self-signed certificate.
  • An IoT device can request a client certificate from a user’s device to perform specific tasks. This is commonly used in IoT devices controlling critical systems, where the authentication and authorization of the user is required.
  • Once the communicating parties (device-to-device or device-to-user) have been authenticated, their connection is encrypted. This prevents the use of weak passwords and protects critical information from being intercepted during a cyberattack.
12

More Info

For more info regarding Maritime cyber security, read our following articles:

CONTANT US

Contact our experts to learn how you can enable your security online

info@adacom.com

Menu