Shipping must protect IT systems, but also and in particular OT systems, from cyber risks
A DNV survey reveals that the industry is lagging behind with investments and measures for cybersecurity
June 6, 2023
The maritime sector is underinvesting in cybersecurity. To say it are the same operators of the sector, as reported to the Norwegian DNV on the occasion of an investigation that the Norwegian classification society and certification conducted interviewing 801 of these professionals from 72 countries. Only 40% of respondents believe that your organization is investing enough in cybersecurity and is well prepared to prevent attacks directed at own IT systems. Moreover, only 32% is the percentage of respondents who believe their organization is well equipped to prevent direct attacks on its systems operational technology, one that manages, monitors, controls and Automate physical resources such as sensors, switches, safety and navigation and ships. In addition, the percentage of those who believe their organization is ready to respond and recover from a cyber attack on own ships while they are at sea and is 19% the percentage of those who rate their organization in able to respond and recover well from a cyber attack to its own ground structures.
Particular attention is paid to the survey, as well as the security of IT systems, the security of operational technology, taking into account risks and consequences of an attack on OT systems. 'With naval systems which are increasingly interconnected with the outside world - he detected Svante Einarsson, Head of Maritime Cyber Security DNV Advisory - attacks are likely to occur in the future computer to OTs have a greater impact. DNV's report notes that while shipping companies have been protecting for several decades their data and their IT systems in which this data is archived and transferred, so far the computer security of their Operational technology was considered a priority minor. One of the reasons - explains the document - is that, up to relatively recent times, operating systems, in particular on board ships, were not connected to IT environments anymore wide, meaning that the OT system was protected by an interface that isolated it from connected networks, an interface that It is now gradually decreasing as resources and Industry infrastructures become increasingly interconnected and connected. In addition, the possibility of attack is expanding as protocols, interfaces and potentially vulnerable communication channels.
In this regard, the report recalls that last April a cyber attack on industrial control systems of the Fincantieri Marine Group, the American subsidiary of the group Italian shipbuilder Fincantieri who has ties to the government of the United States, has rendered unusable equipment of critical production and that last year the port of Antwerp has suffered attacks on its oil terminals that had a Impact on barge unloading at the height of the crisis energy in place in Europe.
The document highlights that although attacks on environments IT can interrupt and effectively interrupt normal maritime transport operations, as was the case in 2017 with the NotPetya malware that affected the computer systems of the Danish shipowning group Maersk, is through attacks directed to the TOs that the most serious threat to the physical and infrastructure security. In addition to allowing threat actors to demand ransoms, steal information and cause interruptions of operations, crimes that hackers they can also implement by breaching IT networks, attacks on systems OT can disable resources or security controls. A serious and growing risk of which operators are aware seafarers, with 56% of respondents believing that in Cyberattacks will cause injuries in the coming years physical or deaths in the sector.
Speaking about this danger, Paul Meyer, IT Director of the German shipbuilding company Meyer Werft, has confirmed that shipping companies are increasingly aware of the IT risks associated with OT systems: «the Priority - he clarified - is always that of make sure that the ship sails safely, but - specified Meyer - may not even be maneuverable if both IT and OT systems were compromised."
As for the effects that cyber attacks could cause for maritime activities, the report informs that three-quarters of marine professionals surveyed believe that a cyber incident can lead to closure a strategic waterway (76%); more than half are wait for cyberattacks to cause collisions between ships (60%), stranded (68%) and even cause physical injury or death (56%) as the vast majority (79%) of respondents states that the industry considers security risks Information technology as important as those for health and more general security.
Recalling that maritime organizations must prepare for comply with new safety rules, including new requirements on IACS control and inspection, the International Association of Classification Societies, and the European NIS2 directive on cybersecurity, DNV's investigation explains that most maritime operators consider that the regulation provides the most powerful motivation able to unlock cybersecurity funds that are absolutely necessary to deal with risks. Especially 84% of respondents believe that this will constitute a driving investment in cybersecurity, but only Just over half are confident of effectiveness cybersecurity regulations (56%) and their own ability to meet requirements. Only 36% of Maritime professionals agrees that compliance with the Cybersecurity regulations are simple and almost half (44%) say regulatory compliance requires technical knowledge that the organization they make does not possess inside.
- Via Raffaele Paolucci 17r/19r - 16129 Genoa - ITALY
phone: +39.010.2462122, fax: +39.010.2516768, e-mail
VAT number: 03532950106
Press Reg.: nr 33/96 Genoa Court
Editor in chief: Bruno Bellio No part may be reproduced without the express permission of the publisher