Living in a connected,digital era
Use of connected technologies like the cloud have brought innumerable benefits to a wide range of industries in terms of cost savings, efficiency and flexibility. However, the increasing complexity of IT networks, architectures and infrastructures poses new risks to the maritime industry.
Broader connectivity creates more vulnerabilities, and more points of attack. It is becoming harder than ever to even gain a comprehensive picture of all the devices and networks connected to your business at any given time – let alone to police them.
To make things worse, cyber criminals are becoming increasingly aware of the potential entry points to make significant money from the vulnerabilities in widely connected architectures. At the same time, as common methods of attack (DDoS attacks, ransomware, etc.) are becoming more sophisticated, criminals are also constantly developing new ways of penetrating networks and hacking devices.
Cyber and Security
Shipping companies and owners need to be just as wary of cybersecurity as any other industry, with the increased digitalisation aboard vessels posing a significant threat.
We’re living in an increasingly connected world and as such these companies and owners are now treating their vessels like a mobile office, performing the most mundane of tasks and business-related actvities either on board or remotely via the HQ.
However, this opens up a whole host of vulnerabilities for the vessel and insider threat is a major cause for concern for the industry and something that shouldn’t be taken lightly.
Seafarers bring an average of three communication devices on board ships, but insecure personal devices, be it smartphones, laptops or tablets, can add additional vulnerability to the vessel’s IT system which is open not separated from the vessel’s business LAN.
Having said that, cybersecurity is not just about preventing hackers from gaining access to a ship’s system. It’s also about ensuring that the IT systems in place are robust and resilient and that appropriate reversionary modes are available in the event of a compromise.
Potential risks of a cyber attack on a vessel include:
- The interruption of operations
- Loss of business-sensitive information
- Insurance cover – impact on premiums of lack of cybersecurity measures
- Reputational damage
- Loss of customer and / or industry concidence
- Severe financial loss / penalties
- Privacy impact – personal data protecton legislation will see companies eed for failing to secure employee information
The threat landscape is constantly evolving and with this in mind, ship management companies and operators need to approach cybersecurity in a holistic way.
The Maritime Safety Committee, at its 98th session in June 2017, adopted Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems. The resolution stated that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.
This resulted in the issuance of compliance structure & date for compliance, resulting in the below:
- The resolution states that an approved safety management system should include cyber risk management in accordance with the objectives and requirements of the ISM Code, no later than the first annual verification of a company’s Document of Compliance after 1 January 2021.
- This refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
- Maritime organizations now need to follow the guidance and recommendations outlined by the IMO to ensure their vessel operations are protected from potentially catastrophic cyberattacks
The introduction of the IMO guidelines for cybersecurity brings requirement for both attitudes & methodologies towards Cybersecurity at sea to change.
Moving forward, the objectives & requirements listed within the ISM code are to be the key components when considering risk assessment for on board systems.
These requirements will need to be met for the vessel to approved during annual class authority review
Responsibilities for the vessel operator now include:
- Ensure that adequate risk assessments are carried out when considering cybersecurity
- Cyber risk management methods are to be included in the vessel safety management system (SMS)
- Roles & responsibilities must be clearly designated with a view to cybersecurity, both on-board & at HQ
- Cybersecurity must be considered as part of the safety mechanism on board, meaning it becomes the Master’s responsibility to oversee
- All crew must be trained on Cybersecurity, ensuring they are aware of requirements & measures to take if required
- The vessel systems must be configured and located correctly to ensure safe operation, separating access from non-authorized personnel
- All IT & communications equipment must be certified as compliant, with assurance from the third party supplier provided
Ship Managers should be duly prepared for effective PSC inspection worldwide having in mind that the cyber issues required by IMO as an SMS requirement will be checked for implementation after 1st January 2021.
Ship Managers should:
- Implement procedures in their SMS ensuring cyber risk management is appropriately addressed, no later than the first annual verification of the company’s Document of Compliance (DOC) after January 1, 2021.
