DNV GL principal specialist Mate Csorba conducted a survey of delegates at Riviera’s Maritime Cyber Risk Management Summit in London in June. During his presentation he said the increasing trend of adopting the internet of things (IoT) on vessels, for example inside dynamic positioning systems and ship networks was raising the threat of cyber incidents.
The use of IP-enabled devices and software updates multiples the times malware could be introduced to ship systems. Mr Csorba said the majority of cyber incidents were unintentional malware intrusions or device failures. In the survey, he asked whether shipping companies and personnel were aware of the cyber attack threats. Here is a representation of the answers to his questions.
Are navigation, maintenance and propulsion networks connected to the internet?
56% Yes
44% No
Is it possible to connect to navigation, maintenance and propulsion networks via a USB port?
78% Yes
22% No
Does the vessel have a WiFi network?
77% Yes
23% No
Have the vessels’ information systems undergone risk analysis?
38% Yes
62% No
Are updates downloaded from software developers’ official websites?
75% Yes
25% No
Do ship information systems undergo remote maintenance?
58% Yes
42% No
Are there anonymous or generic login accounts with access to these vessel’s networks?
54% Yes
46% No
Is there a system for surveillance for anomalies affecting the information system?
46% Yes
54% No
What are the attack vectors of cyber security threats and incidents? | ||
Threat source | % of incidents | Incident type |
Hackers and terrorists | 9.40% | intentional |
Insiders | 10.60% | intentional |
Human error | 11.20% | unintentional |
Malware | 30.40% | unintentional |
Device or software failure | 38.40% | unintentional |
Credit: Repository of Industrial Security Incidents/DNV GL |
© 2023 Riviera Maritime Media Ltd.