Cookies help us deliver the best experience on our website. By using our website, you agree to our use of cookies Dismiss

Ships’ operational technologies ‘left to the side’ when it comes to cyber protection, says cyber expert

Fredrik Munck, business development executive at Cybeta speaking at Digital Ship's CIO forum in Bergen last year Fredrik Munck, business development executive at Cybeta speaking at Digital Ship's CIO forum in Bergen last year

Late last year, Cybeta, a US-headquartered cybersecurity firm, entered into the maritime market with its new cyber protection solution, CyberHelm. Following the success of its original Cybeta solution built by US intelligence-trained experts, the company made the decision to roll out its solution to maritime to help protect vulnerable maritime assets.

{mprestriction ids="1,2"} CyberHelm, the maritime version of the company’s current technology Cybeta, predicts the risk of cyber-attack on companies’ technology assets. It incorporates ship-based operational technologies (OT), such as navigation, ballast, cargo systems, and more in its service, continuously scanning for both known and developing threats and vulnerabilities, and prioritising their severity so users avoid alert fatigue. 

“Operational technologies on ships have sort of been left to the side when it comes to cyber protection,” said Mr Fredrik Munck, business development executive at Cybeta, during a presentation given at Digital Ship’s forum in Bergen on November 27, 2019. He believes that the industry needs to pay more attention to the risk that cyber hackers pose to maritime assets. “There are so many CVEs (Common Vulnerabilities and Exposures) being issued and it’s overwhelming. You have to work out which ones are relevant for you, but for some companies it’s just too much to handle.”

Mr Munck says that 80 per cent of 125 maritime executives surveyed have admitted to having a security breach or cyber-attack, referring to an insurance report published last year. The problem he sees is that, “there are so many hidden attacks in maritime.”

There is a significant amount of undiscovered dark web activity with new hacks being developed every day. Ships are at an increasing risk as, “these deep and dark hacking forums are constantly talking about the ‘sexiness of getting into a ship.” The dark web is complex and divided into many different segments, meaning that even with the right password, finding out where the attack has come from is near impossible.

Cybeta’s CyberHelm solution incorporates a patent pending algorithm named ThreatBeta, which scans public sources as well as the ‘deep and dark web’ and quantifies the relative likelihood of a cyber-attack on an enterprise and its individual technologies. Developed over the last 6 years, ThreatBeta shows how severe a company’s threat is and how vulnerable its assets are compared with others. The algorithm, the idea of which was adapted from the financial sector, provides a relative score based on each technology. “If you have a score of more than 1 you are at a higher risk and an easier target. A score of more than 1 indicates a vulnerability that you should immediately look at. Less than 1 is not so critical,” he explained.

The algorithm has been independently tested by Northwestern University’s Kellogg School of Management who found that the service accurately predicts the likelihood of a cyber-attack up to 12 months in advance.

The service also recommends specific remediation efforts and monitors the time-to-patch for identified vulnerabilities.

While there is, “no silver bullet that can solve all your issues as one supplier cannot give you one solution to keep you safe,” CyberHelm gives an over-the-horizon view of your vulnerabilities. “We want your technologies to be ahead of it, to tell you something is happening in the dark web so we can warn you of the specific technologies that are at risk.”  {/mprestriction}

Related items

  • Industry collaboration key in Cyber-SHIP Lab progression

    Experts in cybersecurity and maritime operations are forging ahead with the creation of a first-of-its-kind research facility at the University of Plymouth.

  • Almi Tankers receives ISO 27001 certification from LR

    Almi Tankers S.A. has become one of the first maritime companies in Greece to be awarded ISO 27001 certification by global certification and assurance company Lloyd’s Register (LR).

    Almi Tankers has been awarded ISO 27001 certification for its Information Security Management System (ISMS), demonstrating that the company has reached the high quality demanded from this internationally recognised Standard.

    The certificate was presented by y Philippa Charlton, BA & IS marketing director at LR to Almi Tanker’s CEO Capt. Stylianos Dimouleas at a ceremony at the company’s headquarters in Athens.

    CEO Capt. Stylianos Dimouleas thanked his team for this success and commented: “We are all affected by ISO 27001 requirements on a daily basis. We took a major step to ensure that a robust Information Management System and Cyber Security System are in place and in line with EU GDPR Directives.”

    LR’s marketing director, Philippa Charlton said: “ISO 27001 is a certification of best practice for ISMS. An organisation that is certified has been through a rigorous independent audit process and demonstrated its ability to meet the stringent requirements of this standard. We’re delighted for Almi Tankers S.A.”

  • DCSA publishes implementation guide for IMO cybersecurity mandate

    The Digital Container Shipping Association (DCSA), a neutral, non-profit group established to further digitalisation of container shipping through technology standards, in conjunction with its nine member carriers, has published the DCSA cybersecurity implementation guide. The guide aims to facilitate vessel readiness for the IMO Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems.

