Naval Dome CEO Calls out OEMs on Cyber Security
As the world learns that the UK-flagged Stena Impero – seized by Iranian forces in July – was 'spoofed' and begins to accept the extent to which vessels unprepared for a cyber event can be affected, Itai Sela, CEO of Naval Dome, said that original equipment manufacturers (OEMs) are not doing enough to provide end users with the level of protection required to secure critical systems.
“There is no high-level cyber security on operational systems aboard ships, on offshore oil and gas platforms, or ports and terminals,” said Sela, speaking at an event organized by the Maritime and Port Authority of Singapore (MPA). “Few OEMs and system providers are supplying equipment with level 4 security, resulting in end-users being unable to get a true picture of the integrity of their critical systems. It’s like driving with your eyes closed.”
“We have visited companies operating across the industry – shipping companies, cruise lines, oil and gas contractors, ports and terminals – and what we find is alarming,” said Sela. “Typically, most companies are operating critical systems that are protected, at best, by only the most basic security solution.”
According to DNV GL type approval criteria and IEC 62443 standards security Level (SL) 1, the most basic, provides protection against casual or coincidental violation. SL2 to SL4 cover increasing protection levels against intentional violation, depending on sophistication of means, and the likely level of resources, motivation and skills of potential offenders. SL4 protects against the highly motivated, highly sophisticated attack.
“The obvious thing to do,” said Sela, “is to ask your system provider what level of cyber security each of their systems are provided with and, if not SL4, request they upgrade or replace them.”
Sela said that Naval Dome is seeing an increase in the number of spoofing incidents at ports, especially those where container handling equipment, such as ship-to-shore cranes, reach stackers and straddle carriers, relies on GPS to move and transfer containers to specific locations. “Typically, positional data is dependent on signals from three or more satellites, but if just one is compromised, then it will give a false reading. Any interference to the GPS signal is likely to result in significant port congestion.”