- Provide adequate training for both shore and on-board staff in order to implement these procedures
- Create an evaluation procedure (through internal audits and drills) in order to determine the effectiveness of their procedures.
Shipboard staff should:
- Be familiar with cyber procedures as incorporated in their SMS
- Implement and follow the cyber procedures on board
- Act proactively to protect on board Information Technology (IT) and Operational Technology (OT) systems from cyber attacks
- Report to Head Office (and relevant PSC Authorities) any cyber incident as required by SMS, Flag Administration and local requirements.
Vessel operators are working in an increasingly regulated world and with the IMO MSC.428 resolution on Maritime Cyber Risk Management in Safety Management Systems, responsibility for all cyber risk management has been placed on vessel operators. We want to ensure our customers are provided with key security controls, enabling them to maintain full control of their network and infrastructure. SMART@SEA’s powerful cyber protection suite provides the appropriate robust cyber security and safety functionalities which are critical because of their potential effect on personnel, the ship, environment and company.
SMART@SEA is the result of over 50 years of maritime industry knowledge and working closely with our customers to develop a portfolio of increasingly SMART products, services and technology. With SMART@SEA we have a practical and cost-effective solution that future-proofs our customers’ needs as the industry becomes more digitalised, connected and as a consequence cyber vulnerable. NSSLGlobals new SMART@SEA platform offers our customers unrivalled levels of transparency, operational control and cyber protection over their networks and bandwidth usage.
WHAT IS SMART@SEA?
- The powerful virtualised on-board, complete intelligent management solution, SMART@SEA offers the seamless integration of communications networks, cybersecurity, crew welfare and IT services.
- SMART@SEA’s world-class security features help customers with resilient vessel level security and to become IMO Cyber compliant
KEY FEATURES FOR CUSTOMERS INCLUDE
To serve an industry which has been increasingly adopting digitalisation for on-board operations, SMART@SEA provides vessel operators with a smart technology portfolio that can work with their existing systems offering:
- A virtualised digital platform which provides the seamless integration of on-board services
- Management of communications networks
- World class security suite of services
- A powerful management and control portal
- Virtual computer hosting
- Fully managed IT service (on-board and virtually)
- Access to on-board entertainment and other crew welfare provision
- 24/7 global technical support with some of the best engineers in the industry
- Single appliance smart technology
To request a copy of our SMART@SEA brochure or find out about NSSLGlobal's products and services please complete the contact form below or alternatively, email us at email@example.com.
How can NSSLGlobal help you with your cyber security?
NSSLGlobal has placed and continues to place great importance on security, and this has been recognised by external regulatory bodies. NSSLGlobal follow best practise Security Management processes, governance and technical controls and are certified to ISO standards including ISO 27001. All NSSLGlobal products conform to change control measures and obsolescence management is in place for all hardware and software supplied.
In addition to this, a secure methodology is part of who we are at NSSLGlobal & shapes all of our working methods. Native encryption of all working devices, and regular penetration of both our online and internal networks is standard practice for us, meaning your network is in safe hands.
Our unique position within the satellite communications marketplace is bolstered by not only the ground station hubs, but also that the hub & modem technology utilised is our own. This enables us to control the data journey from start to finish. All traffic used on our services, including L-Band and cellular traffic is sent across our own secure infrastructure, allowing us to add extra security, custom routing and mapping to suit customer and IMO requirements.
Dedicated security and networks teams focus on protecting our corporate and customer networks with all NSSLGlobal employees undergo security training and rigorous security checks based on their role and support is available 24/7 for all aspects of your NSSLGlobal solutions.
NSSLGlobal offers a number of solutions that provide cybersecurity assurance to support your road to digitalisaton, freeing up your time to focus on the vessel priorities that are core to your business. To request a copy of our cybersecurity brochure or contact a member of the team at NSSLGlobal please complete the contact form below.
NSSLGLobal sponsored a series of videos on maritime cybersecurity as part of the be Cyber Aware at Sea campaign by Fidra Films.
These videos can be accessed here!