Secure@Sea: by Corey D. Ranslem
Cyber security for the global maritime industry continues to be a concern that most seem to be ignoring. Over the past few weeks, I have read several news articles and columns from experts that say cyber security attacks against the global maritime industry have gone up over 900% during the past three years.
That statistic is staggering, and it also does not appear that many people within the industry care or are doing much to protect their vessels and shore-side assets. In my previous column, I provided an overview of the coming IMO regulations (Resolution MSC.428(98) and additions to ISM plans required for cyber security compliance in 2021. Many experts believe these regulations will be the first of many regarding cyber security as the number of attacks against the maritime industry continue to rise exponentially. These regulations do include large yachts.
There is a simple framework that has been put in place by NIST (National Institute of Standards and Technology) in the United States (the NIST Framework). This standard is the basis for putting together a good plan to help mitigate cyber security-related issues for a vessel, facility, or company.
The standard framework has five parts that are easy to apply to a cyber security-related plan: Identify, protect, detect, respond, and recover.
The first step is to identify all assets, network set-up, OT/IT devices, any vulnerabilities with the network and devices, and who has internal and external access, along with any cyber security-related procedures and how well those procedures are followed. It is a good idea to have an outside organization provide this assessment as they can provide a non-biased opinion of how things look within a vessel or organization.
Once the networks are assessed, look at how that network -- along with all the devices, personnel and infrastructure -- is protected. One of the major issues found outside of physical security is personnel training. Organizations spend hundreds of thousands of dollars (and in some cases, millions) to protect their network infrastructure but fail to provide basic and recurring training to the people who use that network.
The third step involves putting in place the tools to detect any potential intrusions or malicious activity within the networks. Many firewall devices, routers and network devices have basic security that provides intrusion detection, however these detection tools need to be set up and someone needs to look over the logs to determine what is and is not normal within that network. There are also advanced tools that can be used to monitor the networks along with the endpoint devices within that network for potential vulnerabilities. It is more effective to work with an outside vendor to provide this type of service. Most small companies and vessels don’t have the capability to configure and monitor the output from the detection devices.
The fourth step involves the response to an attack. There are multiple types of attacks from simple to complex and can involve individuals all the way up to state actors. The complexity of the attack is not always determined by the attacker. Part of the IMO regulations involve a response plan to a potential attack. Every vessel, organization and facility should have a response plan in place to immediately deal with the attack and mitigate any long-term damage. This includes having back-ups to critical data, secondary infrastructure to bring online, or alternative communication systems. This also includes the immediate mitigation activities to help prevent the further spread of the attack.
The fifth and final step is recovery. How does the vessel, facility or organization get back to business while putting in place steps to mitigate future attacks? Any entity that has been attacked will do things differently moving forward.
There is always a lot to consider when it comes to cyber security and protection of vessels that move all over the world. If a potential attacker perceives any type of difficulty in attempting to attack a system, he will most likely move to another target.
The maritime industry has a number of vulnerabilities and threats along with unique challenges. Following a good plan and process will help protect a vessel, just as it’s possible to help protect a house with a security system and a sign in the front yard.
Corey D. Ranslem is CEO at International Maritime Security Associates (www.imsa.global). With more than 25 years of combined Coast Guard and maritime industry experience, he aims to enhance the way mariners handle security threats and risk management. Comments are welcome below.