Weathering the storm: Cybersecurity and its stakeholders

The global shipping industry, which accounts for approximately 90% of global trade, faces a growing storm of cybersecurity threats in today's digital age. From sabotaging critical navigation systems to potentially stealing sensitive cargo data, cyberattacks pose significant risks to safety, security, and overall operational efficiency. This article explores the relationship between cybersecurity and maritime industry stakeholders and considers how frameworks can provide solutions to alleviate these challenges.

Stakeholder ecosystem

The shipping industry operates within a complex ecosystem of stakeholders, each with their own priorities and vulnerabilities when faced with cyber threats.

Insider:

• Crew: Often without extensive cybersecurity training, crew members can fall victim to phishing scams or unknowingly introduce malware. According to a BIMCO report, 70% of crew members recognize phishing as a major cybersecurity concern.
• Administrators: Balancing security needs and operational costs can be difficult. Prioritizing cybersecurity investments can be hampered by short-term financial considerations. In particular, third-party ship management may be hampered by the competitive nature of the business.

External parties:

• Regulatory bodies: The maritime cybersecurity regulatory framework is still evolving, creating inconsistencies and implementation challenges. IMO published the Guidelines on Maritime Cyber ​​Risk Management, MSC-FAL.1-Circ.3-Rev.2, in July 2022, which provides high-level recommendations and therefore Much depends on the interpretation of It's about implementing it. Similarly, IACS UR E26 and UR E27 were quickly revised again to reflect the extensive changes required after industry feedback.
• Adversaries: Motivations for cyberattacks in the shipping industry range from financial gain to state-sponsored disruption. Cybercriminals can target specific companies, critical infrastructure, or even entire supply chains.

enemy advantage

The shipping industry is a unique target for cyberattacks due to several factors:

• Legacy systems: Many ships operate on outdated software and hardware, making them more vulnerable. These systems include the OT systems that are most critical to safe operations.
• Disconnected operations: Ships frequently operate outside of cell phone service and rely on satellite networks, which can have unique vulnerabilities unknown to most people.
• Limited IT expertise: Crews typically do not have the specialized skills needed to identify and respond to cyber threats. According to his aforementioned BIMCO report, only 20% of crew members were confident in their ability to identify and report cyber-attacks.
• Tools: Advances in social engineering, deepfakes, and other emerging technologies could create a breeding ground for adversaries to exploit. The increased adoption of automated and interconnected systems onboard ships may introduce new vulnerabilities. Technologies like autonomous ships, while promising in terms of efficiency, create new attack vectors that need to be addressed. Similarly, high-speed, low-latency connectivity via low-orbit satellites has greatly expanded the attack surface.

Financial, environmental and human risks

The NotPetya attack, which affected critical systems and caused an estimated $300 million in damage, is a stark reminder of the real-life impact of cyberattacks on the maritime industry. Cyberattacks can have far-reaching effects beyond financial losses. Disruption of navigation systems can lead to accidents and environmental damage, and can cause oil spills and collisions.

Framework for stronger defense

To effectively address these challenges and risks, we recommend a holistic approach that incorporates people, process, and technology (PPT).

people:

• Cybersecurity Awareness Training: Human error remains one of the leading causes of cybersecurity breaches. Regular training programs equip crew members with the knowledge and skills to identify and prevent cyber-attacks. This includes phishing scams, social engineering tactics, and secure password practices. An interesting way to achieve this is through gamification.
• Culture of Security: Fostering a culture of security within an organization fosters open communication about cybersecurity and promotes a sense of shared responsibility among all parties. This means encouraging crew members to report suspicious activity without fear of retaliation. A blame-free environment paves the way for early detection and response to cyber threats. Imagine a scenario where a crew member accidentally clicks on a phishing email but is reluctant to report it for fear of punishment. This gives attackers time to disrupt and infiltrate your network.
• The importance of cybersecurity talent: Addressing the cybersecurity skills gap by attracting and retaining talent within the shipping industry is essential. The industry can benefit from working with educational institutions to develop specialized cybersecurity training programs tailored to the maritime sector. This is something that the Singapore Shipping Association (SSA) is actively working on.

process:

• Risk assessment: Performing a risk assessment regularly can help identify potential vulnerabilities and prioritize mitigation strategies. This includes onboard systems, crew training, and external threat assessment.
• Incident response planning: It's not a matter of if, it's a matter of when. Having a clear plan in place to respond to a cyberattack can help minimize damage and speed recovery.
• Data Security Policy: Data is our license to trade. Implementing a robust data security policy includes data classification, access controls, and encryption protocols.

technology:

• Network Segmentation: Segmenting your ship's network can limit the potential damage from attacks by isolating critical systems. This prevents malware from spreading throughout your network if it infects a single device.
• Intrusion Detection and Prevention Systems (IDS/IPS): Having these systems onboard allows you to monitor network activity in real time and detect suspicious activity. IDS/IPS systems can identify and block malware, unauthorized access attempts, and other malicious activity.
• Software updates and patching: Regularly patching software vulnerabilities is critical as it can prevent over 80% of cyber attacks. Automated patching solutions help keep critical systems up to date with the latest security patches.
• Access Control: Robust access controls and user authentication mechanisms help prevent unauthorized access, thereby reducing the risk of insider threats and unintentional malicious insider activity.
• Emerging technologies: Emerging technologies such as AI and ML can enhance your ability to detect and respond to cyberattacks twice as fast. Automated tools can also be deployed to take protective measures that are not possible with regular human intervention.

collaboration is key

The shipping industry cannot address the issue of cybercrime alone. Effective cybersecurity requires collaboration between stakeholders.

Government and industry partnerships:

• Standardized regulations: Collaborative efforts between governments and industry leaders can lead to the development of clear and consistent cybersecurity regulations for the maritime sector.
• Information sharing: Open and transparent information sharing between governments, industry stakeholders, and cybersecurity experts can yield valuable insights into emerging threats and best practices. This is why trade events like Asia-Pacific Maritime allow a variety of stakeholders to convey and contribute to insightful discussions such as the one discussed at APM 2024 on “Dealing with Emerging Threats and Future Mitigation Strategies.” serves as an important platform for His SSA, to which I am a member, has also made significant contributions to the Singapore Maritime and Port Authority (MPA) and acts as a voice for the industry.

International cooperation:

• Cybercrime Jurisdiction: Given the global nature of shipping, international cooperation is essential to ensure there are no hiding places for cybercriminals. International agreements and law enforcement cooperation can help catch cybercriminals targeting the shipping industry.

Continuous improvement and adaptation

While the PPT framework provides a solid foundation for a robust cybersecurity posture, it is important to recognize that cybersecurity is not a one-and-done solution. A continuous improvement approach should be adopted, including regularly reviewing RAs, updating training programs, and patching vulnerabilities. In this ever-evolving environment, it's important to stay on top of the latest cyber threats and adapt your security measures accordingly.

The shipping industry is the engine of global trade. Its safe and efficient operation supports the global economy. By implementing a comprehensive cybersecurity strategy based on the PPT framework, fostering collaboration with all relevant stakeholders, and adopting a continuous improvement approach, the shipping industry can weather the storm and improve global trade. can ensure a secure future.