Skip to main content

 

 

USCG AND TUV RHEINLAND WARN OF CYBER RISKS

Thursday, July 11, 2019 

The US Coast Guard has recently issued a marine safety alert including cybersecurity guidance following a cyber incident experienced by an unnamed deep draught vessel during February 2019 which affected the ship's entire network.

An investigation conducted by an interagency cyber analysis team led by the Coast Guard concluded that: "although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted."

Despite this, the interagency team discovered that the ship impacted by the cyber attack had not put into place cybersecurity measures to counteract such attacks, meaning that the ship's critical systems were effectively at risk.

In response to this news, Nigel Stanley, CTO of TUV Rheinland, has said: "The maritime cybersecurity challenge can be significant. Ships are increasingly reliant on digital and operational technology to control and manage their multiple systems and, without proper controls, a cyber-related event or incident could detrimentally impact these systems and disrupt the operation of a vessel. Most safety critical systems are designed to fail-safe, but this in itself could impact vessel availability and revenue earning.

"Moreover, passengers and crew alike expect and demand access to the internet and social media as part of their daily activities. System suppliers may also need regular connections to undertake remote maintenance and management of on board equipment, thus further expanding the attack surface. Although shipboard networks may be layered, isolated and firewalled to prevent lateral movement by an attacker, a simple infected USB stick may be enough to breach such defences.

"Cyber related activism may also impact the maritime sector. As it is agenda driven, determining when a threat may give rise to significant risk can be difficult, but high profile environmental or geopolitical events may act as a catalyst. For this reason, monitoring and understanding geopolitical events has become an essential part of maritime cybersecurity.

"Classification societies are increasingly playing a vital role in addressing maritime cybersecurity for ship operators, ship owners and ship builders. In line with IMO  guidelines, they have issued guidelines and standards that outline security measures for basic approaches for on-board cybersecurity for ships. Ultimately, it is only by understanding and managing these risks that the industry will bolster its defences against the inevitability of cyberattacks."

Reader Comments (0)

There are currently no comments on this article. Why not be the first and leave your thoughts below.

Leave Your Comment

Please keep your comment on topic, any inappropriate comments may be removed.

Return to index

Web Analytics