- The maritime sector is being targeted by highly motivated cybercriminals and the shipping industry should be on the highest alert for a cyber-attack.
- The maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.
- A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain.
- The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office.
According to an article published by Ajot, the maritime sector is being targeted by highly motivated cybercriminals and the shipping industry should be on the highest alert for a cyber-attack, warned Naval Dome CEO Itai Sela.
Warning Issued
Speaking at the Singapore Maritime Technology Conference (SMTC) 2019, organized by the Maritime and Port Authority of Singapore, Sela said: “Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”
Sela’s warning follows widespread concern that the maritime industry remains vulnerable and is not doing enough to protect itself.
Importance of cybersecurity
During a round table discussion in which several companies informed the Greek shipping community of the importance of cybersecurity, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”.
US Congressman John Garamendi made a similar comment during a Brookings Institution debate on securing US maritime commerce. “Congress is aware of the cyber risks,” he said, “but not adequately engaged nor adequately addressing the problem.”
“The maritime industry is just not prepared,” Sela told SMTC delegates. “Shipping is a US$4 trillion global industry responsible for transporting 80% of the world’s energy, commodities, and goods, so any activity that disrupts global trade will have far-reaching consequences. It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.”
IEC 62443 certification standard
Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack.
“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.
Level 4 attack
The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”
Sela said: “For a few thousand dollars sophisticated ‘viruses’ can be easily bought on the dark web, so it is quite easy to implement a Level 4 attack now. Level 4 cyber protection results in a system or equipment that even those with enough time, money and motivation will be unable to penetrate. Every shipboard PC-based system has to be protected individually.”
Need for improvement
The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cybercrime. However, Naval Dome believes the best solution is based on technology that removes the human element altogether.
In his presentation to the Singapore maritime community, Sela suggested that a ship can be used as a very effective weapon to “create chaos and destruction” at the port.
Need for efficient control
“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years, we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”
Sela said a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether it is infected or cyber clean. “I strongly recommend that all Port Authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: Ajot