Op-Ed: How to mitigate risk against a cybersecurity breach

Credit: Shutterstock

By Kristin McGillicuddy, Senior Marketing Manager, Commercial & Leisure Maritime

There is no doubt that the rate of cybersecurity breaches in the maritime industry is increasing in both frequency and scope with cyber criminals learning how to exploit a minor breach and escalate it into a major security issue.

This has led to the International Maritime Organization (IMO) issuing Resolution MSC.428 (98), requiring all vessels to include cyber risk management in their safety management systems and develop onboard procedures and mitigation measures for cybersecurity.

Bridge Systems

New technology on vessels and the increase in digitalization has meant that there are multiple points of entry for a prospective hacker including:

Includes navigation systems with interfaces to shoreside networks. Automatic identification systems (AIS), voyage data recorders (VDR), automatic radar plotting aids (ARPA).

Propulsion Systems

Sensors relay data on equipment performance and, if used in conjunction with remote condition-based monitoring systems, especially if integrated with navigation and communications equipment on ships, can make them even more vulnerable to attack.

Access Control Systems

Ensures the physical security and safety of a ship and its cargo including surveillance and shipboard security alarms.

Passenger servicing and management systems

Digital systems used for boarding and access control which holds valuable passenger data.

Passenger facing public networks

Fixed or wireless networks connected to the internet installed onboard for passenger access such as guest entertainment systems.

Administrative and crew welfare systems

Onboard computer networks used for the administration of the ship or welfare of crew.

Communication systems

Internet connectivity via satellite or other wireless connection.

How to Mitigate Risk

Vessel operators should start with a risk assessment to review all their onboard systems against potential cyber threats. It is also recommended that third-party cyber specialists undertake penetration tests to identify system weaknesses that could be exploited by cyber criminals.

The Centre for Internet Security (CIS) provides guidance on measures that can be used to address cyber security vulnerabilities.

Some key best practises include:

• Keeping Information Technology (IT) and Operations Technology (OT) systems on separate networks to reduce overall exposure should a breach occur on one of the systems.

• Limiting access to network systems so that only appropriate traffic is allowed via a controlled network or subnet.

• Ensuring firewalls, routers and switches have advanced capabilities and that all software updates are installed to maintain the highest levels of protection against unauthorized access.

• Allowing only senior officers to have administrator profiles. In this way they can restrict normal users access when using onboard computers, workstations or servers.

• Installing email and web browser protections to guard against the exchange of sensitive information.

• Checking the onboard satellite connectivity with the provider to ensure that appropriate measures are in place to protect the network. Also ensure when using a Virtual Private Network (VPN) that the data traffic is encrypted.

• Securing all USB ports on vessels to prevent malware infections from uncontrolled devices brought onboard by crew members or third parties.

• Enabling crew safe access to personal email, social media accounts and the internet during their leisure breaks.

These are just some of the areas which need to be considered when reviewing onboard cyber security so should not be considered an exhaustive list as network designs vary.

At KVH, we recommend that our clients adopt a multi-program approach to address the security of both satellite and terrestrial networks. For instance, our cloud email solution which allows vessels to access emails at sea or in port, has built-in spam and malware blocking with secure encrypted email exchange.

In addition, all employees whether onboard or ashore should be given cybersecurity breach awareness training as it tends to be a lack of knowledge amongst employees that leads to a lot of cyber security breaches.

KVH provides enterprise grade cybersecurity to vessels requiring the highest level of protection against cyber-threats. Called the KVH Managed Firewall Service powered by Fortinet, it is designed to complement the terminal-level security found in every TracNet hybrid terminal and TracPhone VSAT-only antenna.

In conclusion, a company’s most sensitive information should be buried away in controlled networks and partitioned by firewalls to create safe zones. The more firewalls that have to be passed through to access a zone, then the more secure the information will be.