Maritime Cybersecurity is a relatively new domain. I have created two posts related to cybersecurity which are presenting the basics, however this time, there will be specialist voices. Creating this article was a big pleasure for me. I have a chance to talk with experts in cybersecurity, and I am really excited that I can share their thoughts with You!
Check what are thinking different experts about cybersecurity. All of them have a little bit different background, however, maritime cybersecurity is expertise is growing now.
Daniel Amidon – Cybersecurity specialist with software experience
Daniel is a member of the globally ranked Samurai CTF team. Specialize in reverse engineering, binary exploitation, blockchain security, and have experience in full-stack web/app development.
Daniel Amidon:
I’d suppose the interference with OT networks and systems gives safety risks to workers and the cargo the ships carry as well. With this, a lot of damage is given to ocean life. I am not an expert in exactly the maritime industry. So I will try to point more global things. There’s a high risk of ship network infrastructure since that’s what runs the ship. Once that goes down the crew and cargo are in trouble. With all of it being automated these days, you never know what’ll happen cause a skilled hacker would remote into the ship’s system via satellite communication, if possible. As a high risk I will point to satellite security. In conclusion, I recommend this article!
Xavier Boreau – Cofounder of HarfangLap – Cybersecurity Specialist
Xavier is a Co-founder of a HarfangLab. HarfangLab has developed an EDR (Endpoint Detection and Response) software to detect and neutralize cyber attacks. They can also hunt proactively for threats in your IT system.
Any doubt about your IT system, call for us for a deep investigation at www.harfanglab.fr
Xavier Boreau:
In my opinion, one of the biggest risks I see for modern ships would be interning malevolence. Ships information systems should be equipped with digital investigation tools. That kind of tool is increasing the security level. I don’t believe that modern vessels are equipped with this kind of system.
Thodoris Efstathiou – Maritime Cybersecurity Specialist
Thodoris is a results-driven and innovative ICT. Professional with hands-on experience in the engineering, administration and troubleshooting. He has experience with diverse information systems and networks. Technology savvy and security conscious ,always eager to stay abreast of current and emerging ICT advancements by enhancing and developing his skills through constant study and training.
Thodoris Efstathiou:
Nowadays, cybersecurity is in the foreground since the fast-paced technological advancements of computing and communications along with the emergence of the Internet of Things (IoT) and Cloud Services have brought about major problems regarding confidentiality, integrity and availability of information – except the plethora of advantages. Information security is considered as one of the most fundamental and critical factors of any computerized and digital environment and maritime domain is not an exception to the rule. Undoubtedly, modern ships have adopted many ICT components as well as automated machinery, industrial control and SCADA systems in order to optimize operations, increase productivity, improve cargo management and be competitive.
Contemporary ships belong to cyber-physical systems since they incorporate SCADA and Industrial Control (IC) systems to monitor, manipulate cargo management, propulsion, ballast, oil and water pumps, engine, and so on and so forth. Modern ships, as floating mobile information platforms, combine OT systems, automation, physical devices, sensors, and actuators interacting with physical interfaces but use old and outdated software. Therefore, major security challenges arise from ships by inheriting important weaknesses from various deployed systems rendering them attractive moving targets.
Finally, I fervently advocate that Operational Technology (OT) like bridge navigation systems and electro-mechanical control is the weakest point in cybersecurity for modern ships since more and more of such systems are networked together and connected to public networks and the Internet putting them at high risk of being compromised by cybercriminals resulting in serious consequences even imperiling safety of life.
Richard Hodder – Maritime Cybersecurity expert – CEO Pelion Consulting
Richard has over 15 years of experience in telecommunications and IT security, across various industries. He comes well prepared for today’s cybersecurity challenges. As active privacy advocates with a passion for the latest technology, Richard can provide the assistance required to design and implement bespoke and personal solutions, that provide security, safety, and peace of mind. His company Pelion Consulting specializes in cybersecurity in the yacht sector.
Richard Hodder:
A mindset that “it’ll never happen to me” exists in certain quarters of the superyacht sector. When it comes to cybersecurity we know that’s just not true.
Training and awareness, for all crew members, is especially important in order to develop a cyber conscious environment onboard. This shouldn’t stop at the vessel and its crew. Just as important is the complicated and sometimes ambiguous supply chain serving the vessel.
We talk about a digital footprint, but do we know how to minimize that, where our data is, and who’s handling it?
A lack of willingness to invest in cybersecurity is one of the biggest risks. As it involves so many facets and disciplines it’s crucial that trusted third-party vendors are brought in to smooth the way and spread the responsibility – cybersecurity should be part of daily operations and not an afterthought.
Jegan Kolappan – Cybersecurity Specialist with Cloud security experience
Jegan Cybersecurity expert at Siemens Energy with an emphasis on cloud security. He supports Third Party Risk Management team to assess and evaluate cyber risks posed by third parties and their engagements.
Jegan Kolappan:
It goes without saying that the maritime and shipping sector plays a vital role in the global economy; as of 2021 90% of global trade is being carried by shipping. Organizations are increasingly depending on Information technology (IT) and Operational Technology (OT) environments for vessel navigation, communications, onboard engineering, cargo management, and so on. With these technologies come along numerous threat vectors for threat actors to exploit.