    The best practices outlined by DCSA provide all shipping companies with a common language and a manageable, task-based approach for meeting the IMO’s January 2021 implementation timeframe.

    The DCSA cybersecurity guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website. The guide aligns with existing BIMCO and NIST (US National Institute of Standards and Technology) cyber risk management frameworks, enabling shipowners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS). The DCSA guide gives shipowners the tools they need to help designated technical crew members mitigate the risk of cyber attack, or contain damage (fail safe) and recover in the event of an attack.

    “As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA. “Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy. As a neutral digital standards organisation, DCSA is uniquely positioned to help vessel owners mitigate the increasing risk of cyberattack on their ships, and in turn, on the industry at large.”

    The DCSA cybersecurity implementation guide breaks down the BIMCO framework into themes and maps these themes to the controls that underpin the NIST functional elements: Identify, Protect, Detect, Respond, Recover. DCSA provides non-technical explanations and specific actions to be taken to address each NIST element in accordance with a company’s level of cyber maturity within each BIMCO theme. Following DCSA guidance will provide vessel owners with a catalogue of cyber security safeguards aligned with each vulnerability identified during risk assessment, together with notes explaining any residual risk.

    Jakob Larsen, head of maritime safety & security for BIMCO said, “The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a shipowner company. Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’.”

  • ClassNK Consulting launches cybersecurity e-learning

    ClassNK Consulting Service has announced the launch of a cybersecurity training service (e-learning), developed in cooperation with KDDI Corporation (KDDI) and KDDI Digital Security (KDS).

    Main features include:

    • The program is focusing on the maritime industries.
    • The program supports Japanese and English and provides a certificate of completion after a comprehension test. This certificate can be used for an education record of Cybersecurity Management System.
    • The program is available anywhere and anytime via smart device and PC.
    • The program is certified by ClassNK in compliance with the Guidelines on Cybersecurity Onboard Ships Version 3, produced and supported by BIMCO (The Baltic and International Maritime Council).

    In a statement released by ClassNK, the classification society says that the increasing use of many solutions utilising “Big Data” and IoT technologies has brought benefits to the industry but it has also introduced cyber risks among maritime industries. Under these circumstances, it’s an important first step towards cyber safety for those who are engaged in ship operation and other related industries to gain proper knowledge. NKCS, KDDI and KDS offer a training program combining the companies’ expertise in offshore and onshore. 

  • ABB and DNV GL make history with first vessel cybersecurity verification

    In a milestone for the marine industry, ABB’s solutions onboard a large passenger ship have been awarded cybersecurity verification from classification society DNV GL. 

    As a result, this vessel became the industry’s first to achieve system compliance under DNV GL’s framework for integrated cybersecurity.

    The state-of-the-art cybersecurity resilience for the vessel was enabled by close collaboration of ABB, the shipowner and DNV GL during the construction phase at a shipyard in Europe. Cybersecurity management processes will continue during the ship’s operations, with the system’s resilience maintained throughout the lifetime of the vessel.

    “It is vital that the maritime industry focuses on cybersecurity as an essential part of both design and operation,” said Johann Melsted, area manager Benelux & France for DNV GL. “Which is why we are so pleased to be working with forward looking partners, who are prepared to engage with this emerging risk and demonstrate their commitment to tackling cyber threats.”

    In order to achieve sustainable shipping, vessels are increasingly fitted with integrated automation systems and digital solutions. As part of the Fourth Industrial Revolution, the vessel’s systems are more connected than ever before, presenting threat vectors previously unheard of in shipping. This is driving the need for closer and earlier collaboration on cybersecurity between all key stakeholders in the newbuilding process. DNV GL’s Integrated Cyber Security Dependent Systems verification establishes a framework to address cybersecurity levels for the main functions of a vessel – both during construction and in operation.

    While the framework is applicable to any vessel, greater sophistication and deeper integration of operational technology systems in complex vessels such as cruise ships mean that appropriate cybersecurity management is paramount. While digitalisation offers opportunities to measure and manage efficiencies across the entire fleet, securing these data streams is critical to the safety of the vessels’ passengers and crew.

    “ABB recognises the importance of cybersecurity in the marine industry and is working closely with shipowners, yards and classification societies to enhance cyber resilience of ships,” said Juha Koskela, managing director, ABB Marine & Ports. “As vessels become more electric, digital and connected than ever before, it is of vital importance that we equip and empower seafarers with reliable solutions that are cyber secure.”

    The vessel is powered by ABB Azipod electric propulsion system. 

     

Joomla SEF URLs by Artio

Login/Register

Register or Login to view even more of our content. Basic registration is free.

Register now

Digital Ship magazine provides the latest information about maritime satellite communications technology, software systems, navigation technology, computer networks, data management and TMSA. It is published ten times a year.

 

Address:
Digital Ship Ltd
Digital Ship - Digital Energy Journal
39-41 North Road
London
N7 9DP
United Kingdom

Copyright © 2019 Digital Ship Ltd. All rights reserved           Cookie Policy         Privacy Policy