Cyber security is challenging in any context. But in the maritime and logistics industry, it presents a unique level of difficulty and headache, for several reasons.
The intensely physical nature of maritime and logistics businesses is one issue. With vessels and containers spread around the world, cyberattacks that cause even minor disruptions to logistics systems can result in major havoc.
At the same time, unlike many other industries, the logistics and maritime sector has lagged behind in the adoption of cyber security tools and processes. And even when they do go to adopt best practices, they are likely to find that many of the cyber security solutions and strategies that predominate today were not designed for this industry.
Indeed, there is a total lack of uniform cyber security standards tailored for maritime and logistics companies in particular. The result is that many businesses in this sector end up trying to define their own strategies, string together their own tools and manage security incidents using their own approaches. The end result is typically not the most efficient or effective response to security threats.
This sorry state of maritime and logistics cyber security is the bad news. The good news is that modernizing your approach to cyber security doesn’t have to be difficult. It all boils down to following five basic steps for securing the critical systems that drive maritime and logistics businesses.
Toward that end, let’s look at each of those steps and explain how they form the basis for a cyber security strategy designed for the unique needs of this sector.
Step 1: Identify your maritime cyber security risks
Securing maritime and logistics businesses against cyberattacks starts by determining which critical systems are vulnerable to attack, and how severe those vulnerabilities are. Logistics companies have some of the most complex operational systems of any industry. They are designed to handle high volumes of assets and data, involving thousands of people, with a great degree of interdependence. This dramatically increases the attack surface, making it all the more critical to identify vulnerabilities.
As you evaluate your systems for this purpose, keep in mind that preventing an attack entirely is impossible. Thus, the point of identifying vulnerable systems is not simply to shore them up and guarantee they will never be breached. It’s also to help you identify which parts of your business are likely to be severely disrupted during a cyberattack. This will give you a good understanding of the potential business impact if and when any of those systems are compromised, which can help you formulate a resilience plan in advance.
Step 2: Develop a response plan for cyber resilience
Although you can’t predict exactly where, when or how an attack will occur, you can only plan ahead for how you will respond. Moreover, as a maritime and logistics company, your customer’s critical goods and supply chains will be impacted as a result of an attack, creating massive collateral damage. Having a tangible plan will help to minimize the damage and improve customer support during the crisis, which will have a long term impact on both your reputation and customer retention.
Your cyber security incident response plan should include details about the following:
- Roles and responsibilities: Who will do what and when in response to the incident
- Communication plan: How, when and with whom your business will communicate regarding the incident, both internally and externally
- Business continuity: How will you manage your critical processes to ensure some level of service to your customers is maintained. (Are you capable of maintaining service during the disruption?)
- Drills: How you will practice your response plan using cyber drills.
That last point is especially important. Cyber security response plans are only useful when they are practiced, not to mention that such drills help to identify gaps in current response and resilience plans. Unless you run through response drills on a regular basis, you can’t be sure that your team will be able to react quickly should a breach strike.
Step 3: Develop a recovery plan
Most maritime and logistics businesses are still vulnerable to situations where they are not sure how to handle the fallout of an attack — specifically from an operational perspective. The response plan we just discussed covers how your business will react to a cyber security event. But you should also have a recovery plan in place, which details how you will restore functionality, as well as data, to critical systems following an attack.
The recovery plan should be based on backups that you perform regularly to protect critical systems and include alternative systems and processes that can be developed and implemented. Ideally, those backups will be stored separately to your production systems as alternative systems and processes. This helps ensure that the backups remain available if attackers breach your main environment, providing management with greater capability to maintain overall availability during and after a cyber attack.
Your recovery plan should also spell out which systems will be recovered first, based on their priority level for your business.
The caveat in relying on backups is that statistics show that systems’ downtime can last as long as 21 days. Therefore, on top of backups, the recovery plan should include an interim contingency solution, either manual, semi-manual or fully “alternative” IT based (usually on a separate cloud), per each company’s needs. The recovery plan must include a phase of restoration of data from the contingency solution to the core IT systems, once they are restored.
Step 4: Defend critical maritime systems and data
Relying on prevention alone should never be the crux of your maritime cyber security strategy, which is why it’s not at the top of our list. But it should still factor in. Unfortunately, the maritime industry faces greater cyber security issues due to a lack of standard cyber security regulations. Compared to other industries which are governed by strict regulations, maritime and logistics companies have to bridge this gap alone, making defending their data that much more challenging.
To help prevent attacks, you should harden critical systems and data with multiple layers of protection. Remember to secure both your IT and OT infrastructure. Whenever you secure a resource, your goal should be to bake security into software applications, hardware, physical and virtual access controls, communications infrastructure and any other layers or facets that exist within the system.
A key aspect of a timely reaction – which is frequently lacking or has insufficient investment – is monitoring. Monitoring is not a tool, it’s a process which combines utilization of your systems’ logging and audit capabilities with understanding what’s right in your environment. Complete definition and implementation of monitoring capabilities is crucial for cyber security. This is done by creating digital visibility of your assets and processes, whereby each unfamiliar action, pattern or internal network movement will trigger an alarm. This will help you “catch” the attacker before it’s too late. In other cases, it will help you to respond more efficiently in case it’s a bit too late.
Step 5: Build maritime cyber security into all of your operations
Finally, you should invest in cultural changes that make cyber security a priority across your business. During every operation, every employee should be thinking about the cyber security implications of what he or she is doing, and taking steps to mitigate the risks.
Building a collective culture of cyber security requires copious support from the executive level. Toward that end, educate your C-suite about the unique cyber security risks that maritime and logistics businesses face, and involve executives centrally in your resilience planning and cyber drills.
The maritime industry faces the additional challenge of having a high level of interdependence of companies in the supply chain. Add to this the cyber-relevant issues of the ports and terminals with which logistics companies do business on a daily basis. All this must be taken into account in order to effectively build maritime cyber security into your operations.
Maritime and logistics companies are ripe for cyberattack due to poor preparation, and cybercriminals know it. That’s why it’s absolutely critical for businesses in this sector to invest in cyber security planning and tools that are tailored for the unique needs of maritime cyber security. To learn how Cyberstar can help your business plan a maritime cyber resilience strategy: