Last week it was reported that cyber-attacks on Operational Technology (OT) in the maritime industry had increased by an incredible 900% in the past three years. As part of theICEway ecosystem of companies, CRIBB Cyber Security has been working alongside a number of clients in the maritime industry, including cruise, therefore we wanted our security expert Patrick Carolan to look a little deeper into this worrying statistic…

A 900% rise is clearly a considerable one no matter what the circumstances, but to truly appreciate what it means we must quantify it with the actual numbers.

Three years ago, a total of 50 of the OT hacks that were reported were considered to be significant. Then, one year later, that number had more than doubled and risen to 120; last year, there were more than 310 and now it seems that 2020 is going to end with over 500 – that is simply staggering.

Top Tip: In Maritime and looking for assistance with cyber security? Contact us today and quote ‘CMCAJuly20’ to gain access to our brightest and best…

Let’s now add a bit more context behind these figures with some actual examples.

Ports in Barcelona and San Diego became the first to be affected in 2018, when an attack affected certain systems and servers in the former, and a cyber security threat caused disruption to the latter’s information technology systems.

The Australian shipbuilder Austal was also targeted, with an attack on COSCO taking down 50% of their US network and leading to the leakage and access of email addresses and mobile phone numbers of customers and some staff members.

Earlier this year, the pipeline operator and shipping company MSC was hit by malware which saw the shutting down of their Geneva HQ for almost a week. Just last month we also heard about the Shahid Rajee port in Iran becoming the victim of hackers, so it is clear that cyber criminals are actively targeting high-profile figures within the maritime industry, where connectivity between vessels has become just one factor leaving it open to such acts.

CRIBB ran an article late last year in which we referred to a hypothetical Lloyd’s of London report stating that if 15 Asian ports were hacked at one time, the financial losses would be huge and largely unrecoverable as OT system hacks are not covered by insurance policies.

If we then consider the fact that all parts of the OT system are under threat, and that digital transformation in maritime is growing ever-swiftly, it becomes even clearer just how critical the situation is becoming.

What can be done to combat the threat against OT? First and foremost, it is crucial that the difference between OT and IT security is understood and made very clear; attacks can be made on the OT side and end up affecting the IT side, with little segregation between networks. Making that initial distinction will allow for companies and organisations to set their defences up accordingly, and there of course lies the really important part – ensuring that the highest level of cyber security standards are met, with robust policies and processes implemented and maintained.

How can CRIBB Cyber Security help? We are an official certification body that is backed by the UK government, and we enable theICEway ecosystem of companies to provide clients with a ‘security by design’ framework.

Our professional team has all the experience and knowledge to help you with governance, compliance, certification and data protection, with our efforts underpinned by a simple yet highly effective mantra; be careful, be defensive, be compliant and be secure.

Our experience in maritime is particularly extensive and has allowed us to develop a solution specifically for the maritime industry: CRIBB Maritime Cyber Assurance (CMCA).

CMCA is recognised by the IASME Consortium and is designed to offer clients the opportunity to increase protection, to improve defences, and to achieve the highest level of compliance possible. An affordable alternative to ISO27001, this unique framework guarantees a review of current policies and processes by experienced and certified cyber security professionals, full consultation throughout and assistance with security policies, ultimately providing an in-depth evaluation of your existing compliance levels. Read more here

Glossary

theICEway ecosystem of companies – Comprising of CRIBB Cyber Security, ICE Technology Services & eTestware, theICEway is dedicated to working with your IT teams to deliver technology projects, application managed service and cloud strategy

The OT System – This includes the network connecting RTGs (covering transactions), ‘Ship-To-Shore’ cranes, traffic control systems, berthing systems, cargo handling and safety / security systems

ISO27001 – An information security standard