Preparing and training the vessel and crew for a cyber incident, as well as having a working incidence response plan, is paramount to cyber security, experts agreed.
Year on year cyber-attacks are increasing in maritime, with 31% of respondents to the SAS cyber security survey saying their organisation experienced an attack in the 12 months prior to taking the survey in February 2020, compared with 24% in 2019’s survey results, and 22% in 2018. The most common effects of an attack were loss of money (28%), systems outage onshore (23%) and reputational damage (15%), preparation is key to limit these attacks and consequences.
Speaking at an SAS webinar held on 11 August, Fortifying the defences: Creating cyber risk plans to meet the IMO 2021 deadline, supported by BIMCO, Rachal Bardoe cyber security director at Digital Container Shipping Association said that being prepared for a cyber incident is the most important step to ensuring vessel readiness.
“There are practical and technical steps that can be implemented, such as ensuring network separation is in place, for crew systems, IT systems OT and vessel propulsion systems rely on separate networks,” explained Bardoe.
Jarle Blomhoff, group leader cyber safety and security, DNV GL agreed recommending that a ship should have a multi-layered approach when it comes to cyber security and establish multiple barriers of defence. This includes; physical security, checking who has access to what systems onboard; ship security, the segregation of networks and remote connections; System protection, the protection of individual systems onboard through back-ups, encryption, and anti-virus systems for example.
“Housekeeping is also critical, such as ensuring that system patching [set of changes to a computer programme or its supporting data designed to update, fix, or improve it] is up-to-date, and anti-malware and anti-virus systems are running the latest virus signatures,” concurred Bardoe.
Bardoe also stressed the importance of a cyber security incidence response plan to be made available to crew and critical support staff ashore. The document should detail the roles and responsibilities of those engaged during the incident and the modes of communication to be followed if, for example, email is compromised by the threat actor. “Practice, practice, practice, the speed of response can be critical, so it is paramount that everybody knows what to do,” she stressed.
Although the cyber security survey found that 64% of respondents said that their organisation has a business continuity plan in place to follow in the event of an attack, only 15% said it was tested every 3-6 months. Blomhoff also stressed the need for cyber security incident drills to be carried out, “Ships carry out emergency drills for grounding exercises, why not do similar for a cyber security incident? It will give great insight into the vulnerabilities,” he said.
“What is clear is that there is still a way to go in cyber security in maritime and our assessment of the risks and our approach to resolve them is not quite hitting the mark, as attacks are still rising year on year,” concluded Tanya Blake, editor, SAS.