It’s Time to Prepare for a Maritime Cyber Attack. Though, You’ve Probably Been Hacked Already…
When working on the water, you may feel like you are a world away from hackers and cyber-attackers, but unfortunately, there is no escape (unless you happen to have washed up on a deserted island).
The maritime industries and marine researchers are at as great a risk as anyone to having computer systems and data hacked and corrupted. And in the worst cases, marine vessels and autonomous vehicles could be disabled or even weaponized by hackers.
At the recent “Call to Action” symposium facilitated by the Marine Technology Society Maritime Cyber Security and Infrastructure Committee and the United States Maritime Administration (MARAD), experts from industry, the Navy, Coast Guard, and Merchant Marines gathered to share examples of maritime cyber-attacks and raise awareness about prevention strategies.
The symposium included keynotes from Maritime Administrator Rear Admiral Mark H. “Buz” Buzby, USN, Ret., and John Felker, Assistant Director of DHS’ Cybersecurity and Infrastructure Security Agency (CISA).
Eighty percent of large maritime companies (with more than 400 employees) have already experienced a cyber-attack. That’s the shocking statistic shared by, MARAD Administrator, Rear Admiral Mark H. Buzby (USN, Ret.). And, unfortunately, the attacks will only escalate and get more sophisticated. When more than 90% of the world’s commerce travels by ship, that’s even more unsettling. Why do cyber-criminals do it? Theft…disruption…chaos.
What Makes You Vulnerable to Cyber-Attacks?
There are not many cyber-security policies or best practices to follow. While the military has many security procedures in place, the world’s commercial and research vessels have been on their own without a cyber-security playbook of best practices to help protect themselves.
Hardware and software don’t get updated regularly. Are security patches and manufacturer updates being routinely implemented on all your systems? If not, you are vulnerable.
Your entire team doesn’t practice good cyber-hygiene. Do you train everyone who comes in contact with your systems about cyber risks, including people using email on your computers?
People are plugging USB drives into your computers. If so, that is a significant risk for transporting malware or viruses.
Are you starting to get nervous? Don’t worry; there are ways to begin to batten down the cyber hatches.
Tighten Your Security
Assess your risk. John Cartner, a maritime legal expert at Cartner & Wolf, says that many companies have never done a risk assessment. Work with an IT expert or walk through your system yourself and examine the basics. What IT protections do you have in place; who has access to your systems; how often are they updated; how often are passwords changed; are external drives used in your systems?
Develop a “Plan B” – If your systems are hacked, what could happen? What is your back-up plan? Imagine the worst-case scenario and plan for it.
Basic email and account security. If you have employees, interns, students, or temporary workers coming and going, do you change system passwords when people leave? Do you ensure that you don’t have generic emails and passwords that stay in place after people leave? Email and account password security is the first step in reducing your risks.
Question the Data. Have you gotten data that just seems off? Don’t assume that it is correct. You could be getting bad data because of an attack. Keep that in mind before acting on suspect information.
As scary as all this can be, a team effort and data sharing in the maritime and marine research communities are key to combating the issue – and Artificial Intelligence may help too. Panelist, Jeffrey Irtenkauf, of Ball Aerospace, proposed that A.I. systems could be trained to uncover hacks and react more quickly than you can in protecting your systems and if data or information is suspect.
Leadership has to own this issue; this is not an IT or a CIO issue – Boards of Directors and CEO’s have to take responsibility for cyber protection – that’s how important it is, stressed John Felker, Director of DHS’ National Cybersecurity and Communications Integration Center.
View an archive of the symposium can be viewed on Maritime TV at the Cyber-Skilled Mariner “Call to Action” site.
Interested in maritime cyber-security? Join the MTS Maritime Cyber Security and Infrastructure Committee and work together on solutions. Learn more about membership in MTS.
Author: Lisa Stryker, Communication Specialist, Marine Technology Society