Finally, cybersecurity vulnerabilities in ports and offshore have received more attention – News Couple

Finally, cybersecurity vulnerabilities in ports and offshore have received more attention

Port and sea operations are critical to the stability of the global supply chain and the global economy. When stations can’t carry goods, costs can escalate quickly. When shipping giant Maersk fell victim to the NotPetya malware in 2017, the costs were estimated at between $200 and $300 million. Should we call a Maersk attack an OT-level attack or an IT-level attack? Since the affected systems were controlling the flow of ships and shipping around the world, they can be categorized as OT-level supervisory systems. The line between IT assets and operational assets is also blurring as IoT technologies continue to be introduced at the operational level. “IT level attacks” often have consequences at the operational level, which is what we saw with the closure of the Colonial Pipeline network when they lost visibility into their billing and accounting systems.

Maritime and port cybersecurity has not received the same level of attention as other industrial sectors, even though the sector has already fallen victim to attacks that bring supply chains to a standstill. However, the situation is changing, and cybersecurity is starting to gain the attention it deserves thanks to new standards and guidelines and increased focus from certification bodies such as DNV GL, Lloyds Register and TÜV Rheinland.

More standards and guidelines are being developed specifically for cybersecurity in the maritime and port sector. Many operators and end users will have to make changes to the cybersecurity posture and develop a stronger risk-based cybersecurity approach. Maritime cybersecurity organizations must integrate operational requirements, while increasingly adopting the same technologies and even cybersecurity practices from the IT domain.

Cybersecurity vulnerabilities abound in ports and maritime services

There are many cybersecurity weaknesses in the Maritime Transport System (MTS) when it comes to OT-level technologies, products, and systems, from cranes and container management systems to fuel stations, onboard controls, navigation systems, buoys, HVAC controls, and more. that. These vulnerabilities are becoming more numerous due to the new generation of devices and systems that support the Internet of Things.

There is now a wealth of connected assets, from cargo transportation systems housed in cranes to smart pumps, GPS Navigation and Timing (PNT) systems and ships. These new connected solutions are not always installed with cybersecurity in mind, many ports and facilities do not have sufficient personnel to manage the cybersecurity of a port or facility in general, and personnel responsible for cybersecurity may have IT experience, but are not familiar with the systems The level of operational technology, networks and assets.

Like the manufacturing sector, the critical OT level assets and network infrastructure in the port sector and the maritime sector must be properly segmented and some in-depth defense models must be followed, but this is not always the case, and there are few regulations or standards adopted by this sector to enforce lifecycle management Good cybersecurity at the operational technology level.

Attacks on the shipping system are increasing

Attacks on the shipping system (MTS) have increased in the past two years, in large part due to the COVID pandemic and its subsequent wave of remote workers, border closures, and supply chain issues. According to a July 2020 report by Israeli cybersecurity firm Naval Dome, “Cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the past three years, with the number of reported incidents reaching record sizes by the end of the year.” The United Nations International Maritime Organization, the main worldwide governing body of the shipping system, was itself the target of a cyber attack in September of 2020, which disrupted the organization’s website and other web-based services.

At least part of this reason is the increased reliance on remote monitoring and maintenance of previously unconnected assets. Border closures and social distancing mandates have required increased use of remote technologies to monitor, diagnose, repair and update assets, systems, and applications.

ARC Advisory Group clients can view the full report on the ARC Client Portal

If you would like to purchase this report or get information on how to become a customer, please contact us

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button