Mitigating Cyber Risks at Sea

Cybercrime is a growing threat to all Internet-connected businesses. 2023 has seen a doubling in the growth of ransomware variants, with a staggering 67% of companies having been victims of such an attack. 93% of organizations have experienced an intrusion targeting their operational technology (OT) infrastructure between mid-2021 and mid-2022, with 83% falling victim to more than three attacks. Attacks like these cost an estimated $600 million in the first half of 2022.¹

The rate of cybersecurity breaches in the maritime industry has mirrored this trend. Attempted attacks on maritime information systems rose by 400% in the first few months of the pandemic.² A report by Cyberstar claims that in 2021, attacks targeting ships increased in frequency by 33%, which came on the heels of a 900% increase in cyber breaches on vessel and port systems in 2020.³

The commercial maritime industry has historically been more conservative than other industries and slower to adopt new and emerging technology, including cybersecurity measures. As a result, commercial fleets and operations have suffered some of the most prominent and costly cyber-attacks, including attacks on the port of Houston, Japan’s “K” line, DNV, Carnival Cruise Lines, and many more.

Attacks come in three basic formats:

• Ransomware breaches:  Cybercriminals breach a company’s digital infrastructure and use malicious software to steal data or shut down all or part of its online systems and hold it for ransom.
•  Man-in-the-middle intercepts: Increasingly popular among cybercriminals, a hacker intercepts a genuine supplier invoice email to a company and then uses it to trick that company into sending payments to a different bank account.
•  Malware: Malware attacks are triggered when a user clicks on a link to a site containing malicious software (malware). This new code enters a company’s digital infrastructure and disrupts the network, potentially stealing or leaking information onto the dark web or locking genuine users out of their computer systems.

The International Maritime Organization (IMO) issued Resolution MSC.428 (98), which requires all vessels to include cyber risk management in their safety management systems and develop onboard procedures and mitigation measures for cybersecurity. However, auditing and protecting a vessel against cyber vulnerabilities is not easy. New technology on ships and increased digitalization have opened multiple points of entry for prospective hackers. Industry experts warn of multiple areas on a ship vulnerable to cyber issues, including bridge and propulsion systems, passenger and crew-facing networks, access control systems, and communications systems⁵.

Ensuring secure crew access to the Internet while onboard is critical. 

How to Mitigate Risk
Maritime businesses must stay ahead of hackers by employing multi-level cybersecurity programs to mitigate the risk of a cyber breach. Everyone in an organization must be invested in sound cybersecurity systems and protocols. This starts with a risk assessment to review all onboard systems against potential cyber threats.

The Centre for Internet Security (CIS) (www.cisecurity.org) provides guidance on measures that commercial fleets and operators can use to address cybersecurity vulnerabilities. These basic measures include separating networks, limiting network access, using firewall and browser protection, use of encryption, securing USB ports, and ensuring crew access to the Internet is secure.

Onboard network designs vary depending on the vessel type or how companies organize their business models. Each system should be assessed for its unique strengths and weaknesses. The more layers of protection that a company can employ to make it difficult for hackers to breach will help make it more resilient to cyberattacks.

KVH’s Managed Firewall service is compatible with TracNet™ hybrid antennas.

At KVH, we recommend that our clients adopt a multi-program approach to address the security of both satellite and terrestrial networks. In addition to security integrated at the terrestrial and satellite network levels, all KVH terminals include additional built-in security features. For fleets needing additional support, KVH provides enterprise-grade cybersecurity to vessels through the KVH Managed Firewall Service, powered by industry-leading Fortinet®, providing universal threat management (UTM) and other tools. In addition, education is vital. The weakest link in any cybersecurity program is the human factor, as people can unknowingly open a system to a threat by responding to phishing emails or visiting a malware-loaded website. All employees, whether onboard or ashore, should receive cybersecurity awareness training and regular refreshers.

Learn more
Download KVH’s free white paper for more details on cyber risks at sea and how you can prevent attacks on your vessel.

To learn more about how KVH can help you address your maritime connectivity needs and mitigate the risk of cyber threats, visit kvh.com/cyber or contact KVH at [email protected].

Footnote – sources:
1 https://www.fortiguard.com | 2 https://www.securitymagazine.com/articles/92541-maritime-industry-sees-400-increase-in-attempted-cyberattacks-since-february-2020 | 3 Bridge Watch video Dryad Global https://www.youtube.com/watch?v=PN1hdE8kLq4 | 4 https://www.trellix.com/en-us/advanced-research-center/threat-reports/nov-2022.html | 5 https://www.missionsecure.com/maritime-security-perspectives-for-a-comprehensive-approach