April 30, 2024Written by Martin Wingrove
Mr O'Rourke agreed that training needs to be tailored to the type of ship and suggested that classification societies conduct tabletop training with ship owners and managers, citing legal and cybersecurity compliance requirements. did.
Ship owners, operators, managers, third parties, vendors, shore and onboard staff, and national authorities such as the Coast Guard all require this type of training.
In his presentation, he outlined vulnerabilities and security weaknesses identified during routine inspections of cruise ships and ferries. The most common are not securing operational technology (OT), sharing too much secure data with third parties including classification societies, ship and port state inspectors and vendors, and exhibiting Printing confidential information such as passwords for onboard equipment.
“We need to control the information we share with third parties,” O'Rourke said. “OT networks need to be air-gapped and should not remain connected. The concern is where OT and IT interact.”
Mr O'Rourke added that shipowners should secure onboard OT in restricted areas and restrict access to server rooms, control cabinets and bridge areas. “Don’t leave the area empty,” he said. “Passwords should not be displayed and handover notes should not be left on message boards.”
Many of the soft security improvements cover cultural changes and sharing experiences without overloading seafarers with information. “It's not just on board because you can't just impose everything on the masters and engineers,” O'Rourke said.
“Shoreside needs to be held accountable, and vendors have a responsibility to demonstrate compliance and security.”
“The attackers are using social engineering and more sophisticated technology.”
Michaloliakos said the maritime industry is becoming increasingly reliant on technology and faster connectivity, with more ships being connected to cloud-based platforms that provide access to shore managers and third parties. Ta. “We're more connected than ever with upgrades and updates, but we're also open to fraud,” he said.
“Regulations continue to change, making it difficult for companies to remain compliant. And as more money is invested in ships, they are becoming more attractive to attackers. It is.”
TMS is investing in cyber security, including hardening our infrastructure, implementing advanced threat protection, improving our risk assessments, and using our Cyber Security Center.
However, these offer only limited protection for personnel and seafarers and are increasingly targeted by cybercriminals.
“The attackers are using social engineering and more advanced technology, and human reactions are unpredictable,” Michaloliakos said. “There is a gap between knowledge and action.”
He believes shipping companies need to understand how their employees feel about cybersecurity and work to raise awareness.
Michaloliakos added: “We need to move from responsiveness to cyber comfort.” “One solution doesn’t fit all, so training needs to be tailor-made.”
Ship owners and managers need to invest in a cybersecurity culture and increase engagement with seafarers and shore-based staff. “We need to evaluate our culture and support our employees by conducting cultural assessments,” he continued. “We need to embrace a culture of cybersecurity within the ecosystem.”
Webinar voting results
Participants were asked to vote on a series of poll questions during the webinar. Here is a summary of the results:
What are the biggest challenges in strengthening human firewalls in maritime cybersecurity?
Overcoming lack of employee cybersecurity awareness and skills: 31%
Adapt training and awareness programs to the unique needs of the maritime industry: 27%
Ensuring buy-in and support from senior executives and decision makers: 19%
Responding to the rapidly evolving cybersecurity threat landscape: 15%
Measuring the effectiveness and return on investment of cybersecurity awareness efforts: 8%
Which of the following is the most important aspect of a maritime cybersecurity strategy?
Implementing advanced threat prevention technology: 9%
Conduct regular cybersecurity assessments and audits: 6%
Establishment of a dedicated maritime cybersecurity operations center: 3%
Developing and maintaining a strong cybersecurity culture: 67%
Collaboration and information sharing with industry partners: 15%
What are the most important factors driving the increased focus on cybersecurity in the maritime industry?
Regulatory requirements and compliance pressure: 23%
Increased reliance on digital technology and connectivity: 37%
High-profile cyber incidents and attacks on maritime targets: 20%
Evolving business models and digital transformation initiatives: 9%
Pressure from customers, insurers, and other stakeholders: 11%
What are the biggest challenges in developing a holistic approach to maritime cybersecurity?
Coordinating diverse roles and responsibilities of stakeholders: 27%
Balancing operational efficiency and security requirements: 27%
Responding to a rapidly evolving threat landscape: 19%
Attracting and retaining qualified cybersecurity professionals: 15%
Securing sufficient budget and resources for comprehensive measures: 12%
Which groups within your maritime organization require the most in-depth and specific cyber security training?
Executives and decision makers: 15%
Operational staff such as ship crew and dockworkers: 33%
IT support and system administration personnel: 19%
Cybersecurity professionals and incident responders: 33%
Third-party vendors and system integrators: 0%
What are the most critical stages of a cyber attack schedule to prevent a successful breach?
Initial email delivery and filtering: 47%
Prevent website access and downloads: 3%
USB scanning and safe use policy: 13%
Software installation and execution control: 20%
Post-incident detection and response: 17%
Source: Riviera Maritime Media
Strengthening the human firewall: Tackling the cybersecurity awareness gap in maritime webinar Martin O'Rourke, P&O Ferries Fuel and Energy Efficiency Program Manager, Michalis Michaloliakos, TMS Group Head of ICT and Cybersecurity Services, and Rory Hopcraft, University of Plymouth Lecturer in Cybersecurity.
Ship Optimization Webinar WeekFor more information and to register please use this link
