Riviera – News Content Hub | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Inmarsat chief of staff Laurie Eve explained how ships are increasingly in the firing line of cyber threats due to rising transmission of operational data and greater use of connectivity for crew welfare services.

He said there has been a 31% rise in data communications in H1 2023 compared with the same period in 2022. Due to this, shipowners should “harden their cyber security and build good cyber resilience,” said Mr Eve.

This can be achieved through three main streams of development and improvement, including training people, separating networks and preparing to recover from a cyber attack.

“People are the weakest link to threats such as phishing attacks, so training will pay dividends,” said Mr Eve.

Shipowners should train seafarers and shore staff to identify threats and flag them to managers; introduce communications controls and ensure contractors are also using good cyber-security practices.

Mr Eve warned owners that more network-connected systems increase the attack surfaces on ships. Owners and managers should therefore, “keep on top of software updates and patch management,” he added.

“Risk management is important. Owners should assess what is on board and assess the risks, do cyber-security audits, identity and manage risks, and maintain situational awareness.”

They also need to decide on investments, have 24/7 cyber-security services for onboard and onshore IT and operational technology, have multi-layered security and physical network separation.

Mr Eve also recommended owners invest in incident response. “Assume there will be a breach and have robust response plans in place to reduce the impact of cyber attacks,” he explained.

“Cyber security is a licence to operate and is essential going forward” 

“Invest in teams and have back-ups of data and systems. Companies need to be prepared to face these risks.”

Inmarsat has military grade cyber security across its communications networks because of the multiple government agencies using its services. But other satellite communications providers may not have the same defence against cyber threats, Mr Eve warned.

“Cyber security should go hand-in-hand with communications strategies and owners must be mindful of having multi-layered networks on vessels,” he said. “Not all are the same. LEO introduces more bandwidth and lower latency and is an easier target for cyber criminals.”

As more ships introduce terminals linked to these low earth orbit (LEO) satellite constellations, owners need to improve onboard IT protection and “make sure on-edge devices have the right security measures,” said Mr Eve. This includes end-point security, unified threat management, updated antivirus and firewalls.

Owner reaction

P&O Maritime Logistics head of technology and logistics Kris Vedat said IACS focused on newbuild ships, but for owners, especially in the offshore sector, “the real challenge is with retrofitting existing vessels.”

He welcomed industry standardisation and guidance but is worried clients and vessel charterers will require the same levels of cyber resilience across fleets.

“Cyber security is a licence to operate and is essential going forward,” he said, while asking whether security measures would be “workable for existing and older assets” and how owners can “adapt regulations to existing vessels” when communications is increasing bandwidth with more connected devices.

“With crew having access to greater speeds, end point protection will be a challenge,” said Mr Vedat. “The biggest point of attack is the end user, so having the right training is important.”

Digitalisation technology is becoming part of daily operations on vessels, benefiting marine operations and services to clients, who will raise their expectations of what cyber risk management requires – “which means exist assets will need retrofitting and there will be a cost increase,” said Mr Vedat.

“With new technologies, we have to use them, adapt to them and raise the bandwidth on vessels. How should we do this while maintaining cyber security?”

“As ships become more advanced and more interconnected, we need to be more vigilant”

P&O Maritime Logistics treats its vessels as if they were offshore offices, applying technology and applications to optimise operations, monitor performance and deliver more data to clients. Its cyber-security measures are deployed and continuously monitored 24/7.

“We are deploying more technology on vessels so our operations are more efficient,” said Mr Vedat. “There are challenges we recognise and we are dealing with them while embracing technology.”

He agreed training and testing seafarers and onshore staff are important aspects of cyber security.

“As ships become more advanced and more interconnected, we need to be more vigilant, perform cyber-security drills, segregate networks and have robust systems.”

He said the maritime industry, and especially the offshore support vessel sector, should co-operate to set meaningful and manageable cyber-security requirements for existing assets.

“Clients have growing expectations and there are advances in technology, such as artificial intelligence. Industry needs to collaborate better and decide what is minimum and mandatory as a unified body,” said Mr Vedat.

There will be opportunities to collaborate in 2024 as the industry leaders are scheduled to meet in London during Riviera’s Offshore Support Journal Conference, Exhibition & Awards, 7-8 February 2024.


Click Here For The Original Source.

National Cyber Security