Maritime Cyber Security

The maritime industry has been long neglected when it comes to cyber security. Until recently there was very little need for Internet connectivity, other than emails and welfare communications for the crew, which in itself posed minimal threat to the vessel itself, resulting in no real need for cyber security.

However, the adoption of networked technology has grown exponentially in recent years and sadly cyber security has not kept pace. As a result the maritime industry is being targeted by attackers looking to profit from the lack of protection.

Our team of cyber security specialists have been securing the maritime industry for over 20 years and have learned that one size doesn't fit all, whether it's securing a port, a cruise liner, a cargo ship, or a superyacht, the threats and the reliance on interconnected operational technology varies, as do the client's available resources to tackle the problem.

Maritime has been described as the "perfect storm" for a cyber security attack.

Our Maritime Cyber Experience

Over the last 11 years, CND has been delivering cyber capability to naval forces, including the European Union Naval Force and the British Royal Navy.

The slow but steady digitisation of the maritime industry has led to vessels becoming increasingly reliant on e-navigation, GPS, AIS, and ECDIS. These are all technologies which are susceptible to a cyber attack. We are now delighted to be able to extend our former 'defence force only' offering to the private sector.

Maritime has been described as the "perfect storm" for a cyber security attack. Each modern vessel is a floating computer network with numerous systems including navigation and the Industrial Control Systems (Operational Technology) associated with managing the vessel as a connected unit.

Cyber security was not previously an issue as ships were a moving target with minimal external connectivity. This has changed now that vessels are often constantly connected to the Internet, making them a target.

Ships and ports are facing cyber attacks on a regular basis, their every move tracked and some ships have even been taken over remotely.

Cyber Security Services

At CND we create a bespoke cyber security service for each vessel, ranging from standalone cyber security services, right through to an all encompassing Cyber Security as a Service.

Some of the services from our Security Operations Centres on the Isle of Man and the UK includes:

Click For Overview of CND Cyber Security Maritime Services

Cyber Risk Assessment. Our experts will conduct a Cyber Risk Assessment, this is an interactive workshop which, in just over half a day, will discuss 100s of cyber security controls and recommend priority actions.
Protection. Ensuring that the ship operational technologies aren't interfered with by a cyber threat.
Policy Enforcement. Ensure that the crew adhere to their acceptable use policies which will need to vary between when they are working and for the rare events when they are relaxing (welfare).
Asset Mapping. Larger vessels will have 1,000s of network devices onboard, our tools will discover, identify and report on these assets and their vulnerabilities.
Vulnerability Assessment. The vessel's network visibility will be regularly checked from the Internet using the same tools and techniques as a hacker, any discovered vulnerabilities will be reported, with recommendations about what could be done to mitigate them.
Firewalls. Next Generation Firewalls can be installed, managed and monitored with the latest Intrusion Prevention Systems and Advanced Malware Protection, affording an exceptional level of defence against cyber threats.
Phishing. Our managed phishing assessment service, will send bespoke emails to the crew to gauge whether a phishing attack would be successful, this service includes training when required.
Training. Bespoke operational cyber security training is available for crew, this covers the standard Internet threats and also incudes training for working in high risk environments and with VIPs.
Penetration Testing. Our team of specialists will attempt to penetrate the yacht from the Internet using the same tools and techniques as hackers.
Ship Cyber Security Plan.

Our "Boat International" Article On Cyber

Maritime Regulatory Guidelines for Cyber

Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3 - IMO
The Guidelines on Cyber Security Onboard Ships v4 - Multiple
Code of Practice – Cyber Security for Ships - IET

The computing technology aboard a superyacht can be divided into 2 main categories, Operational Technology (OT) and Information Technology (IT) The International Maritime Organization (IMO) Cyber Guidelines describe them as follows:

Operational technology systems may be thought of as focusing on the use of data to control or monitor physical processes.

Information technology systems may be thought of as focusing on the use of data as information.

More Info

Within the Information Technology (IT) area, is office automation software, for running the boat, such as email and other administrative applications, alongside that are welfare IT for guests and crew to keep in touch with the outside world through email, social media and browsing the Internet. Finally, there is Smart technologies, which tell us when a CCTV camera detects a person rather than just motion, or let the Stew know that the tumble drier has completed it's cycle, not to mention the all important streaming entertainment onboard.

Operational Technology (OT) would be used for controlling engines, radar, navigation systems, GPS, VINS, AIS and Satellite Communications.

There have been cases of ships being taken off course through the manipulation of GPS, of insecure navigation systems revealing the exact location of a vessel 24 hours per day, without using AIS and even one reported case in the South of France, of a superyacht being hacked through it's guest wi-fi, engines started and the only thing which stopped it being moved was that it was tied up alongside with old fashioned mooring lines.

IMO 5 Elements of Cyber Risk Management

The IMO cyber security guidelines has adopted the cyber security industry approach, dividing cyber security into the following elements:

IDENTIFY

Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations. Our Identify services include:

Review/Produce Network Diagrams
Review/Identify Network Assets
Annual Cyber Risk Assessment
Security Architecture Review
Annual Onboard (optional) Audit
External Vulnerability Assessment
Internal Vulnerability Assessment
Passive Service Identification
Cyber Security Subject Matter Expertise

PROTECT

Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.

Next Generation Firewall MSSP - Managed by CND
Crew IT & Cyber Policies
Managed Phishing Assessments
Crew Cyber Training
Endpoint Security Managed Service including AntiVirus
DNS Security

DETECT

Develop and implement activities necessary to detect a cyber-event in a timely manner.

Managed Detection & Response
Remote Security Operations Centre
Firewall MSSP Monitored by CND
Geographical Cyber Threat Intelligence
Domain Monitoring (Spoof)
Crew Email Public Breach Detection
Holistic Monitoring of Most Assets
Asset/Service Discovery
Intrusion Detection/Prevention Systems

RESPOND & RECOVER

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.

Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.