Actually, over the last years, cyber-attacks on the maritime industry’s OT environments increased by 900%. And that does not include the attacks that we haven’t discovered yet. In my opinion, some of the common threats against the industry include; Ransomware attacks (2017 NotPetya), Cyber espionage to steal sensitive information, Malicious code to disrupt OT/IT systems, and Phishing attacks. In conclusion, though the attack percentage is comparatively meager when compared with other sectors, it is time we had proper cybersecurity industry standards for the technologies and systems used in the industry
Ian Murphy – Cybersecurity Specialist with experience in Maritime Cybersecurity
Ian has started his professional career in the early ’90s in the Ministry of Defence. He sauntered into the dot com bubble before worming my way into vendor land and a career in pre-sales and product management. Last 15 years he worked in different industries in different security roles. His latest venture, CyberOff. Breathes life, fun, and entertainment into the cybersecurity industry. Engaging videos, posters, and eBooks all in the name of helping others stay safer online by increasing their cyber-savvy.
Ian Murphy:
So I have a background in maritime having worked with the Navy on Submarines. For me, the biggest challenges aboard are always ones that have a direct impact on life. So anything that has the potential to cause harm to life via things like viruses, breaches, etc. It Will always come first and to that end, general user education is the frailty here.
Having people download things to personal equipment over ships wifi/sat links or use ships equipment to do the same can have a massive effect. Taking over the ship’s navigation or OT devices will always get people’s attention. And it is basic stuff really.
Caroline Troein – Cybersecurity Lead Researcher
Caroline helps people to understand how technology is changing around the world. What the opportunities that stem from those changes. Whether looking at the evolving nature of cybersecurity, exploring technology changes in LAC and Africa, examining the impact of e-governance. She takes big ideas around technology and innovation turn into actionable frameworks.
Caroline Troein:
I have actually done some work in the maritime sphere in the past. This is a very timely question. Many in the industry have been aware that cybersecurity is important for the past decade. I remember there being a panel on this at the CMA Shipping conference a few years back.
In some ways, the shipping industry has been at the forefront of risk management for centuries, with classification societies. On cybersecurity, the shipping industry needs to catch up. Within the shipping industry, there are a couple of significant cybersecurity challenges. Like complex systems, a lack of clear roles and responsibilities, and staff training. All of these come back to risk management that needs support from the top to the bottom. An understanding of what impact change can have.
I could go on – about the different operators who have different priorities (eg, a port operator may have different priorities than a ship, cargo versus tankers, different countries, etc.) Shipping is international, and navigating different security standards or concerns based on different geographies is a legitimate challenge.
Gregory Villano – Maritime Cybersecurity Expert
Gregory is an industrial cybersecurity specialist with strong maritime/offshore background. Knowledgeable Industrial Control System (ICS) Cybersecurity Leader. He creates procedures, identifies risks, develops a strategy for cybersecurity in the maritime business.
Gregory Villano:
In my opinion, the people are the biggest risk / weakest point in cybersecurity for modern vessels. Today’s (and future) technology has advanced much more rapidly than the training for the personnel that has to utilize it each day onboard. The vessel personnel has no real grasp on the risks that this technology can introduce to the onboard systems. The majority of vessel personnel are unable to identify a cyber event as it is unfolding. Along with that, they have no idea how to report such an event or even how to respond or recover. Unfortunately, maritime-related cybersecurity training (especially for industrial control systems) is lacking for the entire industry.
Rockford Weitz – Ph.D. is a Professor of Practice & Director of the Fletcher Maritime Studies Program at Tufts University’s Fletcher School.
Rockford Weitz, J.D., Ph.D. is a Professor of Practice & Director of the Fletcher Maritime Studies Program at Tufts University’s Fletcher School. He also serves as President of the Institute for Global Maritime Studies Inc., a 501(c)(3) non-profit seeking practical solutions to global maritime challenges, and President & CEO at Rhumb Line International LLC, a consultancy providing strategic advice to entrepreneurs and startups. Investor and Advisor of http://www.oceanshield.co/
Rockford Weitz:
I think that Operational Technology systems present the biggest cyber-security risk in modern ships. In general, IT systems on ships tend to be much more secure than OT systems, which are often installed by OEMs or other third parties, such as marine engine manufacturers. Ballast systems and marine engines usually have glaring OT vulnerabilities.
What are the biggest risks in maritime cybersecurity in your opinion?
We are all waiting to see Your opinion!
I have created two posts related to cybersecurity which are presenting the basics, how by easy steps we can increase the security level. If You are more interested in the subject check them: here and here.
[…] Richard! This is already the second time when we can talk. The first time I was asking You about the Main risks in Maritime Cybersecurity. (Article available here) Could you introduce yourself and your area of expertise? And where people interested in your […]
[…] with Cybersecurity specialists Mission Secure, we have created a new series of articles about Cybersecurity Incidents in the maritime industry. The last thing You want is to find in the headline is […]
Really fantastic website with some great maritime industry-related content. Well done Mateusz!
Thank You Tom!