// //

Maritime Cyber Security

The maritime industry has been long neglected when it comes to cyber security.  
Our team of cyber security specialists have been securing the maritime industry for over 20 years, the threats and the reliance on interconnected operational technology varies greatly, as do the client's available resources to tackle the problem. Allow us demystify cyber security and guide you through manageable and affordable steps to achieve IMO requirements.

CND's Maritime Cyber Security Experience

Over the last 13 years, CND has been delivering cyber security capability to naval forces, including the European Union Naval Force and the British Royal Navy.  We are now delighted to be able to extend our former 'defence force only' offering to the private sector.

Maritime has been described as the "perfect storm" for a cyber security attack. Modern vessels are a floating computer network with numerous systems including navigation and the Industrial Control Systems (Operational Technology) associated with managing the vessel as a connected unit.

Cyber Security Services

At CND we create a bespoke cyber security service for each vessel, ranging from a remote cyber security audit, right through to an all encompassing Cyber Security as a Service. 

Our service are run from our Cyber Security Operations Centres on the Isle of Man and the UK and include:

Click For Overview of CND Cyber Security Maritime Services
  • Cyber Risk Assessment. Our experts will conduct a Cyber Risk Assessment, this is an interactive workshop which, in just over half a day, will discuss 100s of cyber security controls and recommend priority actions.
  • Protection. Ensuring that the ship operational technologies aren't interfered with by a cyber threat.
  • Policy Enforcement. Ensure that the crew adhere to their acceptable use policies which will need to vary between when they are working and for the rare events when they are relaxing (welfare).
  • Asset Mapping. Larger vessels will have 1,000s of network devices onboard, our tools will discover, identify and report on these assets and their vulnerabilities.
  • Vulnerability Assessment. The vessel's network visibility will be regularly checked from the Internet using the same tools and techniques as a hacker, any discovered vulnerabilities will be reported, with recommendations about what could be done to mitigate them.
  • Firewalls. Next Generation Firewalls can be installed, managed and monitored with the latest Intrusion Prevention Systems and Advanced Malware Protection, affording an exceptional level of defence against cyber threats.
  • Phishing. Our managed phishing assessment service, will send bespoke emails to the crew to gauge whether a phishing attack would be successful, this service includes training when required.
  • Training. Bespoke operational cyber security training is available for crew, this covers the standard Internet threats and also incudes training for working in high risk environments and with VIPs.
  • Penetration Testing. Our team of specialists will attempt to penetrate the yacht from the Internet using the same tools and techniques as hackers.
  • Ship Cyber Security Plan.

Please Get In Touch If You Want To Know More

Maritime Regulatory Guidelines for Cyber

Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3 - IMO
The Guidelines on Cyber Security Onboard Ships v4 - Multiple
Code of Practice – Cyber Security for Ships - IET

The computing technology aboard a superyacht can be divided into 2 main categories, Operational Technology (OT) and Information Technology (IT) The International Maritime Organization (IMO) Cyber Guidelines describe them as follows:

Operational technology systems may be thought of as focusing on the use of data to control or monitor physical processes. 

Information technology systems may be thought of as focusing on the use of data as information.

More Info

Within the Information Technology (IT) area, is office automation software, for running the boat, such as email and other administrative applications, alongside that are welfare IT for guests and crew to keep in touch with the outside world through email, social media and browsing the Internet. Finally, there is Smart technologies, which tell us when a CCTV camera detects a person rather than just motion, or let the Stew know that the tumble drier has completed it's cycle, not to mention the all important streaming entertainment onboard.

Operational Technology (OT) would be used for controlling engines, radar, navigation systems, GPS, VINS, AIS and Satellite  Communications. 

There have been cases of ships being taken off course through the manipulation of GPS, of insecure navigation systems revealing the exact location of a vessel 24 hours per day, without using AIS and even one reported case in the South of France, of a superyacht being hacked through it's guest wi-fi, engines started and the only thing which stopped it being moved was that it was tied up alongside with old fashioned mooring lines.

IMO 5 Elements of Cyber Risk Management

The IMO cyber security guidelines has adopted the cyber security industry approach, dividing cyber security into the following elements:  

IDENTIFY

Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations. Our Identify services include:

  • Review/Produce Network Diagrams
  • Review/Identify Network Assets
  • Annual Cyber Risk Assessment
  • Security Architecture Review
  • Annual Onboard (optional) Audit
  • External Vulnerability Assessment
  • Internal Vulnerability Assessment
  • Passive Service Identification
  • Cyber Security Subject Matter Expertise
PROTECT

Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.

  • Next Generation Firewall MSSP - Managed by CND
  • Crew IT & Cyber Policies
  • Managed Phishing Assessments
  • Crew Cyber Training
  • Endpoint Security Managed Service including Antivirus
  • DNS Security
DETECT

Develop and implement activities necessary to detect a cyber-event in a timely manner.

  • Managed Detection & Response
  • Remote Security Operations Centre
  • Firewall MSSP Monitored by CND
  • Geographical Cyber Threat Intelligence
  • Domain Monitoring (Spoof)
  • Crew Email Public Breach Detection
  • Holistic Monitoring of Most Assets
  • Asset/Service Discovery
  • Intrusion Detection/Prevention Systems
RESPOND & RECOVER

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.

Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

  • Create/Review Incident Response Plan
  • Forensic Readiness Review
  • Incident Response Exercises
Read the 2017 UK Department for Transport 
Code of Practice
'Cyber Security for Ships' 
Read the 2016 UK Department for Transport 
Code of Practice
'Cyber Security for Ports and Port Systems' 

Find Out More

© Computer Network Defence Limited 2022