Understanding cyber risk
The latest spout of cyber attacks has been a wake-up call for shipping, highlighting the risks of operating on outdated platforms and the ease of infecting multiple systems by clicking on apparently innocent-looking emails, warns Global Navigation Solutions (GNS).
“The scale of the problem is daunting and the task of managing it often falls to an IT department whose budgets and technical expertise are already under pressure,” says GNS, which stresses that cyber security is everybody’s problem, with “decisions made at C-level flowing down to sea-level.”
While it is believed that seafarers looking for news from home and entertainment is considered one of the weakest links in the chain, research by Inmarsat suggests that 90 percent of those surveyed had received no cyber security training.
GNS previously outlined six steps to outline cyber security, starting with promoting cyber security awareness for everyone, seafarers and shoreside office users alike. “Simple measures, employed by all can go a long way to preventing costly, and sometimes dangerous, cyber security problems,” explains GNS.
The other steps include, controlling access – physically and through strong passwords, backing-up data, using a firewall as an outer layer of defence, thinking before you click, and keeping systems of software up to date.
According to GNS, ships host a lot of outdated IT infrastructure – including systems vulnerable to hacking. “In addition, it’s not unusual for systems to be compromised long before an attack happens – hackers tend to gain access then wait for an opening that will deliver a large prize – which suggests that there may be significant numbers of already compromised floating assets,” warns GNS.
GNS suggests that evidence from the recent Nor-Shipping cyber panel points to “vessels in port – and the ports themselves – as holding potentially the greatest threat of infection.
“Any future regulation thus needs to take a coordinated approach from ship to port and along the supply chain to end users.”
The preventative steps that can be taken “needn’t cost a lot of money. The costs of a cleanup are much higher”, explains GNS. The six simple steps provide a layered defence, which in combination “makes life even more difficult for those that threaten the integrity of IT and other systems.”