Maritime Cyber Security

The maritime industry has been long neglected when it comes to cyber security.  Until recently there was very little need for Internet connectivity, other than emails and welfare communications for the crew, which in itself posed minimal threat to the vessel itself, resulting in no real need for cyber security.
However, the adoption of networked technology has grown exponentially in recent years and sadly cyber security has not kept pace. As a result the maritime industry is being targeted by attackers looking to profit from the lack of protection.
Our team of cyber security specialists have been securing the maritime industry for over 20 years and have learned that one size doesn't fit all, whether it's securing a port, a cruise liner, a cargo ship, or a superyacht, the threats and the reliance on interconnected operational technology varies, as do the client's available resources to tackle the problem.

Maritime has been described as the "perfect storm" for a cyber security attack. 

Our Maritime Cyber Experience

Over the last 11 years, CND has been delivering cyber capability to naval forces, including the European Union Naval Force and the British Royal Navy. 

The slow but steady digitisation of the maritime industry has led to vessels becoming increasingly reliant on e-navigation, GPS, AIS, and ECDIS. These are all technologies which are susceptible to a cyber attack. We are now delighted to be able to extend our former 'defence force only' offering to the private sector.

Maritime has been described as the "perfect storm" for a cyber security attack. Each modern vessel is a floating computer network with numerous systems including navigation and the Industrial Control Systems (Operational Technology) associated with managing the vessel as a connected unit.

Cyber security was not previously an issue as ships were a moving target with minimal external connectivity. This has changed now that vessels are often constantly connected to the Internet, making them a target. 

Ships and ports are facing cyber attacks on a regular basis, their every move tracked and some ships have even been taken over remotely.

Cyber Security Services

At CND we create a bespoke cyber security service for each vessel, ranging from standalone cyber security services, right through to an all encompassing Cyber Security as a Service. 

Some of the services from our Security Operations Centres on the Isle of Man and the UK includes:

Click For Overview of CND Cyber Security Maritime Services
  • Cyber Risk Assessment. Our experts will conduct a Cyber Risk Assessment, this is an interactive workshop which, in just over half a day, will discuss 100s of cyber security controls and recommend priority actions.
  • Protection. Ensuring that the ship operational technologies aren't interfered with by a cyber threat.
  • Policy Enforcement. Ensure that the crew adhere to their acceptable use policies which will need to vary between when they are working and for the rare events when they are relaxing (welfare).
  • Asset Mapping. Larger vessels will have 1,000s of network devices onboard, our tools will discover, identify and report on these assets and their vulnerabilities.
  • Vulnerability Assessment. The vessel's network visibility will be regularly checked from the Internet using the same tools and techniques as a hacker, any discovered vulnerabilities will be reported, with recommendations about what could be done to mitigate them.
  • Firewalls. Next Generation Firewalls can be installed, managed and monitored with the latest Intrusion Prevention Systems and Advanced Malware Protection, affording an exceptional level of defence against cyber threats.
  • Phishing. Our managed phishing assessment service, will send bespoke emails to the crew to gauge whether a phishing attack would be successful, this service includes training when required.
  • Training. Bespoke operational cyber security training is available for crew, this covers the standard Internet threats and also incudes training for working in high risk environments and with VIPs.
  • Penetration Testing. Our team of specialists will attempt to penetrate the yacht from the Internet using the same tools and techniques as hackers.
  • Ship Cyber Security Plan.

Maritime Regulatory Guidelines for Cyber

Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3 - IMO
The Guidelines on Cyber Security Onboard Ships v4 - Multiple
Code of Practice – Cyber Security for Ships - IET

The computing technology aboard a superyacht can be divided into 2 main categories, Operational Technology (OT) and Information Technology (IT) The International Maritime Organization (IMO) Cyber Guidelines describe them as follows:

Operational technology systems may be thought of as focusing on the use of data to control or monitor physical processes. 

Information technology systems may be thought of as focusing on the use of data as information.

More Info

Within the Information Technology (IT) area, is office automation software, for running the boat, such as email and other administrative applications, alongside that are welfare IT for guests and crew to keep in touch with the outside world through email, social media and browsing the Internet. Finally, there is Smart technologies, which tell us when a CCTV camera detects a person rather than just motion, or let the Stew know that the tumble drier has completed it's cycle, not to mention the all important streaming entertainment onboard.

