The European Maritime Cyber Risk Management summit held in London focused on discussing ship cyber security breaches and how they can be avoided by implementing cutting edge technology and policies to prevent crews from inadvertently infecting shipboard systems.
“The problem is that when crew or operators use USB sticks to upload system files or log on using their own mobile phones, laptops and tablets or open an infected email, they can potentially upload a malware virus or worse,” said Naval Dome CEO Itai Sela at the conference.
Every minute there are 150 million emails sent globally by more than 4 billion internet users; therefore it is safe to assume that some of these will be infected and opened by unsuspecting crew members.
“The biggest issue is the internal attack and the human element is definitely part of the problem. Crew training alone is not a solution,” said Sela. “Also, when a technician boards a vessel and connects a laptop or equipment directly to the ECDIS or RADAR to fix or service these systems, can they verify their own systems are secure and have not been infected?”
Moreover, there is also an external threat. Many systems on board are still based on old operating systems, such as Windows XP, Windows 7, or Linux, which were not designed and manufactured with a consideration for cyber threat. The fact that many of these systems remain unprotected was a significant concern raised by Lloyd’s Register’s Elisa Cassi, Product Manager, Cyber Security.
“Industrial control systems may still run on separate networks, but true physical isolation is becoming the exception rather than the norm. Even with no direct connection, malware can bridge air-gapped networks by exploiting human activity and operator error,” said Cassi.
The fragmented, cost-conscious and competitive nature of the maritime industry makes it an attractive target for hackers; therefore the industry should implements an anonymous cyber-attack reporting scheme and consider establishing a Maritime Charter of Trust to propose industry-wide protocols for dealing with the threat.