Ships Afloat Are a Cybersecurity Risk

Cybersecurity has not been a high priority for the maritime industry.

by Eric Holdeman / August 22, 2019

If you think about how technology dominates about every aspect of mechanical operations these days, from trucks, to cars, to trains — what about ships?

The shipping industry in general is highly vulnerable due to the lack of expertise in the workforce (nay, maybe even interest), and the leadership having not grown up in any technological environment. However, today the ships, cranes, cargo management and equipment all have technological components. Just think about the navigation of a ship and how hacking their GPS system to put them off course might have disastrous consequences to the ship, crew and the environment. 

See this "guest posting" on the topic. Yes, it is from a vendor, but the risks highlighted are right on the mark. I suppose if you are in Iowa or Nebraska, you might wonder how this impacts you, but think about all the things you use and "where did they come from and how did they get here?"

Securing Maritime Assets Demands a New Approach

At this moment, cyberattacks threaten thousands of vulnerable cargo ships, which carry billions of dollars' worth of goods. Due to the lack of maritime-specific cybersecurity solutions, vessels are highly susceptible to digitally led hijackings or even ransomware. This threat can wreak havoc on global shipping — the backbone of modern economics. With artificial intelligence functionality, future solutions include autonomous safety mechanisms which recognize that they are the sole line of defense.

Unlike enterprises or fixed-location systems, maritime vessels face unique challenges due to rotating crews and remote positions. A lack of industrywide cybersecurity practices has robbed the industry of hundreds of millions of dollars. Turning a blind eye to this danger is an open surrender to cyberattacks, leaving countless openings for opportunistic hackers to infiltrate ships’ software systems.  

Hijacked ships being held for ransom or run aground into a reef or dock, risks catastrophic damage to humans and natural habitats alike. Beyond that, the blow dealt with a company’s reputation may take years to recover from, resulting in a significant loss of revenue and consumer confidence. Notably, Maersk’s 2017 cyberattack had a rapid response, resulting in a minimal loss of only $300 million.

In order to secure investments and ensure security, practical solutions must act on their own, without human intervention.

Unique Challenges
Today’s market has no lack of quality cybersecurity software, but when it comes to the maritime industry and its unique set of challenges, most of the existing solutions do not fit.

Legacy solutions lack viability. No cybersecurity software accounts for protecting a floating mini-city forced into radio silence. Cargo ships, cruise liners, and offshore rigs face greater cybersecurity challenges than the International Space Station. The difference is: Astronauts spend two years preparing for a single mission, while deckhands have zero computer expertise.

Modern maritime vessels rely on unstable, low-bandwidth and choppy communication. With such a massive area and so few people, there is no room for an IT expert. In reality, the inability to secure a vessel with maritime-focused cybersecurity solutions is of greater concern than a poorly screened crew.

These increasingly digitally-managed ships rely on outdated systems, some running Windows XP, without a means to properly encrypt information. If a compromised ship has been given new coordinates, the onboard system has no cloud to rely on and no IT department to ask. Tech support is simply unavailable at sea.  

Even if a ship’s captain were to determine that a security breach has occurred, they would have no way to address it. Without regulated protocols to secure all connected devices from ship to port, the frequency of cyberattacks will continue to climb.

Solutions
Crews and cargo transport all kinds of smart devices — each a potential gateway for hackers. The first step to countering a cyberattack is acknowledging it. Any viable system which is expected to block an attack cannot shut down and wait for instructions. The risk of irreversible damage is too great. 

Understanding the uniqueness of the challenge and the seriousness of the risk, we at Elron found only one solution that was able to fully meet the needs of securing maritime environments in front of cyber-risks.

Composed of ex-naval officers and cybersecurity experts, Naval Dome is the first multilayered cybersecurity solution for critical onboard systems. Offering remote secure access, over-the-air updates, and anomaly analysis, this application acts as an onboard IT team. It is the first of its kind to offer a hands-off solution. It addresses both internal and external threats, and invaders can never reach the navigational or operational systems.

Conclusion
An immobile ship loses money and a compromised ship ruins reputation. With our global economy becoming increasingly accessible, we at Elron expect to see a rise in global shipping and cruising. A secure maritime industry is a secure global economy.

To make this a reality, the ecosystem must develop and implement maritime-specific solutions. Rapid and autonomous response cybersecurity solutions are the only option. Patchworking legacy solutions are ineffective and risk the whole ecosystem.

A product that can act quickly and self-correct is an essential piece of technology when it comes to a vessel’s security. Simply encouraging companies to implement a cybersecurity solution by 2021 is not enough. We are investing in securing the industry today.

 

Platforms & Programs