Operational Technology (OT) would be used for controlling engines, radar, navigation systems, GPS, VINS, AIS and Satellite  Communications. 

There have been cases of ships being taken off course through the manipulation of GPS, of insecure navigation systems revealing the exact location of a vessel 24 hours per day, without using AIS and even one reported case in the South of France, of a superyacht being hacked through it's guest wi-fi, engines started and the only thing which stopped it being moved was that it was tied up alongside with old fashioned mooring lines.

IMO 5 Elements of Cyber Risk Management

The IMO cyber security guidelines has adopted the cyber security industry approach, dividing cyber security into the following elements:  

IDENTIFY

Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations. Our Identify services include:

  • Review/Produce Network Diagrams
  • Review/Identify Network Assets
  • Annual Cyber Risk Assessment
  • Security Architecture Review
  • Annual Onboard (optional) Audit
  • External Vulnerability Assessment
  • Internal Vulnerability Assessment
  • Passive Service Identification
  • Cyber Security Subject Matter Expertise
PROTECT

Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.

  • Next Generation Firewall MSSP - Managed by CND
  • Crew IT & Cyber Policies
  • Managed Phishing Assessments
  • Crew Cyber Training
  • Endpoint Security Managed Service including Antivirus
  • DNS Security
DETECT

Develop and implement activities necessary to detect a cyber-event in a timely manner.

  • Managed Detection & Response
  • Remote Security Operations Centre
  • Firewall MSSP Monitored by CND
  • Geographical Cyber Threat Intelligence
  • Domain Monitoring (Spoof)
  • Crew Email Public Breach Detection
  • Holistic Monitoring of Most Assets
  • Asset/Service Discovery
  • Intrusion Detection/Prevention Systems
RESPOND & RECOVER

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.

Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

  • Create/Review Incident Response Plan
  • Forensic Readiness Review
  • Incident Response Exercises

View Our Related Services

Hover over the photos for more information

Secure by Design

The ideal time for cyber security to be considered is at the vessel design stage, or during refit. 

Network Connected Devices

We perform a network mapping exercise and vulnerability assessment to identify connections from control systems to navigation aids and their vulnerabilities.

Penetration Testing

Our consultants will attack your network boundaries as though they were a hacker using the same methods. Where permitted by the service provider, we will ensure that your cloud provisioned services and social media platforms are configured securely.

Wireless Security

We look at fine tuning the Wi-Fi signal so it’s reach is minimised but usable, whilst optimising the security of the Wi-Fi configuration. 

Virtual Private Network

We can provide an encrypted tunnel between the vessel and our Isle of Man datacentre, utilising sophisticated monitoring equipment we will look for threats which may suggest compromise. 

Security Architecture

For more complex network topologies we will undertake a security architecture review and advise on the use of firewalls, Intrusion Prevention Systems, etc. 

Supply Chain Security

It is important to check that your suppliers also meet an appropriate level of cyber security, ensuring that they will not be used as the weak link to attack your vessel or compromise your sensitive information or intellectual property.

  • Secure by Design

    The ideal time for cyber security to be considered is at the vessel design stage, or during refit. 

  • Network Connected Devices

    We perform a network mapping exercise and vulnerability assessment to identify connections from control systems to navigation aids and their vulnerabilities.

  • Penetration Testing

    Our consultants will attack your network boundaries as though they were a hacker using the same methods. Where permitted by the service provider, we will ensure that your cloud provisioned services and social media platforms are configured securely.

  • Wireless Security

    We look at fine tuning the Wi-Fi signal so it’s reach is minimised but usable, whilst optimising the security of the Wi-Fi configuration. 

  • Virtual Private Network

    We can provide an encrypted tunnel between the vessel and our Isle of Man datacentre, utilising sophisticated monitoring equipment we will look for threats which may suggest compromise. 

  • Security Architecture

    For more complex network topologies we will undertake a security architecture review and advise on the use of firewalls, Intrusion Prevention Systems, etc. 

  • Supply Chain Security

    It is important to check that your suppliers also meet an appropriate level of cyber security, ensuring that they will not be used as the weak link to attack your vessel or compromise your sensitive information or intellectual property.

Read the 2017 UK Department for Transport 
Code of Practice
'Cyber Security for Ships' 
Read the 2016 UK Department for Transport 
Code of Practice
'Cyber Security for Ports and Port Systems' 

Find Out More

© Computer Network Defence Limited 2021