Copenhagen: Shipping is the target of many cyber criminals yet the majority of the industry struggle to understand how to combat this growing scourge. Lars Jensen, who writes a container column for this title and is also the founder of boxwatchers, SeaIntel, has launched a new initiative called CyberKeel aimed at tackling online attacks hitting the shipping industry.
CyberKeel has just released a whitepaper analysing the current challenges related to cyber security for maritime companies as well as ports and terminals.
The whitepaper indicates that virtually all aspects of the maritime IT infrastructure are vulnerable to exploitation, and further includes tangible examples of successful cyber attacks within the industry.
Examples of actual cyber attacks include recent attacks aimed at the interface between shipping lines and bunker companies resulting in the loss of millions of dollars, a shipping line losing all information as to the whereabouts of their cargo, information theft as well as the use of Facebook as a means of information gathering for Somali pirates.
Furthermore, controlled tests shows the feasibility of controlling and manipulating AIS, ECDIS as well as the maritime satellite communications.
Interestingly, CyberKeel carried out what it called “simple tests” earlier this year which showed that 37 out of the 50 largest container carriers appeared vulnerable to relatively simple penetration attacks.
Jensen tells Maritime CEO that the issue of cyber security is one that only a few in the industry are properly aware of. “The broad picture I am getting is that awareness is very low indeed,” he says. Most often it is seen as a technical issue delegated to the CIO or IT manager, whereas in reality it has be addressed at the business process level involving all of management, he reckons.
CyberKeel is performing consultancy jobs in the industry related to penetration testing, and also offering workshops at management level focused on increasing awareness as well as facilitating the development of tangible plans for how to improve cyber security.
CyberKeel is also looking to launch a cross-industry forum specifically aimed at addressing cyber security threats from both a tactical and strategic angle. The forum will provide maritime stakeholders with the means to share information on attack profiles to be able to thwart attacks more quickly, as well as work on the establishment of voluntary standards and guidelines aimed at heightening cyber security levels without unduly jeopardizing business efficiency. [20/10/14]