Embedded Files
https://blog.ipleaders.in/maritime-law/
management approaches, actions, training, best practices, assurance, and technologies used to protect maritime organizations, their vessels, and their cyber environment.
And according to the International Maritime Organization (IMO), maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety, or security failures as a consequence of information or systems being corrupted, lost or compromised.
Many of the globally connected networks and infrastructures at sea still leverage legacy technologies that were not built to be connected to the Internet. These complex networks include a blend of information technology (IT) and operational technology (OT) systems (we’ll cover those in the next section) used by internal crew and third-party vendors, extending the potential for a compromise by hackers or insider threats.
There was a time when connectivity on a vessel was minimal, and ship control engineers addressed security issues with air gapping to physically isolate a secure network from unsecured networks. By definition, an air-gapped system is neither connected to the Internet nor any other system. But now, using something as simple as a USB flash drive or unsecured Wi-Fi connection, a malicious hacker or even an inexperienced insider could infiltrate and infect critical systems. This development is especially concerning given the connectivity of modern maritime vessels.
Connectivity on a Modern Maritime Vessel
Connectivity on a Modern Maritime Vessel
Bridge Control
Bridge systems, automatic identification system (AIS), voyage data recorder (VDR), automatic radar plotting aid (ARPA)
Propulsion & Power
Engine control, steering, fuel management, onboard machinery monitoring and control, generators
Navigation
GPS/GNSS, electronic chart display and information system (ECDIS), radar, weather systems
Loading & Stability
Ballast systems, hull stress, stability control, stability decision support systems, cargo management systems
Safety Systems
Fire and flood control, tracking, shipboard security, CCTV, emergency shutdown
Communications
Satellite internet communications, ship-to-shore, ship-to-ship, handheld radios, voice-over-IP (VoIP)
Operations Security
Human-machine interfaces (HMIs), logic controllers (PLCs), digital and analog sensors, electronics
Network Security
Firewalls, segmentation devices, antivirus software, software updates, vendor patches
Physical Security
Server rooms, access control, bridge, machinery spaces, network infrastructure
Ship Networks
Email, customs and immigration, personnel administration, maintenance and spares management
Crew Network
Email, Wi-Fi, wired, bring your own device (BYOD)
Supply Chain
Remote or on-shore vendor updates, maintenance, and administration
Maritime Cybersecurity
Maritime Cybersecurity
In this guide, we will help you navigate the ins and outs of maritime cybersecurity, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.
Download your Ebook
Take your reading offline and get an in-depth look at industrial control system (ICS) & operational technology (OT) cybersecurity for maritime & shipping.
Table of Contents
Table of Contents
Ships and other vessels may seem like unusual targets for cyberattacks. But with their growing use of industrial control systems (ICS) and satellite communications, hackers have a new playground that’s ripe for attack.”
Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyber-attacks. But with their growing use of industrial control systems (ICS) and satellite communications, hackers have a new playground that’s ripe for attack.
In a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey, despite the majority of respondents (77%) viewing cyber-attacks as a high or medium risk to their organizations, few appear to be prepared for the aftermath of such an attack. 64% of respondents said their organization has a business continuity plan in place to follow in the event of a cyber incident, but only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 42% of respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”
77%
77%
77% view cyber-attacks as high or medium risks
Yet,
42%
42%
only 42% protect vessels from OT cyber threats.
As hackers become even more sophisticated in their tactics, it’s inevitable that cyber-attacks against OT on ships are becoming the norm rather than the exception. It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats.
In this guide, we will help you navigate the ins and outs of maritime cybersecurity, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.
Let's get started
Let's get started
What is Maritime Cybersecurity?
What is Maritime Cybersecurity?
Maritime cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies used to protect maritime organizations, their vessels, and their cyber environment.
...the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies used to protect maritime organizations, their vessels, and their cyber environment.
And according to the International Maritime Organization (IMO), maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety, or security failures as a consequence of information or systems being corrupted, lost or compromised.
Many of the globally connected networks and infrastructures at sea still leverage legacy technologies that were not built to be connected to the Internet. These complex networks include a blend of information technology (IT) and operational technology (OT) systems (we’ll cover those in the next section) used by internal crew and third-party vendors, extending the potential for a compromise by hackers or insider threats.
There was a time when connectivity on a vessel was minimal, and ship control engineers addressed security issues with air gapping to physically isolate a secure network from unsecured networks. By definition, an air-gapped system is neither connected to the Internet nor any other system. But now, using something as simple as a USB flash drive or unsecured Wi-Fi connection, a malicious hacker or even an inexperienced insider could infiltrate and infect critical systems. This development is especially concerning given the connectivity of modern maritime vessels.
Connectivity on a Modern Maritime Vessel
Connectivity on a Modern Maritime Vessel
Bridge Control
Bridge systems, automatic identification system (AIS), voyage data recorder (VDR), automatic radar plotting aid (ARPA)
Propulsion & Power
Engine control, steering, fuel management, onboard machinery monitoring and control, generators
Navigation
GPS/GNSS, electronic chart display and information system (ECDIS), radar, weather systems
Loading & Stability
Ballast systems, hull stress, stability control, stability decision support systems, cargo management systems
Safety Systems
Fire and flood control, tracking, shipboard security, CCTV, emergency shutdown
Communications
Satellite internet communications, ship-to-shore, ship-to-ship, handheld radios, voice-over-IP (VoIP)
Operations Security
Human-machine interfaces (HMIs), logic controllers (PLCs), digital and analog sensors, electronics
Network Security
Firewalls, segmentation devices, antivirus software, software updates, vendor patches
Physical Security
Server rooms, access control, bridge, machinery spaces, network infrastructure
Ship Networks
Email, customs and immigration, personnel administration, maintenance and spares management
Crew Network
Email, Wi-Fi, wired, bring your own device (BYOD)
Supply Chain
Remote or on-shore vendor updates, maintenance, and administration
Whether moving dry or liquid bulk, containers or cars, crude oil, products, or chemicals, the maritime industry is a critical backbone of our global economy. Protecting a vessel’s critical operations from cyber threats poses unique challenges with operation centers and fleets of numerous classes and vintages spread across the world, increasingly digitalized operations, and a complex environment merging IT with industrial control systems (ICS) and operational technology (OT).
Maritime Cyber Attacks: Real-World Lessons Learned from Maritime Cybersecurity Incidents
How do IT and OT Cybersecurity Differ?
How do IT and OT Cybersecurity Differ?
Operational technology (OT) is hardware and software that detects or causes a change through the direct monitoring and control of industrial equipment, assets, processes, and events. In contrast, information technology covers the entire spectrum of technologies for information processing, including software, hardware, communications technologies, and related services.
Before we delve into the cybersecurity challenges affecting the maritime industry, let’s take a step back and examine some of the differences between IT and OT systems. Some of the differences in system requirements include:
Differences in System Requirements*
Differences in System Requirements*
Performance
Bridge Control
Bridge systems, automatic identification system (AIS), voyage data recorder (VDR), automatic radar plotting aid (ARPA)
Propulsion & Power
Engine control, steering, fuel management, onboard machinery monitoring and control, generators
Navigation
GPS/GNSS, electronic chart display and information system (ECDIS), radar, weather systems
Page updated
Google Sites
Report abuse