* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.
Your ships are ‘floating computers’.
This means that someone WILL try to hack them.
It’s not a matter of ‘if’ but ‘when’.
This is the undeniable new risk reality in the maritime industry, and the reason why operational and customer security remain firmly at the top of Dualog’s list of priorities.
In a sector that has become increasingly vulnerable to attacks, cybersecurity management needs to be as instinctive a part of ship management as maintaining watertight integrity and hull safety.
Real consequences for your shipping company
The NotPetya attack on Maersk in the summer of 2017 was an industry turning point, driving a stake through skeptics’ argument that cyber-attacks are just another way for opportunistic suppliers to make money from fear and sell cybersecurity services. Almost overnight, the approach changed from an if-it-happens problem to a when-it happens problem.
Unfortunately, there are already too many examples of how devastating and expensive a cybersecurity breach on a vessel can be. Apart from the potential ramifications of poor security to any shipping company – loss of customer and/or industry confidence, reputational damage, financial losses or penalties – the compromise of ship systems may lead to unwanted outcomes, for example:
Physical harm to the system or the shipboard personnel or cargo – in the worst-case scenario this could lead to a risk to life and/or the loss of the ship
Disruptions caused by the ship no longer functioning or sailing as intended
Loss of sensitive information, including commercially sensitive or personal data
Permitting criminal activity, including ransomware, fraud, even theft of cargo
The above scenarios may occur at an individual ship level or at fleet level. The latter is likely to be much worse and could severely disrupt fleet operations.
It is therefore vital that you as a shipowner or operator understand that cybersecurity can no longer be treated as a ‘technology problem for IT to fix’. You need to
understand all processes in your company as well as the chains of dependencies between them, and you need to work systematically to protect your IT systems, operational technology systems, and against vulnerabilities introduced by third parties.
Only by doing so can you fully meet your responsibilities for the secure and safe operation of your ships.
Cybersecurity in the face of upcoming industry demands
International Maritime Organization (IMO) has given ship owners and managers until 1 January 2021 to incorporate cyber risk management into ship safety. After this, non-compliant ships risk being detained.
You ships need to be ‘cyber secure’, and you need to be able to document that they are. How can you do that?
You need to produce an authorised certificate, offered by classification societies for ships, such as the American Bureau of Shipping (ABS) and DNV GL. With a cybersecurity certificate in place, you can safely proclaim: “Yes, we are cyber secure, because this independent party has certified that we are.”
What’s more, such proof of an appropriate cybersecurity level for your vessel may allow you to get better contract options with third-party charterers and oil majors.
Dualog is here to help you become IMO compliant
Against the backdrop of a continually evolving threat landscape and upcoming regulatory demands, Dualog has placed cybersecurity as a critical component in all the services we provide.
We know that cybersecurity is a subject that needs to be understood and implemented ‘From the Boardroom to the Bridge’ and taken seriously.
We know that today, the only realistic way to prevent cyber attacks and malware from potentially disrupting vessel operations is to implement advanced cybersecurity services that provide multiple layers of detection and protection measures.
Cybersecurity is integral to all parts of the Dualog solution. The routing and firewall solution Network Control offer an important layer of fleet-wide security. Specially designed for shipping needs, blocking rules can be set per network and communication channel. Dualog Protect offers DNS blocking and filtering. This service prevents multiple types of cyberattacks from infecting ship computers and devices. Fleet-wide configuration and monitoring are available via the new web portal on apps.dualog.com.
The only way you can prove your ships are cyber secure is by producing an authorised classification society certificate. Dualog can solidify and safeguard your onboard IT environment and move you towards cybersecurity certifications, at the same time improving your security, to make business sense.
January 2021 is fast approaching. Don’t risk the negative impacts of non-compliance and lay yourself open to risks in the meantime. Get in touch with us to find out how our practical security solutions and services can help you comply with the IMO rules.
Written by Geir Inge Jensen, CISO
Geir Inge Jensen is the Chief Information Security Officer at Dualog. Adding over 20 years of experience in network design and cybersecurity, Geir Inge is passionate about developing solutions and services that help shipping companies create a more cyber-resilient environment onboard their vessels. When he is not fighting maritime cybercrime, you can find him in the mountains enjoying the great outdoors with his camera in hand.