Maritime Cybersecurity

A Step-by-Step Guide to Maritime Cyber
Security

A Step-by-Step
Guide to
Maritime Cyber
Security

What is maritime cyber security management?

Maritime cyber security management is the process of enabling the continuity of current operations as well as new business initiatives, regardless of any and all cyber-related risks.

Many will claim that the goal of a maritime cyber security management strategy is to minimize the impact of cyber threats on the hardware and software systems on which maritime and logistics businesses rely.

Cyber security threats are impossible to prevent entirely; instead, the goal of businesses needs to be containing threats to an acceptable level of risk and preparing the business for the inevitability of an attack. Risk acceptability depends on which systems and stakeholders are involved, and how much disruption they can tolerate.

Assess

Respond

Plan

Practice

“

Cyber security threats are impossible to prevent entirely;
instead, the goal of businesses needs to be containing
threats

The unique challenges of maritime cyber security

Many maritime and logistics companies still consider cybersecurity “an IT issue”. This means a lack of shared accountability by the rest of the management and the organization. There is also limited consideration and resources, since cyber then becomes an IT task rather than a seperate, dedicated challenge that requires specific knowledge and a specialized approach.

Additionally, cyber security in maritime and logistics companies lags behind, due to a lack of regulation and under estimation of the threat. This underestimation mostly derives form being a B2B industry, which is incorrectly perceived to be less sensitive than the B2C industry.

Another common mistake when managing maritime cyber security risks is to treat them like generic cyber security risks. In reality, the threats faced by maritime and logistics businesses are unique in several ways.

Rushed digitalization means increased attack surface

The uptick in logistics operations that occurred partly in response to the pandemic meant that many maritime and logistics businesses rushed to digitize their operations rapidly to enhance their capabilities. It seems that security was rarely a priority during this process.

The result is maritime IT systems that are now ripe for cyber attack, yet have few defenses in place to mitigate the risks and potential impact of such attacks. And you can be sure that cybercriminals are keen to exploit this as they turn to maritime companies as low-hanging fruit for cyber attacks.

Cyber security as an operational imperative

Cyber threats are a serious risk for any type of business. But they’re especially serious for maritime and logistics businesses.

The level of disruption that cyber attacks can cause companies shipping goods around the world cannot be understated. Even relatively minor attacks can have literally global consequences; if they disrupt logistics operations that require tremendous coordination it will trigger a chain reaction.

Even relatively minor attacks can have literally global consequences

Legacy
technology

Many globally connected maritime and shipping networks and infrastructures continue to rely on legacy technologies that weren’t designed to be connected to the Internet, but now are.

These include a mix of information technology (IT) and operational technology (OT) systems used by internal crew and third-party vendors, which extends the potential for a compromise by cybercriminals.

According to Safety at Sea and BIMCO, only 15% of maritime businesses say they test their continuity plans regularly to mitigate the risk of cyber attack. 42% believe that their organization is protected against OT cyber threats, but it’s difficult to judge until an attack occurs.

Only 15 %
of maritime businesses say they test their continuity plans regularly

More
sophisticated
attacks

With a rise in profits that logistics companies are now seeing, cybercriminals are more motivated to attack. They have developed more sophisticated tactics, such as leveraging AI and using “invisible” attack techniques to evade detection, cyberattacks against OT on ships are becoming the norm rather than the exception. If you need proof that maritime businesses are now in the crosshairs of cybercriminals, look no further than the devastating attack on the South African terminal operator Transet and attacks on logistics companies such as Toll Group, Hillerbrand and Hellman.

Complex
assets

It’s one thing to protect against cyber threats when your assets consist of on-prem or cloud based servers and computers, as do most businesses. It’s quite another when you’re a maritime or logistics company with operation centers and fleets of numerous classes and vintages that are spread throughout the world on land, air or sea.

Add Industrial Control Systems (ICS), OT systems and rapid, haphazardly planned digitization initiatives to the mix, and it becomes clear just how hard it is for the maritime industry in particular to stay on top of cyber threats.

Defense and
resilience

When it comes to cyber security, maritime and logistics businesses tend to focus their investments in defenses and under-invest in resiliency planning. This is a mistake because you simply can’t predict or prevent every type of threat ahead of time.

Investing in cyber resiliency has the potential to mitigate damage when an attack does occur by enhancing the control the business has. Without cyber resilience, cyber defense is incomplete. This is especially true in the maritime industry, where even small-scale cybercriminals can cause major disruptions to logistics networks. Planning for resilience helps ensure that complex shipping networks continue to operate when attacks inevitably take place.

