Cyber Security and Commercial Shipping

(Image Courtesy: KVH Industries)

In today’s technological environment, there is a shift towards making the world more connected. Because of an increase in networks being intertwined, there have been significant gains in capabilities for a variety of industries to operate efficiently. One area that has seen this directly is the maritime industry. Up to now, there are autonomous containers, trucks, and cranes. In the not too distant future, there will be autonomous ships. Running side by side to this transformation of the maritime industry is an increase in vulnerabilities that can be infiltrated. For this reason, there needs to be a discussion of how commercial shipping can avoid being easily penetrable to cyber attacks.

Commercial shipping has just begun to obtain the benefits that come from what digitalization can offer. Digital momentum has increased, which makes many devices vulnerable to launch attacks. In addition, it’s important to consider the fact that firmware can be influenced by cybercriminals and it has little to do with their technical know-how and skill level. In other words, hackers have easy access to offensive cyber capabilities, such as ransomware and DDoS.

There are many obvious ways hackers are able to obtain vulnerabilities. First of all, the systems are interconnected, not just within one structure but also through the networks of outside vendors and service providers. Which means that organizations have no control over the cybersecurity of those independent parties. On the other hand, it’s very difficult to have impenetrable protections. The most effective way to mitigate cyber threats is to use state-of-the-art technology that can be updated more frequently.

Another issue is the lack of importance shipowners, managers, and corporations have with cybersecurity on the port. Most personnel in the industry are considered laggards when it comes to adapting to the internet of things (IoT) technology. IoT devices in the maritime industry consist of connecting the onboard systems to the seaport in order to gather data, reducing fuel consumption, improving regulation compliance, and enhancing navigational safety. Corporations have to comprehend that their firmware is easily penetrable. If the routers and cameras they have are out-of-date, the hacker will have no problem infiltrating the firmware. The exploitation paths for old firmware can be easily found by simply just searching it on google. If the firmware is new and can be updated more frequent, the hacker will have much more difficulty breaking in.

As a result of the expanding threat of cyberattacks, there needs to be a way to be one step ahead of the hackers. The obvious answer would be to continuously buy new firmware every couple of years so that the hacker won’t have access to any exploitation paths available to him. But is that practical? Based on recent trends in the industry, ship owners and corporations don’t seem willing to adapt and pay for their security. Additionally, the owners don’t have ownership of all the connected devices at the port. Even though they’re IoT devices may not be out-of-date, there might be someone’s device that is, which makes their network at risk.

“Fortunately, ArcusTeam plans to come up with a solution to the threat in the maritime industry. Their digital platform will act as a centralized tool for all the vendors’ connected devices. The platform will have the ability to constantly assess each firmware and conclude if there are any vulnerabilities in that device. This solution will effectively save vendors money because it will allow them to gain awareness of which devices can and cannot be exploited,” said Brian Schneiderman, a member of the Business Development team of ArcusTeam.

(This article has been contributed exclusively for Sea News by ArcusTeam)

Sea News Feature, June 20

Baibhav Mishra
Author: Baibhav Mishra