Main menu

BlueTide Communications Blog

Assessing Your Risk of Cyber Security Threat at Sea

 

Every day, maritime communications networks must balance Internet and intranet, information technology (IT) and operational technology (OT) for ship operations to run smoothly. With these functions becoming increasingly sophisticated and complexly intertwined, cyber security remains a constant concern as it threatens the data and functionality of a ship.

Understanding cyber threat is crucial to protecting your ship from security breaches and should be considered at all levels of an organization. To develop plans to secure onboard systems and networks, it’s important to assess the types of threats and potential impact on a ship’s operations, safety and data.

 

What is the Risk of a Cyber Attack?

Cyber attacks are increasingly sophisticated with the tools and entry points constantly evolving. To protect a ship and its assets, a complete assessment to identify all onboard entry points will help your team realize the extent of the risk present.

  • You should consider both targeted attacks in which the ship’s systems and data are the intended target and untargeted attacks, or ‘drive-by’ breaches, in which threats prey on system and authorization weaknesses.

Unauthorized Access. Because maritime communication exchanges are so rich in valuable information, these networks are valuable targets:

  • Activists, saboteurs or disgruntled employees may want to disrupt operations or reveal sensitive data to the media or competitors.

  • Criminals and terrorists may hold data for ransom, sell it or manipulate it to instigate political-economic instability or even use it to gain control of the ship.

 

Authorized Access. At the same time, an amazing number of users at multiple locations have legitimate access to a ship’s intricate web of interfaces with the ability to cause harm to:

  • Onshore company headquarters, office locations, executives and representatives.

  • Other ships, vendors and suppliers.

  • Destination and port authorities.

  • Ship’s crew and contract worker data.

  • Ship’s passengers and guest data.

 

Cyber Access. While some cyber attacks use common applications to elicit a user’s response, others masquerade as authentic websites. Still others are hidden within seemingly authentic communications, but all are looking for one thing – access – through:

  • Social media requests and appeals prompting interaction.

  • General phishing or targeted spear phishing emails.

  • Waterholing using fake or compromised websites.

  • Ransomware and malware.

  • Random Internet scanning.

 
Third parties connected to your ship’s system may pose additional access points for attackers. Considering these vulnerabilities could potentially lead to system breaches, any third party should also undergo cyber risk assessment.

 

Assessing Your Maritime Cyber Vulnerabilities

In order to effectively and efficiently determine your ship’s system weaknesses, both physical and virtual points of access to system information and controls should be assessed.

Identify High-Risk Areas of Your Ship

Study the systems of your vessel and how they interface with various users, electronic devices, the Internet and email. These areas can indicate where a potential attack is likely to occur. Some common high-risk areas include:

  • Cargo management portals. These digital systems are used for the management and control of cargo, which may interact with a variety of systems ashore.

  • Power control systems. Propulsion, machine management and steering functionality of the ship.

  • Access control. Systems used to ensure physical security and safety of a ship and its cargo, including surveillance and shipboard security alarms.

  • Passenger servicing and management. Systems that may hold valuable passenger related data.

  • Passenger-facing public networks. Networks connected to the internet installed on board for the benefit of passengers.

  • Administrative and crew welfare systems. Networks used for administration of the ship or the welfare of the crew that can be exploited by cyber attackers to gain access to onboard systems and data.

  • Communication systems. The presence of internet connectivity via satellite and/or wireless communication can increase the vulnerability of ships.

 

Define Levels of Threat

Once a complete inventory is completed, each system needs to be examined in terms of its potential to allow an attacker to:

  • Access information about the ship, crew, cargo and passengers.

  • Modify information affecting the ship’s safe and efficient operation.

  • Destroy information or disrupt services.


Categorizing each system’s level of threat lets you prioritize systems – and needs – according to confidentiality, integrity and availability – also known as the CIA model:

  • Low Threat. Limited threat levels allow operations to continue at degraded levels, with minor damage, loss or harm.

  • Moderate Threat. Substantial threat levels significantly degrade all operations, leaving only primary functions still operable but somewhat degraded, with significant levels of damage, loss or harm.

  • Severe Threat. Catastrophic threat levels severely degrade operations to degrees that prohibit primary functions, with major levels of damage, loss or harm to data.

 

Identifying Stages of a Cyber Attack

Investing in personnel training to identify and mitigate cyber threats has been noted as one of the most effective methods to reduce the impact of malicious attacks. Regardless of whether a ship is targeted or simply a victim of circumstance, attacks typically follow a four-stage pattern:

  1. Surveillance and Research. Open sources provide amazing amounts of information about both private individuals and commercial companies. Attackers exploit every resource, from social media, technical forums and publications to covert monitoring of a ship’s open data transmissions.

  2. Delivery. Like any weapon, threats must have a delivery system and can originate with either authorized or unauthorized users via any tool or access.

  3. Breach. One of the most misunderstood stages, a breach can be subtle or pronounced, immediate or delayed. The attacker’s tool has found a vulnerability and can now exploit it.

  4. Affect. While some attackers may opt for an immediate and obvious effect like disabling or seizing control of a ship, others may prefer to go unnoticed. An attack may be designed to explore ship systems, collect information, enslave devices or alter accesses for more significant interference at a later date.

 

Developing a Cyber Risk Assessment Strategy

Cybersecurity is a discipline of details, so using an organized approach is key. Map functional areas and systems, and identify points of access for potential breaches. Evaluate systems and equipment, prioritizing those that are out of date or in need of regular updates. Examine protocols, procedures and policies and how they apply to every user, from senior-level executives to ship guests. Most importantly, realize that the process of cyber risk assessment never ends.

For more information on assessing your vessel’s risk of cyber threat, securing discovered vulnerabilities or promoting a culture of cybersecurity, contact BlueTide Communications through our website or by calling 337-205-6710.

 

Information used in this blog conforms to recommendations offered in The Guidelines on Cyber Security Onboard Ships published by the Baltic and International Maritime Council (BIMCO), Cruise Lines International Association (CLIA), International Chamber of Shipping (ICS), International Association of Dry Cargo Shipowners (INTERCARGO) and International Association of Independent Tanker Owners (INTERTANKO).

Is Airline Connectivity Paralleling Maritime VSAT ...
Protecting Your Ship From Cyber Threats