Organised crime has found the shipping’s cyber security preparedness lacking and the industry has now become a “major profitable target”, a maritime software veteran tells Maritime CEO in an in depth interview today.
Lance Savaria set up maritime cyber security firm EPSCO-Ra in Cyprus a couple of months ago. A former seafarer, Savaria has been in shipping for 35 years, much of it focused on software.
“Cyber attacks have become a regular daily occurrence across all businesses worldwide. It’s here in the maritime industry that the risk is growing faster than ever before due to increased reliance on shipboard networked systems,” he says, pointing to the growing threat posed by organised crime.
Savaria says shipping needs to keep learning from other industries like banking, trucking, ports, and any organisation that handles high value data assets.
He explains attacks often start out against the soft targets as a malicious incursion is made into the networks and the system vulnerabilities are mapped out. Later more active exploitation is initiated and is malicious and most often undetected. Why? A vast majority of cyber threat protection is based on IT solutions. These systems not adaptable and are purely reactive and receive minimal human analysis. Mostly these systems are vulnerable due to many mundane reasons such as lagging software updates and patches, firewall configurations, poorly managed threat prevention and intrusion detection systems.
“When it comes to Information Security one thing is predictable; your firewall, and endpoint antivirus protective measures will fail at some point,” Savaria says. It’s no accident either as the attackers have these commercial products in their labs and design malware to subvert them. When that happens someone else has access to your networks, confidential data and critical systems for your offices, ship’s systems, and often vendor’s systems.
“As it stands today,” Savaria continues, “organised crime is years ahead of and far better at cyber exploitation than most companies are in defending against it. That’s just the nature of this battle, the attacker always has the advantage and is basically limited only by imagination. They are educated and without a doubt experienced and making headway into the growing exploitation opportunities of network accessible ships and their critical systems. Profit is their motive and they have continually demonstrated the ability to maximise it with the sale of stolen data, cyber ransom, and disruption of critical systems.”
Savaria also sees social based cyber terrorist groups becoming more active in the future for ideological beliefs like social and environmental activism. The oil and gas industry has been a target for some years now, he points out.
“Although the maritime community has not received media attention make no mistake it suffers cyber attacks regularly,” Savaria says, noting, “As an industry we tend to under report cyber attacks which leads to a false sense of the actual threat level.”
Shipping relies heavily on its industry groups to capture this information mostly due to the culture and competitive nature of the shipping business, Savaria reckons.
“This is a lagging response and not a very productive way to manage risk,” he says, adding: “As a community we keep our secrets and do business with whom we trust. The cyber threat changes that landscape and demands each company protect its own interests. The danger is not what we know is at risk, it is what we do not know. Long view, proactive, adaptive, and responsible cyber security management is needed.”
EPSCO-Ra’s Network Security Monitoring (NSM) service utilises state of the art technology that captures the entire data stream in a continuous loop – just like the video cameras used in banks and other high security installations. The company then examines alerts and events indicative of malicious activity in the context of the surrounding network data stream. The entire user network session can be replayed and examined to better understand the event and eliminate false positives.