Navigating the cyber seas

1. Who are common cyber threat actors in maritime?

There are 4 types of cyber threat actors that target the maritime industry. These include:

Insiders | Individuals who are working or worked before in the company and still have authorized access to the systems. They may use that access to steal sensitive information or disrupt operations. Insiders may also cause accidental damage, e.g. by inserting a malware USB in board computer.

Criminal groups | Individuals or groups that act for financial gain. They may target the maritime industry to steal sensitive information or disrupt operations in order to squeeze money from ship operators or other companies.

Cyber terrorists | Individuals or groups may target the maritime industry as part of a wider campaign to disrupt critical infrastructure, creating unstable and chaotic situations.

State or state-sponsored organizations | Individuals or groups that are funded or supported by a government. They usually have access to advanced tools and resources and may target the maritime industry as part of a larger espionage or sabotage campaign.

These groups may overlap and work together, and that the maritime industry is not only targeted by cyber actors but also physical threat actors.

‍2. What are common types of cyber threats in maritime?

There are several different types of cyber threats that can target the maritime industry, including:

Phishing | This is a type of cyber attack when the attacker is pretending to be from a legitimate source, e.g. an onshore team member, and trying to fraud the recipient to provide sensitive information or pushing to click a link which looks authentic but actually contains malware.

Malware | It is malicious software that can be exploited to get access to sensitive information, disrupt operations, or gain unauthorized access to systems. Examples of malware that can target the maritime industry include ransomware, which encrypts ship’s data and mandates payment to restore access, and remote access trojans (RATs), which allow an attacker control systems remotely.

Brute-force attacks | It is a type of cyber attack when an attacker tries various combinations of characters to guess a password or other authentication credentials. Often, crews may share the same account for multiple functions on the ship, therefore, getting unauthorized access may cause dangerous consequences.

Distributed Denial of Service (DDoS) attacks | These attacks increase traffic to systems multiple times to the aim to disrupt functions or take the infrastructure offline.

Advanced Persistent Threats (APTs) | Long-term cyber espionage campaigns that are typically carried out by state or state-supported actors. They may target the maritime industry to get access to sensitive information or disrupt operations.

Highly targeted attacks | These represent cyber attacks that are intentionally designed to exploit a particular vessel or shipping company. They typically involve the combination of malware usage or social engineering tactics.

Industrial Control Systems (ICS) attacks | This type is focused on exploiting or disrupting the control systems of ships, such as navigation or propulsion systems, which can have severe consequences on the ship’s operations and the crew’s safety.

Cyber threats are constantly evolving and new ones can appear in near time. With the increased use of digital solutions and increased connectivity, cybersecurity takes a significant place in operations of shipping companies.

3. How to increase vessel cybersecurity: plan & strategies

A vessel cybersecurity plan is a set of procedures to protect a ship and its system from cyber threats. It is a comprehensive document that outlines the potential risks, vulnerabilities and impacts of a cyber incident and includes measures that will be taken in case of a cyber attack. Some common strategies to secure vessel from cyber threats include:

Network segmentation | The strategy is about dividing a ship’s network into smaller segments, which are isolated to limit the spread of malware or unauthorized access.

Firewalls and intrusion detection/prevention systems | These include security measures to block unauthorized access and detect and prevent cyber attacks.

Patch management | This is the procedure of regular software updates and security patches to systems and devices on a ship to protect from known vulnerabilities.

Employee training | Crew members should be aware of the risks and take measures to minimize from being hacked.

Identity management | Assign unique identity to physical person, for auditing, identification and authentication purposes. For example, each employee should use their email address to get access to the systems and not a common email which is shared with multiple employees.

Incident response planning | This is a comprehensive plan that outlines every step that will be taken in the event of a cyber incident, including who will be responsible for reactive actions and how to communicate the updates.

Risk assessment | This covers the process of identifying and evaluating the potential cyber risks and vulnerabilities to the ship and its systems.

Regularly testing & monitoring | The process of running regular tests and monitoring the ship systems to detect any potential threats.

White hat testing | The strategy of commissioning white hat hackers or white hat companies to test the systems and conduct penetration testing.

Vessel cybersecurity plan should be reviewed and updated regularly to ensure that it remains effective and up-to-me in securing the ship and its systems from cyber threats.

4. How to manage cyber risks?

A cyber risk management approach in the maritime industry represents a process of identifying, assessing, and mitigating potential cyber risks. The process typically involves several fundamental steps.

Identify threats and vulnerabilities | This is the process of identifying the potential cyber risks to the ship, its network and its equipment, which covers both internal and external threats. This step may involve conducting a risk assessment to identify vulnerabilities and potential consequences.

Assess risk exposure | This step involves conducting a risk assessment of potential vulnerabilities. This includes assessing the probability of a cyber incident and its potential impacts, such as data loss, disruption of operations, ship damage, or reputational damage to the shipping company.

Develop and implement protective measures | Involves implementing measures and procedures to reduce or eliminate the identified cyber risks. This typically is represented by vessel cybersecurity plans and strategies.

Monitor and respond | Constant monitoring of the vessel’s systems and network, detection of any cyber dangers, and response with the required actions to recover from an incident.

Review and update | Regularly reviewing the current cybersecurity state, updating standards and implementing best practices to minimize risks from existing and new cyber threats.

Therefore, the cyber risk management approach should be tailored to the specific needs of the shipping company and its fleet. This is an ongoing process, as the maritime industry is continuously evolving and adopting digital solutions.

5. Bonus: Cybersecurity checklist for vessels that can be implemented now

(based on best practices and Kaiko Systems experience)

Password Management

• Update the admin password (always use a strong password) on critical systems and devices on your network.
• Update your passwords regularly and use multi-factor authentication, where applicable.
• Train your crew about cybersecurity. Explain how to store passwords, use multi-factor authentication and protect from phishing and other social engineering attacks.

Network Security

• Eliminate access via the Internet to your critical infrastructure.
• Double-check all onboard Wi-Fi networks.
• Segment networks for your bridge, engine room, crew, and Wi-Fi on board.
• Eliminate unsecured wireless devices and services on your network.

Equipment Security

• Update the software on your critical systems and devices
• Lock up USB ports on all ship systems
• Lock up your IT and OT equipment on the ship