Global cyber attacks are on the rise, with daily attacks to websites, servers, data, and mobile apps. While most of these are annoying at best, and expensive at worst, few understand the technology required to protect a floating mini city, built with tons of steel and many lives on board, forced into radio silence.
Unlike landlocked organizations or systems, ships face unique challenges such as rotating crews and remote locations, making them vulnerable to digitally driven hijackings or ransomware. In addition to posing a logistical threat, these attacks can potentially harm the lives of those on board and the environment.
A recent report providing Guidelines on Cyber Security Onboard Ships states that a compromised IT system can cause a ship with an integrated navigation bridge to suffer a failure of nearly all navigation systems at sea. This, if occurring in a high traffic area or a condition of reduced visibility, could be disastrous. However, it could take something as small as an alteration to the cargo load list .csv files - leading to weight discrepancies on a ship’s hull - to have devastating consequences to the crew, cargo, and the environment.
One of the highest-profile cyber attacks in the marine industry was against shipping giant, Maersk five years ago. The organization was struck by NotPetya, a ransomware attack that would only give access to their data if they paid US$300 in bitcoin. Even though the ransom amount was negligible, the far-reaching consequences of the attack led to a loss estimation of approximately 256 million euros, or about 300 million dollars.
The Nature of Marine Cyber Attacks
Some systems on maritime vessels are more vulnerable to cyber attacks, such as:
ECDIS - The electronic navigation chart system that can be potentially hacked.
AIS Communication System - The communication system that shares position-related data between vessels to prevent collisions and can be remotely intercepted
GNSS / GPS Navigation Systems – The global positioning system and electronic cartography which can be vulnerable to cyber attacks, placing maritime transport and human life at sea at risk.
Marine Vessels’ Unique Challenges
The market is flooded with quality cybersecurity software, but when it comes to the maritime industry, there are a unique set of challenges that are not catered to by existing solutions:
Legacy software that is outdated and lacks viability.
Non-tech savvy crew members, such as deckhands on cargo ships, cruise
liners, and offshore rigs. Plus, there is very seldom room for an IT expert or
support at sea.
Multiple personal devices act as gateways for hackers.
Keeping the above in mind, the European Union Agency for Cybersecurity (ENISA) recently released Guidelines - Cyber Risk Management for Ports in collaboration with several ports in EU Member States. This report builds on ENISA’s 2019 Port Cybersecurity Report and gives port officials actionable practices that address current cybersecurity threats that the evolving Europe’s maritime sector is experiencing.
“The maritime sector plays a pivotal role in the global supply chain. Advancing digital technologies bring economic benefits to ports, but also introduce new cyber threats. The report provides guidelines and good practices to support them in effectively conducting this cyber risk assessment, which is where many of these operators face challenges.” - Juhan Lepassaar, Executive Director of EU Agency for Cybersecurity
Consequently, the International Convention for the Safety of Life at Sea (SOLAS/74/88) the IMO Maritime Safety Committee (MSC) adopted Resolution MSC.428 (98) on June 16th, 2017 entitled; Maritime Cyber Risk Management in Safety Management Systems. This, combined with the Guidelines on Maritime Cyber-Risk Management, has resulted in guidelines on how to manage, prevent and define actions aimed that would protect vessels against the new cyber or computer threats that challenge the sector. This was inspired by the guidelines and cybersecurity standards documented by the United States National Institute of Standards and Technology (NIST).
AI and Cyber Security at Sea
In order to bring a cohesive, meaningful defense against maritime cyber-attacks, maritime-specific solutions need to be deployed. These solutions include:
Updating patchwork and legacy software.
Implementing AI technology to identify, prevent, and alert to potential threats.
Artificial intelligence (AI) can support cybersecurity and IT teams by handling some of the processing and analysis work for them. AI’s forte is in processing vast volumes of data quickly and accurately and in identifying unusual activity. It can even be used to predict upcoming threats and attacks based on historical data or new information from anywhere in the world.
Threat Identification and Prediction
AI models can detect potential security threats, vulnerabilities, and malicious activities to stop them before causing any harm. SEDGE AI uses machine learning to predict future events, such as terrorist or cyber-attacks, based on any number of sources.
AI can help automate the security settings and network topography using network traffic patterns, easily differentiating between legitimate and malicious connections and reducing the impact of disabled devices on the network’s performance.
Reduction in Human Errors
The saying goes, “To err is human, to forgive divine.” However, on an aircraft or a ship the captain is aware that there is no scope for second chances. Human error is one of the main causes of data breaches, and AI’s ability to take over repetitive tasks reduces that risk significantly. This could be through AI-empowered Marine ERP systems, or through spotting trends and patterns in data that might be otherwise overlooked.
A ship that is moving is a ship that is making money. A compromised ship not only ruins brand and reputation but racks up financial losses with every day it is immobile. If the maritime industry is secure, then the global economy is too.
Protect your Ship from Cyber Attacks with Modern, AI-Empowered Systems
Solverminds is the innovative software and technology provider of the maritime industry. Providing solutions for every part of the maritime operation, from integrated Enterprise Resource Planning to Vessel Stowage and Fleet Optimization, your ship systems are secure and optimized, and your team empowered.