Cybersecurity for the Increasingly Connected Ship

Ships are becoming smarter and more connected, but the new and exciting opportunities for operational efficiency also bring the increased risk of cyberattack. There is actually no way for a ship’s network to ’know’ its level of cyber resilience, even though a 2020 BIMCO/Safety at Sea survey saw respondents highlight this as significant: 77 percent said they would cancel a contract if they had concerns over cyber security measures in place.

However, effective segregation of systems and access based on need and authorisation can provide a strong basis for successful cyber risk strategies. The multi-layered approach can significantly impede an attacker’s access to a ship’s systems, while also preventing the spread of malware.

The multi-layered approach

For example, connected OT systems onboard should have more than one technical and/or procedural protection measure. Perimeter defences such as firewalls can prevent unwelcomed entry into systems, but this may not be sufficient to cope with insider threats. In this case safe zones should be considered as a second layer of protection which can be created using firewalls to partition onboard networks and protect confidential data and safety critical systems. 

How others are accessing a ship’s network is also a key consideration. Virtual Private Networks (VPNs) can offer a further layer of protection by separating crew or third-party traffic from the ship’s network. However, resilience depends on VPNs being configured properly and well managed: in some cases, where multiple VPNs are in use, they can actually increase the ship’s attack surface and ‘punch holes’ in its cyber security. 

Securing ship networks

These are the considerations which have driven the development of GTMaritime’s intelligent data transfer platform, which removes the need for multiple VPNs. It significantly reduces the attack surface using layered security which allows vessel operators to control access to data without opening vessel networks.

Other important considerations to mitigate the cyber incidents include automatic software updates and training. Ensuring all software is up to date is critical. Cybercriminals often look for out-of-date software as the weak link that can provide a route to network infiltration, especially where third-party systems interface with ship networks. One solution is a service that provide fleet-wide updates automatically, anticipating and removing vulnerabilities.

Providing cyber security training to employees is also a key factor in preventing or containing a cyber-event. Seafarers whose contact with the outside world is reliant on the IoT must be especially vigilant regarding phishing emails, clicking malicious links from unknown sources and understand the systems which maintain the vessels cyber integrity. To support crew training, a phishing penetration test allows shipowners to test staff responses to phishing attacks. 

An autonomous future

As autonomous ships evolve, they will be more connected and operate within a more extensive cyber-physical infrastructure than even the smartest ships of today.  As automation increases, greater efficiencies will be required to support a smaller crew and protect systems as data traffic moving between ship and shore increases. 

For example, with less human intervention, unexpected problems may need to be handled remotely, making the resilience of the ship to shore link more critical than ever. There will need to be ample bandwidth and a failsafe system in place in the event that the communications link is broken, or if a remote operation center is hit by a power outage.

With machinery, sensors, systems, and networks interlinked and connected to the internet, any vulnerability in cybersecurity therefore has the potential to become a serious chink in an autonomous ship’s armour if not managed properly. 

Mike McNally is Global Commercial Director of GTMaritime.