Written by Kristian Olsen, Product Manager | 13 August 2021
Stay up to date!
* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.
27 June, 2017. This date should be etched on the mind of every maritime operator, shipowner and crew member. Why? Because this was the day when the largest transport and logistics company in the world – Maersk – fell victim to a major cyberattack caused by the NotPetya malware.
The malware attack, described by Wired Magazine as the worst cyberattack in history, represented a “watershed moment” in the shipping community. The wake-up call was loud and clear: Maritime cybersecurity is no longer optional – it’s business-critical.
NotPetya served as a stark reminder to everyone in maritime shipping that cyber risk needs urgent attention, and that all major global companies must take precautions against malware and other threats.
Take a holistic approach
In the four years that have passed since the Maersk cyber attack, malware – software with malicious intent – has been a persistent threat to the maritime industry. Every minute, the threat landscape changes, and cybercriminals' tools, tactics, and procedures are constantly changing to improve their infection rates.
Malware can enter through any number of points like end-user devices, email attachments, web pages, cloud services, user actions and removable media.
Various maritime organisations (BIMCO, IMO, DNV GL) have issued cybersecurity guidelines and recommendations with one unified message:
There is no single solution to managing cyber threats like malware. Technology plays a crucial role, but it must be part of a wider approach. To combat malware, we cannot solely rely on cybersecurity technology.
Protecting your fleet from malware requires a holistic approach involving risk assessment, awareness and training, and multi-layered cybersecurity services.
The crucial first strategic step to safeguarding your ships from malware and all other current and emerging cyber threats and vulnerabilities is to plan and perform a thorough cyber risk assessment.
What potential threats may you be facing?
You need to understand the external cybersecurity threats to the ship, as well as the internal cybersecurity threat posed by inappropriate use and lack of awareness.
Are your onboard systems and procedures robust enough to handle the current level of threat?
By continually assessing risk exposure and then working to implement protection and detection measures, you can minimise cyber risks on board your ships. Use the following questions as a basis for a proper risk assessment:
What are the consequences of a cybersecurity threat on your systems?
What assets are at risk?
What is the potential impact of a cyber incident?
Who has the final responsibility for cyber risk management?
Are the OT systems and their working environment protected from the internet?
Are the IT systems protected, and is remote access being monitored and managed?
What cyber risk management best practices are being used?
What is the training level of the personnel operating the IT and OT systems?
What are the procedures to adopt when/if a cyber incident occurs?
2. Focus on knowledge, behaviour and mindset
Cybersecurity starts with people – this includes a focus on knowledge, behaviour and mindset. The important first step in combating malware in the maritime sector is to raise awareness, provide training, and communicate the risks at all levels of your organisation.
Your people are your crucial first line of defence. You can have the best technical solutions, policies and procedures in place, but if people aren't trained properly and don't understand what good cyber hygiene looks like (and the risks of getting it wrong), then all the above measures may be futile.
Drill into people the risks of opening suspicious email attachments
Teach them how to determine what is suspicious
Teach them how to recognise when there might have been a security breach
Assessing risk exposure and raising cybersecurity awareness is essential, but it only takes you so far. In an ever-changing threat landscape, how can you safely allow for Internet services across your fleet without compromising security?
Safeguarding your fleet from current and emerging threats and vulnerabilities, particularly those that do not require any user action, calls for advanced cybersecurity services that provide multiple layers of detection and protection measures.
According to a Cisco Security Research paper, 91.3% of malware uses DNS in attacks. For this reason, adding some sort of security measure at a global level is an essential part of a robust cybersecurity approach onboard your vessels.
By setting up an extra layer of defence to your IT ecosystem, you drastically reduce the risk of malware attacks compromising your operations.
Modern-day malware is designed to avoid traditional defences. Preventing malicious software from attacking your onboard systems, devices and data involves a holistic strategic approach to cybersecurity. An effective cyber risk management plan should start at the senior management level, instead of being delegated to the ship security officer or the head of the IT department.
Address cyber risk management, focus on knowledge, behaviour and mindset, and implement multi-layered protection solutions that help you create a more cyber-resilient environment onboard your vessels.
Editor's note: This article was originally published in May 2019 and has been revised and updated for accuracy and comprehensiveness.
Written by Kristian Olsen, Product Manager
Kristian Olsen is a member of the Product Management Group at Dualog. A true Dualog old-timer, Kristian has served in several roles at the company, ever since it was founded in 1994. He holds a Master’s Degree in Information Technology from UiT The Arctic University of Norway. Kristian likes to “get in the zone” both onshore and offshore, as he is an avid cross country skier as well as a windsurfer with several national championships under his belt.