See how we can boost your cyber security today

7 Steps To Strengthen Cyber Security And Resiliency

Maritime and logistics businesses can take a variety of steps to protect themselves from the unique cyber security challenges they face and ensure their cyber resiliency.

Know your weak spots

Identifying your weak spots requires a comprehensive review of all of the systems and processes that drive your operations. This includes evaluating physical infrastructure like communications, Industrial Control Systems and loading and stability systems, along with management and operational processes. It additionally requires assessing the risks faced by computer systems that manage port security and access, RFID technology and container optical recognition systems.

You can’t secure what you don’t understand. Identify your critical systems and systems where vulnerabilities are most likely to emerge so that you can take steps to mitigate the impact of attacks against them.

Assess risk exposure

Assess risk exposure by determining the likelihood and impact of a vulnerability exploitation by any external or internal actor. You can do this by conducting a current-situation assessment (a service that Cyberstar provides its clients).

A current-risk assessment uses knowledge about cybercriminals and exploit techniques to identify where cyber threats may come from, which vulnerabilities and security gaps they can exploit in each system.

Develop a response plan

Proactively develop a response plan that spells out who will do what, how information about the incident will be communicated, and which fallback systems will be used if a critical system is breached. Steps like these facilitate resiliency by maximizing your ability to maintain operations during an attack.

Not all incidents pose the same level of risk, of course, and not all systems are equally important to operations. For that reason, response and resiliency plans should be granular, to reflect different types of attacks and different scales of threats.

Cyberstar can assist in the development of a response plan as part of our end-to-end event management service, as well as by consulting with C-level stakeholders. Our extensive experience in managing cyber crises, combined with our profound, native understanding of the specific concerns and pain points of the maritime and logistics industry, uniquely positions us to develop effective response plans for businesses in this sector.

Don’t wait until an attack occurs to determine how to respond.

Drills help to ensure that everyone knows what to do to get back on track as quickly as possible

Perform cyber security drills

Cyber resilience hinges on preparations; planning for breaches is not enough to minimize their impact. Practice is essential; test your plans by performing cyber security drills, which allow you to act out the steps you’ll take when defenses go down.

Drills help to ensure that everyone knows what to do to get back on track as quickly as possible, with minimal disruption to operations.

Cyberstar includes cyber security drills in its training program, which provides staff awareness and readiness education, C-level workshops, tabletop exercises and complex war games that teach stakeholders exactly what a real cyber attack entails.

Build backup systems

Data backups and system images help to restore operations quickly following a breach. But they only work well if your backup resources are isolated from production systems, otherwise, cybercriminals may wipe out the backups, or plant malware into them as part of their attack. It is also critical to have a restore plan in place so that you can rebuild critical systems rapidly.

Since operational continuity is a key concern for maritime and logistics businesses, any back up system should be designed with this in mind, enabling the company to access and operate at a certain level for several days, even without its core systems. This should not be the standard back up, but a separate back up done in the context of resiliency following a cyber attack. This can be accomplished mapping critical business processes and creating the necessary solution required to survive and keep operating while the IT department is working on recovering the core systems.

Finally, be sure you can rapidly determine how cybercriminals got into your systems, then remove that vulnerability from your backups, before performing a restore. Without this final step, cybercriminals may simply launch a new breach against your recovered system, by exploiting the very same vulnerability.

You can’t reliably predict where, when or how an attack will occur, but you can mitigate an attack’s impact

Implement multiple layers of protection

It’s crucial to defend critical systems and data with multiple layers of protection. You can’t reliably predict where, when or how an attack will occur, but you can mitigate an attack’s impact by using layers to prevent it from escalating once cybercriminals have breached your infrastructure.

Multi-layered protection means securing all components of your IT and OT infrastructure. Security should be baked not just into software applications, but also into hardware, physical and virtual access controls, communications infrastructure and so on.

Of course, these protections must be balanced against the access requirements of personnel, as well as the operational needs of technology. In other words, you need a balance between protection and functionality.

Make cyber resiliency a business-wide priority

Cyber security and especially cyber resiliency isn’t the domain of IT experts alone -- especially not in the maritime and logistics industry, where so much is at stake.

Instead, businesses need to build cyber security into every part of their operations. The finance team, legal, customer relations specialists and more all have a role to play in building cyber resiliency -- as do C-level executives.

All stakeholders should help to define which operations to prioritize during an attack, which redundancies to build into systems, how to manage communications during a breach and who will make critical decisions during an attack.