Cyber Risk Management Onboard

by Mr. Mario Eisenhut, November 2023

Ships are increasingly utilizing systems based on digitization, integration, and automation, which necessitates cyber risk management onboard. Technology is evolving day by day, with information technology (IT) and operational technology (OT) onboard ships becoming interconnected and increasingly linked to the internet. This raises the risk of unauthorized access or malicious attacks on the ship's systems and networks. Risks can also originate from personnel who intentionally or unintentionally access onboard systems, such as introducing malware through removable media. To mitigate the potential consequences of a cyber incident on safety, the environment, and trade, companies should proactively consider the threat.

Equipment and Technologies

Many may not be aware of, or may still be in denial about, the need to be conscious of cyber threats to potentially vulnerable systems and data onboard ships and within the company. Here is likely just an excerpt of the following points to consider:

Vulnerable systems, equipment, and technologies may include:

• Communication systems

• Integrated communication systems

• Satellite communication equipment

• VOIP equipment (Voice Over Internet Protocols)

• Wireless networks (WLANs)

• Public address and general alarm systems

• Systems for reporting mandatory information to authorities

• Bridge systems

• Integrated navigation systems

• Positioning systems (GPS, etc.)

• Electronic Chart Display and Information Systems (ECDIS)

• Dynamic Positioning (DP) systems

• Systems interfacing with electronic navigation and propulsion/ maneuvering systems

• Automatic Identification System (AIS)

• Global Maritime Distress and Safety System (GMDSS)

• Radar systems

• Voyage Data Recorders (VDRs)

• Other monitoring and data acquisition systems

• Propulsion and machinery control and performance regulation systems

• Engine speed controllers

• Power control

• Integrated control systems

• Alarm systems

• Emergency response systems

• Access control systems

• Monitoring systems such as CCTV networks

• Bridge-Navigation Watch Alarm Systems (BNWAS)

• Ship Security Alert Systems (SSAS)

• Electronic "Personnel on Board" systems

• But also, cargo management systems used onboard:

• Cargo Control Room (CCR) and its equipment

• Onboard computers and computers for the exchange of cargo information and loading plans

• Updates with the shipping terminal and stevedoring company

• Cargo and container remote sensing systems

• Cargo level indication system

• Valve remote control system

• Ballast water systems • Intrusion water alarm system

• Maintenance and management systems for passengers and visitors:

• Property Management System (PMS)

• Electronic health records

• Financial-related systems

• Access systems for ship passengers & visitors

• Infrastructure support systems such as Domain Name Systems (DNS) and user authentication/ authorization systems.

Passenger-oriented networks:

• Wi-Fi or LAN internet access for passengers, e.g., if the onboard staff could connect their own devices

• Guest entertainment systems.

• Central infrastructure systems

• Security gateways

• Routers

• Switches

• Firewalls

• Virtual Private Networks (VPNs)

• Virtual Local Area Networks (VLANs)

• Intrusion prevention systems:

• Security event recording systems.

• Management and crew welfare systems

• Management systems

• Wi-Fi or LAN internet access for the crew

Managing cyber risks onboard ships, like in any organization, should be tailored to the specific needs and characteristics of the company and the vessel. Here are some key points to expand on your summary:

Alignment with Regulations:

Compliance with national, international, and flag state regulations is crucial. These regulations often set minimum standards for cybersecurity and data protection in the maritime industry. Companies and ships should ensure they meet or exceed these requirements.

Risk-Based Approach:

A risk-based approach involves identifying and assessing potential cyber risks, ranking them based on their potential impact and likelihood, and then allocating resources to mitigate the most significant risks first. This approach allows for a more efficient allocation of resources and a focus on the most critical vulnerabilities.

Training Personnel:

Training is a critical component of cyber risk management. Personnel need to be educated on cybersecurity best practices, how to recognize common cyber threats (the "typical modus operandi"), and how to respond effectively when an incident occurs. Human error is a significant factor in many cyber incidents, so well-trained personnel are a valuable defence.

Incident Response Plan:

Having a well-defined incident response plan in place is essential. This plan should outline the steps to take when a cyber incident occurs, from identifying the breach to containing it, mitigating the damage, and reporting it to the relevant authorities. Regular drills and testing of the plan can help ensure it is effective.

Continuous Monitoring and Adaptation:

Cyber threats are constantly evolving, so cyber risk management should be an ongoing process. Continuous monitoring of systems and networks can help detect threats early, and the approach should be adaptable to address new vulnerabilities as they emerge.

Third-Party Vendors and Supply Chain:

Companies should also consider the cybersecurity practices of their third-party vendors and suppliers. Weak links in the supply chain can expose an organization to cyber risks, so it's important to assess and monitor the security measures of partners.

Data Protection:

Given the sensitive nature of data onboard ships, data protection measures are critical. This includes encryption of sensitive data, secure data storage, and access controls to ensure that only authorized personnel can access and manipulate data.

Regular Audits and Assessments:

Periodic cybersecurity audits and assessments can help identify weaknesses and areas for improvement. External audits by cybersecurity experts can provide an objective evaluation of an organization's cyber readiness.

Reporting and Information Sharing:

Encouraging a culture of reporting cyber incidents and sharing information about threats and vulnerabilities within the maritime industry can benefit everyone. Knowledge sharing can help prevent similar incidents from occurring on other ships.

The author of the text

Mr. Eisenhut is an experienced professional in the field of risk management and business intelligence, always striving to provide the clients with the best possible solutions for their needs. With his expertise in the areas of security situation reports, and crisis early warning, he helps companies minimize risks and optimize their business processes.
Mr. Eisenhut strengths lie in analyzing complex data and developing strategies to improve business operations. He works closely with his clients to understand their individual needs and develop tailored solutions.

Pictures:

Front picture

CyberriskanBord

Picture provided by author

Navigation screen - 20180826_101633

Picture provided by author

blue and white abstract art

Abstract blue Neon Light with Mirrors and cubical spheres in in Melbournes CBD

Melbourne VIC, Australia

maximalfocus-VT4rx775FT4-unsplash

Photo by Maximalfocuson Unsplash

person holding iPhone

Download this free HD photo of cybersecurity, united states, las vegas and neonbrand digital marketing in Las Vegas, United States by Kenny Eliason (@neonbrand)

NeONBRAND Digital Marketing, Las Vegas, United States

kenny-eliason-mgYAR7BzBk4-unsplash

Photo by Kenny Eliason on Unsplash

black and silver door knob

Download this free HD photo of grey, piedmont, usa and missouri in Piedmont, United States by Jason Dent (@jdent)

Piedmont, Missouri, USA

jason-dent-3wPJxh-piRw-unsplash

Photo by Jason Dent on Unsplash

person holding black iphone 5

iPhone with VPN service enabled in hand

Amsterdam, Netherlands

privecstasy-CXlqHmQy3MY-unsplash