Cyber security to be developed for critical maritime infrastructure

At the same time, London-based law firm Ince and Mission Secure have unveiled a specialist cyber security solution for shipping.

These separate developments come as the shipping industry is warned it is lagging behind other industrial sectors in deploying cyber security by Lloyd’s Register’s cyber security services provider Nettitude.

In Canada, Davie Shipbuilding is working with Neptune Cyber and Polytechnique Montréal on a five-year research and development project to produce practical cyber security for maritime infrastructure, including terminals, ports and ship fleets. They will develop security to prevent communications systems being hacked, computer viruses, ransomware and illegal remote interaction of navigation systems.

“There is an urgent need for a better way to understand, model and plan for the risks the maritime industry is facing now and into the future,” said Neptune Cyber chief executive Gwilym Lewis. “This project is a great step in that direction and a demonstration of our long-term commitment to creating positive change.”

Neptune Cyber and Davie will contribute C$1.7M, of which C$500,000 will be in cash and C$1.2M in support and equipment for the duration of the project.

In the UK, Ince introduced InceMaritime as an integrated legal advisory, business consultancy and technology offering for the maritime sector. Ince will use this platform to launch further managed service solutions in key areas for the maritime industry.

InceMaritime will provide clients with a fully integrated cyber security offering that protects onshore and on-vessel operational technology (OT) networks, safeguards operations, and ensures compliance and business continuity.

“Cyber security is one of the industry’s greatest challenges,” said Ince global senior partner Julian Clark. “The threat level and sophistication of hackers increases every day with the result that many shipping companies do not fully appreciate the seriousness of the issue they face,” he said. “The combination of the new IMO requirement together with the devastating impact a cyber attack can have on their operations creates yet another burden for those engaged in vessel operation.”

The joint proposition includes a full audit of a company’s existing policies to ensure compliance in line with IMO’s new International Shipmanagement Code for Cyber Security Guidelines (IMO 2021). It comprises implementation of the Mission Secure platform, built for OT cyber protection and hardening vessels’ control system networks against cyber threats.

Shipowners and managers can call on Mission Secure managed services, providing 24/7 cyber security monitoring, threat hunting, and incident response support for continual vessel resilience and Ince’s legal and crisis management services in the event of a cyber attack.

• Shipping urged to improve cyber vigilance
• 5 technologies to revolutionise post-Covid maritime
• Hurtigruten suffers cyber attack
• Port of Los Angeles strengthens cyber security with US$6.8M contract
• Owners urged to verify bridge system security

These developments come a month after IMO 2021 enforcement started, with ship operators having to ensure cyber risk management is within ships’ security management systems. IMO requires shipowners and operators to integrate the management of cyber risks in their security practices at the next annual validation of their IMO certification.

Shipping is already in the cyber threat firing line and needs to improve its security, said Nettitude chief technology officer Ben Densham. He warned of the rising risk of cyber incidences involving ransomware and targeted assaults in maritime. “As the pace of shipping’s digital transformation accelerates, the threat surface is expanding all the time,” Mr Densham warned.

“The onset of the pandemic has coincided with a marked increase in malicious attacks. The combination of circumstances provides more opportunities for hackers and, as a result, all parties in maritime must exercise utmost vigilance,” he said.

Mr Densham noted hackers who find their way into digital systems are targeting increasingly complex supply chains through sophisticated methods. He drew attention to the recent high-profile cyber-attack on SolarWinds, a US federal software contractor, widely thought to have been state-sponsored. Hackers planted malicious code in software which then lay dormant for a number of weeks before being triggered to attack government departments, federal agencies, many Fortune 500 companies and Microsoft Azure cloud services.

On taking over as US president on 20 January, Joe Biden ordered an immediate investigation into the SolarWinds incident, the full extent of which is still not clear.

So far, shipping is not thought to have been affected by the SolarWinds attack, but Mr Densham pointed out that growing sophistication across the hacking community needs to be met with the utmost security diligence, saying maritime industries need to catch up with sectors already improving security, such as logistics and offshore.

Neptune Cyber chief executive Gwilym Lewis provided his knowledge and experience during Riviera’s Cyber Security Webinar Week in August 2020 - use this link to view these webinars in Riviera’s webinar library

Cyber security issues and solutions in maritime will be discussed during Riviera’s series of virtual conferences and webinars during 2021 - use this link to access more details and register for these events