The Challenge of Cybersecurity for the Shipping Industry

The shipping industry has long had to contend with the threat of seagoing pirates. However, more recently shipping has joined the growing list of business sectors vulnerable to a new kind of security threat–hacking.

In the face of this rising threat, shipping owners and industry leaders the world over are looking for better ways to protect their personnel, customers, data and cargo from cyber attacks.

To that end, a new report from the Baltic and International Maritime Council (BIMCO) has laid out a set of guidelines for cyber security aboard ship. Here are a few highlights of the report.

Integrating Systems Can Open Backdoors

One of the main takeaways from the report is that vulnerability increases with more regular use of the internet aboard ship, and with Information Technology (IT) sharing network space with Operational Technology (OT), or the ship’s protocol.

Maritime signals have been intercepted since before the compass and telescope were invented. Now, with SMS, email and VoIP messaging, there’s infinitely more potential for interference than ever before. And unlike with radio waves, it’s far less likely to occur by accident.

The first line of defense for shipping operators is to understand the differences between “controlled” and “uncontrolled networks.” The controlled networks are those that stand alone and do not function on the same platforms or devices as anything with internet access, such as email. All safety-related data should be stored on a controlled network, or better yet, kept offline altogether.

Malware: The High-Seas Treasure Nobody Should Accept

Malware, or malicious software, is is one of the greatest threats to onboard systems from hackers. Ships of goods crossing the sea, and the systems aboard those ships can be particularly susceptible to malware.

One of the greatest threats to on-ship systems comes from crewmembers, or anyone with access to operational systems, installing a software that can sabotage its functionality — either intentionally or by accident.

The guidelines laid out in the report call for regular updates of malware defense systems. However, there is software out there on the market that is literally nothing more than malware in disguise.

It’s best to always check systems manually to detect software that doesn’t belong. It’s also recommended to use a trusted IT resource to help your personnel identify and report malicious software.

Recognize the Signs at the Intersection of High Seas and Worldwide Web

“In centuries past, the sea was a primary domain of commerce and communication over which no one actor could claim complete control, much like the internet today,” wrote Peter W. Singer and Allan Friedman, in Cybersecurity and Cyberwar: What Everyone Needs to Know. “While most just used the sea for normal commerce and communication, there were also those who engaged in bad deeds, again much like the internet today.”

What’s so unique about high-seas internet piracy is the venue it’s played out in–the intersection of real and virtual oceans. As cyber threats become more prevalent around the world, the threat to shipping from cyber attacks is also likely to increase.

While the guidelines laid out in the BIMCO report offer some good advice for dealing with this growing threat, protecting ships and the shipping industry in general from internet threats requires vigilance from individual crewmembers, just as it did in days gone by, when it was up to every individual crewman to keep an eye out for ships flying the ‘Jolly Roger.’

If you need a partner to strategically manage and move your products out of port and onto their final destination, be sure to download our latest eBook — Speeding Time-To-Shelf and Cutting Costs — a must read for today’s shipping industry professionals.