Written by Walter Hannemann, Product Manager | 16 July 2019
The world of maritime shipping would be a whole lot easier if you could just deal with cyber threats and vulnerabilities like you would with a dent or hole in the hull of one of your vessels – just get it fixed and be done with it.
In today’s cybercrime sphere, however, there is no ‘be done with it’. From the moment ships went digital and got connected to the world wide web, an entirely new era began, for good and bad.
The good part of ship connectivity is the numerous benefits it provides across the seaborne freight chain. The bad part of it is cyber attacks, relentlessly targeting the industry 24/7.
No turnkey solution
In the past, ships roaming the deep blue had to tackle physical disruption scenarios like foundering, wrecking, fire, collision, mechanical failure, and piracy. Today, they risk digital disruption on top of it. Not the buzzword kind of digital disruption, but the real-world cyber disruption of your ship operations that modern-day, tech-savvy cyber pirates can bring on.
Safely navigating this new threat reality requires ‘all hands on deck’. There is no single solution to combating cyber risks. It is a collaboration involving people plus technical and procedural measures.
A cyber attack – will it really be that bad? Some shipboard computers not working for a while, or crew not being able to use email. It’s a hassle, but no real harm done, right?
Wrong. Ships are becoming increasingly complex and dependent on information and communications technologies throughout their operational life. Cyber incidents like malware, phishing or DDoS could potentially lead to significant loss of customer and/or industry confidence, reputational damage, potentially severe financial losses or penalties, and litigation.
In worst case scenarios, ship systems may be compromised, resulting in...
This is the brave new world of maritime cybercrime.
Today, maritime cybersecurity needs to be considered as part of the overall approach to safety and security risk management. Safeguarding your fleet from current and evolving threats and vulnerabilities requires a holistic approach involving personnel, procedures and technology.
This means you as an owner or manager need to have a comprehensive cybersecurity management plan in place on your ships and within your organisation.
You need multi-layered protection measures
The complex and persistent nature of cybercrime creates a need for constant monitoring and multiple layers of protection measures, also known as ‘defence in depth and in breadth’. Or in more popular terms: the onion approach.
Instead of having only one layer of protection measures, you establish several layers, making it much more difficult for cybercriminals to breach critical systems.
Defence in depth and defence in breadth are complementary approaches. When you implement them together, they constitute an entire ecosystem of layered security, providing the foundation you need to tackle all possible cyber threats and secure your premises and equipment both on board and ashore.
Are you looking for hands-on guidance on how to safeguard your fleet from cyber attacks? Check out our free checklist “Best practice cybersecurity: Your guide to managing cyber risk onboard your ships”.
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.