Cyber threat is new unwarranted intentional or unintentional action which effects our technologies, computers, programs and data. Cyber security is not only about IT and its peripherals, and it is not only the responsibility of IT departments alone. Company and organization required to take a holistic, proactive, risk-based and well-practiced approach to identify the threat, invest in infrastructure and training, to make each staff and crew member aware about it.
The days are not far when there will a requirement of cyber certification and company will have to employ a Cyber Security Officer in office, and on board a passenger vessel.
On one hand reports are received about Japan and Norway developing and testing ships without crewmember, and on the other hand we are hearing news of Wannacry and Petya cyber attack. Due to lack of defence mechanism risk of attack is always high on oceangoing vessels, however the impact of an incident to be most likely to confined to a single ship.
Recent cyber attack on major shipping company office computer system has caused congestion in 76 ports operated by them and delay in cargo worldwide. Company has put the cost to this attack at $300mn.
In companies, a simple way of hacking could be hacking the emails, if emails are hacked, then hacker would monitor all emails to and from, specially from finance department. Whenever any big supplier will send an email and ask for payment, the virus would simply changed the text of the message before it was read, adding a different bank account number. A bunker supplier’s million dollar invoice can be settled to hacker’s account by simple hacking of email.
Below are the minimum protective elements on board now a days for cyber security, it must be included in IT procedure and followed by all;
- Fire wall
- Back up files regularly and keep anti-virus software up to date.
- Access control
- Spam filtering
- Anti phishing
- Strong passwords/two-factor authentication where necessary
- Encryption of sensitive data – at storage or when transmitted.
- Protection of ports of all hardware against using any foreign device.
- Do not allow any third party, service engineers, suppliers to connect their devices to onboard system.
- Remove all old and redundant system completely. It can be used as on board hacking device by hackers.
- Data and information from obsolete system should be destroyed completely before disposing off.
Immediate action is required by used in case threat of hacking is felt or attacked –
- Power off the device and contact IT department.
- Disconnect your PC from the internet.
- Reformat the hard drive.
Increased dependency on automation, digitalisation and shore to ship connectivity is making the ships vulnerable to cyber attack. Most important vulnerable systems are as below and what would be the effect of attacking these systems;
- Bridge equipment – Autopilot, Radar, Gyro, ECDIS, Dynamic Positioning system, AIS, SVDR – It will cause loss of navigational integrity.
- Communication system – Satellite, VOIP, Internet, WLANs
- Propulsion and machinery system – Main Engine governing, Power management, Integrated Control System, Alarm monitoring system – Loss of propulsion or external control of ship.
- Access control system – BNWAS, CCTV network, SSAS can be
- Cargo management system – Cargo planning & control system, Ballast Control system, Alarm and level indicators.
- Passenger information – health records, financial records of passengers on cruise ship can be hacked.
- Core infrastructure – VPN, Firewall, security gateway, LAN. Can be used to still ship’s data or information.
The cyber attack would cause following incidents, which should be included in contingency plan of cyber attack of ship;
- loss of availability of electronic navigational equipment or loss of integrity of navigation related data.
- loss of availability or integrity of external data sources, including but not limited to GNSS
loss of essential connectivity with the shore, including but not limited to the availability of
Global Maritime Distress and Safety System (GMDSS) communication
Loss of availability of industrial control systems, including propulsion, auxiliary systems and other critical systems, as well as loss of integrity of data management and control
The event of a ransom ware or denial or service incident.