Last week it was reported that cyber-attacks on maritime Operational Technology (OT) had increased by 900% in three years. As part of theICEway ecosystem of companies, CRIBB Cyber Security works alongside clients in the maritime industry, including cruise. Therefore, we wanted our security expert Patrick Carolan to look a little deeper into this worrying statistic. A 900% rise is clearly a considerable one no matter what the circumstances. However, to truly appreciate what it means, we must quantify it with the actual numbers.

Three years ago, a total of 50 of the OT hacks that were reported were considered to be significant. Then, one year later, that number had more than doubled and risen to 120. Last year, there were more than 310. 2020 is on course to end with over 500 – that is simply staggering.

Top Tip

In Maritime and looking for assistance with cyber security? Contact us today and quote ‘CMCAJuly20’ to gain access to our brightest and best…

Let’s now add a bit more context behind these figures with some actual examples.

  • Ports in Barcelona and San Diego became the first to be affected in 2018. An attack affected certain systems and servers in the former. For the latter, a cyber security threat caused disruption to its information technology systems
  • The Australian shipbuilder Austal was also targeted, with an attack on COSCO taking down 50% of their US network. This led to the leakage and access of email addresses and mobile phone numbers of customers and some staff members
  • Earlier this year, the pipeline operator and shipping company MSC was hit by malware which saw the shutting down of their Geneva HQ for almost a week. Just last month we also heard about the Shahid Rajee port in Iran becoming the victim of hackers. It is clear then that cyber criminals are actively targeting high-profile figures within the maritime industry, where connectivity between vessels has become just one factor leaving it open to such acts

CRIBB ran an article late last year in which we referred to a hypothetical Lloyd’s of London report. The report stated that if 15 Asian ports were hacked at one time, the financial losses would be huge and largely unrecoverable. This is due to the fact that OT system hacks are not covered by insurance policies.

Consider the fact that all parts of the OT system are under threat from cyber-attacks on maritime. Then add the fact that digital transformation in the industry is growing ever-swiftly, and it becomes even clearer just how critical the situation is becoming.

What can be done to combat the threat against OT?

First and foremost, it is crucial that the difference between OT and IT security is understood and made very clear. Attacks can be made on the OT side and end up affecting the IT side, with little segregation between networks. Making that initial distinction will allow for companies and organisations to then set their defences up accordingly, and there of course lies the really important part. Ensuring that the highest level of cyber security standards are met, with robust policies and processes implemented and maintained, is critical.

How can CRIBB Cyber Security help? We are an official certification body that is backed by the UK government. We enable theICEway ecosystem of companies to provide clients with a ‘security by design’ framework.

Our professional team has all the experience and knowledge to help you with governance, compliance, certification and data protection. Our efforts are underpinned by a simple yet highly effective mantra; be careful, be defensive, be compliant and be secure.

Extensive maritime experience

This experience has allowed us to develop a solution specifically for the maritime industry: CRIBB Maritime Cyber Assurance (CMCA). CMCA is recognised by the IASME Consortium and is designed to offer clients:

  • The opportunity to increase protection
  • Improve defences
  • To achieve the highest level of compliance possible

An affordable alternative to ISO27001, this unique framework can help with cyber-attacks on maritime. It guarantees a review of current policies and processes by experienced and certified professionals, full consultation throughout and assistance with security policies. Ultimately, it will provide you with an in-depth evaluation of your existing compliance levels.

Read more about our CMCA solution.

Glossary

theICEway ecosystem of companies – Comprising of CRIBB Cyber Security, ICE Technology Services & eTestware, theICEway is dedicated to working with your IT teams to deliver technology projects, application managed service and cloud strategy

The OT System – This includes the network connecting RTGs (covering transactions), ‘Ship-To-Shore’ cranes, traffic control systems, berthing systems, cargo handling and safety / security systems

ISO27001 – An information security standard