They don't see the vulnerability.
I had the opportunity to observe the maritime industry up close when I was director of security for the Port of Tacoma (almost six years ago). My observation then was that the people who make up the industry have never thought of themselves as technology companies or even being attuned to what technology can do for their businesses. A telling comment came from the deputy director at the port. Apple iPads had recently been fielded (2010) and I suggested purchasing an iPad for each of the port's elected commissioners. His reply went something like, "Here in the maritime industry we are not oriented on technology, nor progressive in that area." This from a top 10 port. There are many more small companies that move goods, have trucks, drivers, etc., and really don't understand their vulnerability. See the article below for survey results of the industry.
Homeland Security Today: Survey Finds U.S. Maritime Industry Unprepared for Cyber Attacks
Rapidly evolving technologies deployed throughout the U.S. maritime industry to increase efficiency and competitiveness present significant cybersecurity risks that the industry is unprepared to shoulder, according to the Jones Walker LLP Maritime Cybersecurity Survey. The law firm’s survey reflects the responses of 126 senior executives, chief information and technology officers, non-executive security and compliance leaders, and key managers from U.S. maritime companies. The respondents represent key sectors in the maritime industry and include professionals from small, mid-size, and large companies. The survey found that nearly 80% of large U.S. maritime industry companies (those with more than 400 employees) and 38% of all industry respondents reported that cyber attackers targeted their companies within the past year. Ten percent of survey respondents reported that the data breach was successful, while 28% reported a thwarted attempt. Small and mid-size companies are far less prepared than larger companies to respond to a cybersecurity breach. All respondents from large organizations indicated they are prepared to prevent a data breach, while only 6% of small company (1 to 49 employees) respondents and 19% of mid-size company (50 to 400 employees) respondents indicated preparedness. The survey discovered that many small and mid-size companies lack even the most fundamental protections, exposing them to huge potential losses. 92% of small company and 69% of mid-size company respondents confirmed they have no cyber insurance. In contrast, 97% of large company respondents have cyber insurance coverage. Less than 15% of companies are using multi-factor authentication for remote access, or providing off-site backups in physically secure locations. 60% said they are unprepared to deal with negative public opinion, blog posts, and media reports after a data breach; 49% are unprepared to minimize the loss of customers’ and business partners’ trust and confidence after a data breach; 70% are unprepared to respond to a data breach involving business confidential information and intellectual property; and 70% are unprepared to respond to the theft of sensitive and confidential information that requires notification to victims and regulators. The majority of respondents (69%) expressed confidence in the maritime industry’s cybersecurity readiness, while a minority (36%) believe that their own companies are prepared. Lee says there is a real disconnect between how stakeholders view the maritime industry’s overall preparedness level versus how they see their own shops. “By and large, they view the industry as prepared, but their own companies as unprepared. That is like saying that my neighborhood is safe, but my house is a hotbed of crime,” he said. “What I take away from this is that the respondents are likely wrong about the industry, and right about their own companies.”
This article was shared by Robert J. Coullahan