Main menu

BlueTide Communications Blog

Maritime Cyber Security Threat Response and Recovery

With our need for connectivity, we entrust a world of responsibility to computers and programs. In consequence, consulting giant, Deloitte, observed that a single vulnerable device can leave an entire network open to attack.

Maritime communications and VSAT services are no exception. Sometimes, despite the secure routers and nested firewalls, a cyber threat finds a weakness in the system. To retain or regain  control of your ship, you’ll need a thoroughly planned strategy for rapid response and recovery from a cyber attack.

Prepare a Comprehensive Contingency Plan

The most effective contingency planning addresses the absolute worst-case scenario: How do you maintain control of your ship if a cyber attack disables or manipulates your ship’s technology? An effective response relies on four crucial steps:

 1. Identify the threat. What systems, data or equipment can the threat reach? To perform an effective damage assessment, you must have clear knowledge of the security systems in place and how they’ve been compromised.

2. Establish objectives that will let you respond and investigate. You’ll need to be able to quickly answer three immediate questions:

  • What systems and equipment do you need to shut down?

  • What systems and equipment can you keep running?

  • What emergency systems and equipment do you need to activate?

3. Act to protect your systems and data. For each of the response objectives, everyone will need to know the answer to two more questions:

  • Who will be responsible for shutting down, running, and activating specific systems and equipment? They’ll also need to know the criteria for performing those actions.

  • Who will decide on, coordinate and manage those measures? Everyone needs to be familiar with the chains of command and status reporting requirements.

4. Recover connectivity, data and forensics. Because recovery often presents complex challenges requiring outside assistance, your plan should include coordinated responsibilities for three sets of players:

  • Qualified on-board personnel.

  • On-shore company specialists.

  • External cyber security partners.

Each of these steps involves tough calls that can prove detrimental if made without careful prior consideration. However, once a cyber attack is in force, you won’t have time for debate or errors. That’s why training is vital.

Train To Survive an Attack

Captains fear direct attacks on their ships, but threats targeting a company’s onshore systems can also leave a ship cut off, operating on counterfeit data or without connectivity. All too often, ships need outside assistance to get critical systems back online. Meanwhile, even reaching port can prove difficult or impossible if critical electronic systems are compromised or inoperative, particularly those involving navigation, propulsion and auxiliary systems. Officers, crew and onshore personnel will all need:

  • Established procedures to follow.

  • Training to ensure understanding and prevent miscommunications.

  • Periodic drills to ensure that everyone knows – and remembers – how to handle any number of cyber situations, including scenarios involving ransomware, corrupted data and loss of on-shore data.

Recover Through External Expertise and Assistance

Recovery. Malicious threats can rapidly exceed both shipboard cybersecurity capabilities as well as those of your company. In trying to counter an attack, your efforts may in fact worsen it by:

  • Destroying corrupted but irreplaceable data.

  • Compromising digital forensic evidence essential for identifying source and reach.

  • Hindering or preventing post-attack recovery.

For those reasons, you’ll need an external cyber partner who contributes to your cyber attack contingency planning and will guarantee assistance when you need it. The whole point of contingency planning and training is returning operations to normal.

 Prevention. Pinpointing the source of a cyber attack and the methodologies employed can require painstaking analysis and investment in external resources. However, the data gained is strategically valuable for both you and others:

  • Only by investigating the event and the conditions that led to it will you learn how to ensure it doesn’t happen again.

  • Developers and programmers use case studies to develop more technologically advanced systems and equipment embedded with secure components.

By sharing the experience and analytics gained, you help ensure that cyber attackers won’t be successful the next time. If you're ready for a cyber security partner dedicated to ensuring your maritime communications and VSAT services are always connected and secure, call BlueTide Communications at 337-205-6710, or visit our website.

 

Protecting Your Ship From Cyber Threats
Is It Possible To Stream Netflix, Hulu and Spotify...