How to prepare for a maritime cyber attack
Amsterdam, The Netherlands, March 5, 2020 – "Transportation has gone from the 5th most cyber-attacked industry in 2015 to the 2nd most targeted sector, after financial services, according to IBM," said Leah Kinthaert, Informa Connect, in her article "All Hands on Deck: Preparing for a Maritime Cyberattack". To answer the question of “How can you control a cyberattack?”, Rachael Bardoe, Director of Operations and Cyber Centre of Excellence at DCSA, outlined three key steps below for controlling a cyber attack on a vessel:
“Cybercrime is rising, and shipping is a top target in 2020. An attack at sea is different from one ashore due to limited cyber skillsets, legacy systems and satcom bandwidth constraints. During an incident, systems must fail not just securely, but safely. Controlling an attack requires the following:
- Preparation to minimise the impact. Having a Configuration Management Database detailing assets, their criticality and location is key to prioritising protection strategies and identifying vulnerabilities. Ensure that patches and anti-virus signatures are up-to-date, security train the crew. Network segmentation is paramount for vessel safety - Maritime systems, OT, IT and crew welfare systems should sit on separate networks, separated by gateways, to contain the attack at network boundaries.
- Rapid response to quarantine affected systems. Crew members must follow a Security Incident Response plan to remove affected systems from the network and replace them with spares. Maintaining the chain of custody of impacted systems will facilitate a forensics investigation. Review network ports on boundary devices, ensure that vulnerable ingress and egress points are secured.
- Forensics. Once at port, the crew must provide the infected asset to cybersecurity experts for investigation. Maintaining the chain of custody from the point of quarantine ensures any findings will be permissible in court, which may protect the company from serious reputational and financial damage.”
Bardoe's response was originally published in Kinthaert's Informa Connect article. Check out the full article for insights from other industry experts.
Digital Container Shipping Association (DCSA) is a neutral, non-profit group founded by major ocean carriers to digitise and standardise the container shipping industry. With the mission of leading the industry towards systematic collaboration, DCSA drives initiatives to make container transportation services transparent, reliable, easy to use, secure and environmentally friendly. DCSA’s open source standards are developed based on input from DCSA member carriers, industry stakeholders and technology experts from other industries. DCSA member carriers include: MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Please download DCSA standards at dcsa.org.