The maritime transportation industry is in the middle of a full-blown technological revolution. Driven by digitization and automation, technology is making it much easier to effectively manage cargo and shipping while helping ships avoid collisions.
Rolls-Royce has already confirmed that they plan to build autonomous naval vessels and you can be certain that many more will join the race to be the first (to sail around the world completely unmanned).
While it will take a few years to get there, we’re already starting to reap the benefits of this technology. However, putting technology at the core of the shipping industry opens the door to potential cybersecurity threats. In fact, it’s already happened with last year’s NotPetya attack where everyone on the planet was a target.
During this incident, the Danish shipping company Maersk had both its booking system and container tracking system compromised. It resulted in significant congestions that took almost three full days to fix and cost the company as much as $300 million.
So what steps should shipping companies take to avert cybersecurity attacks and prevent data breaches? Let’s take a look.
Enhance Security Awareness
The primary threat to maritime cybersecurity is the human element. Most data breaches occur because of lack of education and training when it comes to what to look out for and how to respond to it.
If that wasn’t bad enough, the end users also have a lack of perceived consequences for violating cybersecurity protocols. This is because they don’t understand the potential threats they open themselves up to when engaging in social media or opening a personal email on the company’s internal network.
This makes it critical to educate all stakeholders of the potential dangers presented by phishing email attacks. They should also be made aware of the potential consequences of communicating with strangers on social media. This will also be a good time to remind them about the dangers of using default passwords.
It’s also important to highlight incidents like the Port of Antwerp case to put it all into perspective. In this particular incident, drug smugglers used phishing techniques with the help of hackers to gain access to the port’s digital tracking system. By doing this, they were able to locate their shipments and have their own drivers pick them up.
Replace Legacy Systems and Limit Access
To enhance security, the maritime transportation industry also needs to take steps to update legacy systems. The shipping industry also needs to replace outdated and obsolete operating systems. So if one the computers onboard are still running Windows XP, the whole infrastructure is probably at risk.
Antivirus software should also be tested and updated regularly. If it’s not capable of protecting against malware, then it’s critical to find another solution. It’s also important to take a multilayer approach when it comes to security to better secure critical IT and operations technology.
Once all systems have been updated, it will help to have every user access the network through their own account with access limited by their role in the company.
Steps should also be taken to limit remote access from the shore to critical onboard systems. Furthermore, if third-party contractors are involved, it will be important to control and limit their access to shipping enterprise networks.
However, the most important step a shipping company can take is probably creating a culture of security and awareness throughout the organization. This means that staff at every level should have security at the forefront of their mind.
Decisions concerning cybersecurity should also be made at a high-level and never delegated downward. This is important to ensure that cybersecurity doesn’t get downgraded to a low priority.
As the maritime industry continues to go through a digital transformation, it will also grow into a highly attractive target to a new kind of pirate. If the industry wants to evolve and reap the benefits of technology in the near future, it has to address the threat of cyber security attack now.