How to secure the bridge from cyber attacks
Leading navigation experts Nautisk discuss how to close the cyber backdoor on ships’ systems and data to secure the bridge from unwanted hackers.
Piracy was once the scourge of the seas. Today cybersecurity has now become of the most important issues for the shipping industry. The rapid growth of broadband connectivity within operations has made unprotected navigation and data systems easy prey to today’s cyber adversaries. But should we all throw our hands in the air and despair about the prospects of a vessel’s security?
“Cybersecurity should be straight forward,” explains Nautisk’s Kristian Gøbel.
“Look at your vessel as a branch office and secure it the same way.
“If you have an office that holds data that’s sensitive or vital to your network, you would prioritise it, and perhaps secure it more than an office that does not. You should consider your vessel in a similar way, as a branch office handling vital data.”
Whether it is for financial gain or simply to disrupt, hackers could be looking to exploit any cyber porthole that’s left open on a vessel. Mapping your data and considering your weaknesses is the starting point. A common task, such as the process of downloading digital charts, is likely to register as a security risk. Similarly the method your vessel connects to the outside world, such as satcoms, is a potential vulnerability.
“Undertaking even a rudimentary security audit of your existing operations will reveal common loopholes that can be secured quickly,” comments Gøbel. “Look at some of the basics, such as your IP addresses, default passwords and your schedule of software updates, and you’ll be half way there. Keep the system up to date and you make it less vulnerable to attack.”
Segregating on-board systems such as the engine room, crew, wifi and bridge will keep the threat of a virus or hacker contained rather than spreading through the ship. A common security weakness originates from crew members’ personal devices that can offer a route into a ship’s systems. Phones and USB sticks are prone to transfer malware so it is important that any operation systems such as ECDIS that are often updated via USB should follow a strict closed console policy.
“Crew may not like it but this means restricting personal devices in the same network as the company computers. Using USB sticks for transfer of data between devices makes our lives easier, but you need to prevent their use as this is a potential major security breach.”
Securing the ECDIS has been a focus for Nautisk, which has invested in the development of an automated updating system called NaviUpdate. The rules around choosing to use new technology like this are simple to follow. They should feature robust protection such as a firewall and anti-virus, or eliminate manual tasks such as data on USB sticks where malware can enter a network.
“Above everything,” adds Gøbel, “ensure that any technology provider you are thinking of engaging can demonstrate their own security practices. For many shipping companies that may require a culture change in management and crew, but they should be thinking about it right now before it’s too late.”
There are three key improvements you should make to your security.
1. Embrace a security-aware culture that will help reduce the vulnerability of the bridge.
2. Introduce tools – hardware and software – to strengthen your defence as part of your overriding security strategy.
3. Train the crew to understand the risks and their responsibilities on board.
For most it will be uncharted water but the crew is the easiest target for cyber threats through individuals’ own online activity on personal devices. But with adequate knowledge they can become the ship’s initial defence mechanism to identify a security threat, record it and deal with it.
Gøbel concludes: “Every week we hear about cyberattacks that have become more sophisticated and it is imperative as a vulnerable industry relatively new to digital operations that we are equipped to minimize damage and reduce the risk of attacks.
“We’re doing it in our offices and with the products we develop. On ship should be no different. It is time to not only to ‘tool up’ technologically but to get crews skilled up.”
Source: Kristian Gøbel, Head of Development at Nautisk. Article Arranged on Behalf of Hellenic Shipping News Worldwide (www.hellenicshippingnews.com)