Could your vessel be a potential target for a cyber-attack? If you’ve got equipment with network connections on board, then the short answer is yes. Here are 8 clever tips you can follow to help protect your vessel and your business from hackers.
Maritime cyber security is something you need to take seriously whether you’re operating a small fishing craft with a single navigation screen or a super tanker or cruise liner with a vast array of electronics on the bridge. With maritime technology advancing at a rate of knots, the cyber security risks will only continue to grow as more and more equipment onboard ships is connected to a data network.
Here are 8 clever tips that will shore up your maritime cyber security defenses and protect your business.
- Make sure you know what equipment you have on board. If your vessel has been sailing for several years, it’s probably had new connected equipment installed, or you might have upgraded, or replaced some systems. These new or upgraded equipment and systems likely use some sort or software or data connection. A good starting point for assessing your cyber security risk level is to make and maintain a list of what was installed on your vessel and when. This is a good starting point to build an accurate picture of where you stand and what action you might need to take to protect your vessel. For example, is there some equipment with a specific version of software that hasn’t been updated recently? If you don’t know what software version you’re using you won’t know if you need to take action or not to address potential security vulnerabilities.
- Understand your vessel’s connectivity. It’s essential to know how connected your vessels are because the more connections you have, the greater the risk. Think of a house with multiple doors and windows: the more you leave them open or unlocked, the greater the chance of gaining entry. You might have data connections to OEM vendors for remote monitoring or troubleshooting, or to maintenance partners for data-driven maintenance planning. Or perhaps your vessels are connected to your own shore networks for fleet management purposes. You need to know how these connections are set up and maintained to build an accurate picture of your level of cyber security risk. You’ll know how many doors and windows you have and how good the locks are at keeping the unwanted out.
- Read up on the regulations. The International Association of Classification Societies (IACS) has adopted two new Unified Requirements (UR) on maritime cyber security. If you contract a newbuild vessel on or after 01-January-2024, it will need to comply with these requirements. Some of the responsibility lies with you and the shipyard, and some with the equipment vendors who supply the equipment for your vessel. UR E26 sets out maintenance requirements for vessel owners and requires yards to work with vendors to make sure they select compliant equipment and can pass the necessary inspections. Meanwhile, UR E27 impacts component manufacturers like Wärtsilä, who must provide certification to prove that their products and solutions comply with the requirement.
- Know what you’re buying. It’s important to account for cyber security in the procurement phase when building vessels or purchasing equipment. This means specifying the cyber requirements for what you’re buying – essentially how secure you need it to be. You need to know your responsibilities – simply buying the most affordable option won’t suffice.
- Put a cyber security management system in place. A cyber security management system (CMMS) is a set of systems and processes that tells everyone in your organization – right down to the very last employee – what they need to do, how to do it and when they need to do it. A CMMS covers everything a vessel owner needs to do, from updating equipment to tracking what’s onboard. Having such a CMMS has been an industry requirement for a couple of years now and will help to clarify your approach and better protect your business.
- Perform a vessel-specific risk analysis. No two vessels, markets or use cases are the same. Factors like the challenges of your operating environment, the age and connectivity level of your fleet, and the sizes of your crews can create unique risks for your vessels. For this reason, you need to understand your own situation so that you can stay cyber secure. Perform a risk analysis for each of your vessels so you can see where you stand. You can then plan what changes you need to make to beef up your cyber security.
- Learn from the IT and power-generation industries. According to statistics from Verizon 80% of hacking incidents are caused by stolen and reused login information. The power generation industry got an unpleasant wake-up call way back in 2012 when the Stuxnet malware attack devastated Iran’s nuclear facilities. No-one wants an event like that. Adopting best practices like network monitoring and password and user account tracking and management is therefore a must. These practices have been commonplace in the IT and power generation industries for years.
- Pick partners you can trust. When working with OEMs and yards, you need to know that they’re aware of and understand the risks and are designing their equipment and services accordingly. A great tip to help you to ensure you’re buying from reputable vendors is to look for third-party recognition in the form of certifications or awards as these demonstrate how potential suppliers measure up in cyber security credibility.
Get on the right track with Wärtsilä. As a vessel owner, you bear the ultimate responsibility for following the required standards and continuously updating your vessel systems to make sure you comply with the regulations. Following these 8 tips will put you on the right track towards more cyber secure operations. For full peace of mind, partnering with an OEM like Wärtsilä could be the best option. Our equipment both meets and exceeds the current regulatory requirements, and as a larger OEM our specialized team has an in-depth combination of maritime and cyber security knowledge. This means we are well placed to advise you on what you need to do to stay compliant and safe over the long term. Wärtsilä is co-located in Cabuyao, Laguna.