Action is needed now to improve procedures as new waves of bandwidth come onstream, increasing the threat profile to maritime technology users, writes Nicolas Furgé, president, digital, Marlink.
The maritime industry is stuck in a time-warp when it comes to cyber security. This isn’t to say that solutions are not available, or that companies don’t adopt them – they are and they do. But somehow the song remains stubbornly the same; threats proliferate, attacks increase and what should be the most important link in the chain actually remains the weakest.
Perhaps in ordinary times this would matter less, but no-one can call these times ordinary. Geopolitical shocks, an energy crisis and trade dislocation on the one hand and the desire for safer, greener and smarter shipping on the other have created a huge demand for data and connectivity as well as an irresistible, imperfect storm for cyber attackers.
To this must be added the steady drip turning into a deluge of new bandwidth available to shipowners. LEO internet services are breaking over shipping like a bow wave, bringing higher bandwidth, lower latency services and with them an ocean of cyber risk.
The last time Marlink surveyed the state of cyber security, attacks were increasing in number and we found that despite the number of operators deploying cyber security solutions, training and procedures for crew were sadly lacking.
Five years later, in 2022 our Global Maritime Cyber Threat Report found that use of botnets and ransomware attacks against shipping are on the rise, with a net increase of over 20% detected during 2022 according to Marlink data.
Marlink’s analysts handle close to 1.3bn events annually, using over 2.3m Indicators of Compromise (IOCs) have detected about 950 unique malware threats so far in 2023. The five most detected threats during last year were Ramnit, Cobalt Strike, Malleable C2, Remcos and DCRat.
Marlink’s Security Operations Centre has observed that despite the increasing sophistication of cyber-attacks, most incidents can be attributed to two main factors: immature levels of security and lack of user awareness.
Our latest annual analysis of cyber threats in shipping and energy finds that the combination of threats to people and technology continues to elevate the overall risk level.
Marlink also found that user behaviour and lack of cyber threat awareness are at the root of most incidents, both through access to high-risk websites and applications as well as the misuse of resources, such as using business infrastructure for personal purposes.
This matters more than ever because just as pressure grows for more sophisticated and proactive cyber solutions, seafarers are to be the beneficiaries of much improved connectivity thanks to LEO internet services. These promise to deliver services including video calls, streaming services and unfettered web access.
The issue for the shipping company’s Chief Information Security Officer and the Chief Technology Officer is that network routing will take place via multiple gateways requiring more sophisticated detection and defence.
Both LEO and 4G/5G operators will have their own security in place but these measures are aimed at protecting the communication channel from denial-of-service attacks. What is critical for shipping operators is to define and implement their IT policy across all networks and apply measures to each based on where the data lands.
These include managing individual devices using endpoint protection, network level security through unified threat management and proactive threat remediation, all services offered from inside the Marlink network.
The prospect of hardworking, fully deserving seafarers, clicking, streaming, chatting and browsing online at a much higher cadence than ever before should make even the most seasoned cyber professional draw a deep breath.
There is no question that vessel managers should attempt to place these services under restrictions – more are coming in any case – and the Maritime Labor Convention will at some point be amended to make recreational internet access mandatory for seafarers.
But it is clear that since one of the biggest and fastest growing threat vectors is human behaviour – just as it was five years ago – then there is still a need for better training, clearer procedures and improved guidance for online behaviours.
Companies must develop and deploy awareness and training programmes that can be rolled out at scale in any language with regular refresher sessions.
With the scale of cyber risk increasing steadily year by year, it is important for executive management to take ownership of the issue and to encourage a company-wide approach to awareness, training and behaviour. In the end, the tools we deploy to protect from cyber security threats are to some extent only as good as the people that use them.
