IMO mandate raises the stakes for cyber protection
Maritime cyber crime is a problem that’s growing exponentially; one US-based consultancy estimated in 2020 that cyber attacks on the maritime industry’s operational technology (OT) systems had increased by 900% in the previous three years. Effective from 1 January this year, IMO Resolution MSC.428(98) obliges shipowners and managers to assess cyber risk and implement appropriate procedures and countermeasures as part of a ship’s safety management system.
Andrew Hill, an executive director and cyber coverage specialist at insurance brokerage Willis Towers Watson (WTW), believes that shipowners are finally beginning to wake up to the dangers of lapse cybersecurity. He comments: “There was perhaps, until recently, some complacency within the sector that cyber risk was not an issue for shipowners. Highly publicised cyberattacks against several of the largest shipowners in the world and an ongoing transition towards automated operations have, however, dramatically altered the perception of cyber threats within the industry.”
Given that such expertise is often not available in-house shipowners are increasingly engaging third parties such as Tel Aviv-based security company Cydome, a team of maritime and cybersecurity professionals, who have joined forces with the aim of creating full spectrum protection for vessels, fleets and offshore facilities.
“Our clients’ main concern nowadays is understanding what will be the impact on their organisation from the new IMO cybersecurity regulation,” says Cydome’s co-founder and COO, Avital Sincai. “Our offer includes cyber risk analysis, maturity assessment process and gap analysis and of course an end-to-end cybersecurity solution for real-time protection. The final report details high severity vulnerability for each vessel [with], critical asset and mitigation plan.”
In cybersecurity terms, a ship may be exposed to different threat scenarios than those associated with land-based assets. Sincai says: “The threat actors [on land] would be cyber criminals and hacktivists with a desired outcome to gain mostly financial benefit. With vessel hacking the threat actor could be a third party contractor doing remote maintenance to a vessel that can create financial loss and vessel-critical asset destruction (such as main engine damage). But it could also be nation states and terrorists with a desired outcome to affect the vessel, interrupt its sailing route, disrupt navigational capabilities or destroy main vessel systems.”
The critical asset targeted might be the VSAT router, GPS, ECDIS, AIS, main engine systems, stability and ballast systems, cargo system or others. In short, the benefits of improved crew welfare, ship-shore communication and remote fleet management create new vulnerabilities for onboard systems. Cydome’s analysis of recent incidents discovered that often ship operators are not aware that failing to protect critical onboard assets allows hackers to exploit well-known weaknesses to execute the attacks.
Mike Yarwood, managing director of TT Club’s Loss Prevention department, tells The Naval Architect that cyber criminals are becoming increasingly more nuanced in their modus operandi. Yarwood comments: “Ransomware attacks are more targeted than previously, they are no longer the ‘shotgun’ approach of seeing who falls. They are now tailored to the target in terms of the demand made.
“Historically there may have been a simple request for US$500.00 in Bitcoin to release access to systems. Today, the demand is tailored to the turnover of the company. There has also been a change of direction insofar that a ransomware attack used to involve a simple denial of service. Now the attacker might also raise the stakes by throwing in a threat to not only deny access, but to share sensitive data on the dark web.”
WTW’s Hill concurs: “Ransomware has emerged over the last 12 months as arguably the single biggest cyber threat. The ransom demand itself is invariably not the great source of loss, rather it is the disruption to the business operations due to the encryption of files that are being held ‘hostage’ that can have a devastating financial impact on the organisation.”
For the full article please see the May 2021 edition of The Naval Architect.