The maritime industry is vital to the global supply chain for food, medicine, consumer goods, fuel and many other products. As most of the world’s globally traded goods travel by sea, it is an attractive target for cyber attackers. As with most other industry sectors, maritime is experiencing considerable transformation, businesses are embracing digitalisation with vessels relying more on systems that utilise automation and integration than ever before, and securing maritime OT is now critical.
Digital Transformation Extends The Threat Landscape
With the adoption of smart, cutting-edge operational technology (OT), the threat landscape has changed significantly, and the potential for security compromises has been vastly increased and extended.
To date, most cyber security incidents involving shipping have been shore-based incidents, such as attacks against ports, shipping companies and their supply chains.
However new cyber risks have emerged as a result of digitisation, with sophisticated tactics exploiting the connectivity and complexity of IT and OT systems. As such it is inevitable that cyber attacks against OT on ships and offshore facilities will become normal occurrences, rather than exceptions.
From 2017 to 2020, reported cyber-attacks on the maritime industry’s operational technology (OT) systems increased by 900%, and with an increase in smart technology within the sector, this trend will only continue. In fact in 2020, The Maritime Professional publication stated that confirmed/reported attacks have increased 400% since the COVID-19 outbreak (according to the firm Naval Dome).
Such attacks are typically high impact, causing massive disruption to business operations, vessels, cargo, crew safety and business reputation, with the cost potentially running into millions of Pounds.
Securing maritime OT and the complex networks and connected environments across fleets and offshore organisations is critical for cyber resilience. However the barriers to improving cyber security are the very things that leave maritime and offshore businesses wide open to attack; a lack of awareness, understanding, visibility and monitoring across OT networks, coupled with poor physical security controls.
A Change of Culture Is Needed To Secure Maritime OT
Good cyber defence is not a one-off purchase, but a change in culture and how companies operate. There is much to consider when developing a maritime security plan, and it can take some time to pull together. There are however a number of things you can do in the short term to establish an initial baseline of cybersecurity for your vessels.
The Maritime Cyber Baseline Certification Scheme provides an affordable and quick route for vessel operators and owners to improve their cyber security, prepare for attacks and to ensure that cyber security plans meet the IMO Maritime Cyber Risk Guidelines.
To complement the certification scheme and the baseline audit process, Infosec Partners offers a 1 day Maritime Cyber Baseline training course where attendees will learn what areas of cyber are reviewed and tested, what is considered ‘sufficient’ in each area and how to check for readiness.
If you are looking for maritime cyber security advice and support, get in touch with our team of maritime OT cyber experts, they have a proven track record in helping maritime and shipping organisations become cyber safe.