Cyber security considerations for the increasingly connected ship

By Mike McNally, GTMaritime

As ships are becoming smarter and more connected, opportunities for operational efficiency also bring the increased risk of cyberattack
As ships are becoming smarter and more connected, opportunities for operational efficiency also bring the increased risk of cyberattack (illustration: GTMaritime)

Having stopped over 200,000 malware and ransomware attacks in the last 6 months alone, GTMaritime’s multi-layered approach to cybersecurity is providing the essential defences ships need in an increasingly connected world, says Mike McNally, Global Commercial Director.

Ships are becoming smarter and more connected, but the new and exciting opportunities for operational efficiency also bring the increased risk of cyberattack. There is actually no way for a ship’s network to “know” its level of cyber resilience, even though a 2020 BIMCO/Safety at Sea survey saw respondents highlight this as significant: 77% said they would cancel a contract if they had concerns over cyber security measures in place.

However, effective segregation of systems and access based on need and authorisation can provide a strong basis for successful cyber risk strategies. The multi-layered approach can significantly impede an attacker’s access to a ship’s systems, while also preventing the spread of malware.

The multi-layered approach
For example, connected OT systems onboard should have more than one technical and/or procedural protection measure. Perimeter defences such as firewalls can prevent unwelcomed entry into systems, but this may not be sufficient to cope with insider threats. In this case safe zones should be considered as a second layer of protection which can be created using firewalls to partition onboard networks and protect confidential data and safety critical systems.

How others are accessing a ship’s network is also a key consideration. Virtual Private Networks (VPNs) can offer a further layer of protection by separating crew or third-party traffic from the ship’s network. However, resilience depends on VPNs being configured properly and well managed: in some cases, where multiple VPNs are in use, they can actually increase the ship’s attack surface and “punch holes” in its cyber security.

Securing ship networks
These are the considerations which have driven the development of FastNet, GTMaritime’s intelligent data transfer platform, which removes the need for multiple VPNs and is used to deliver the company’s suite of secure data communications solutions.

FastNet significantly reduces the attack surface using layered security which allows vessel operators to control access to data without opening vessel networks. By managing data transfers in this way, FastNet protects confidentiality and integrity by ensuring that data passing between ship and shore is available only to those who need it.

Other important considerations to mitigate the cyber incidents include automatic software updates and training. Ensuring all software is up to date is critical. Cybercriminals often look for out-of-date software as the weak link that can provide a route to network infiltration, especially where third-party systems interface with ship networks. In this case, solutions such as GTDeploy provide fleet-wide updates automatically, anticipating and removing vulnerabilities.

Providing cyber security training to employees is also a key factor in preventing or containing a cyber-event. Seafarers whose contact with the outside world is reliant on the IoT must be especially vigilant regarding phishing emails, clicking malicious links from unknown sources and understand the systems which maintain the vessels cyber integrity. To support crew training, GTMaritime offers a phishing penetration test which allows customers to test staff responses to phishing attacks.

An autonomous future
As autonomous ships evolve, they will be more connected and operate within a more extensive cyber-physical infrastructure than even the smartest ships of today. As automation increases, greater efficiencies will be required to support a smaller crew and protect systems as data traffic moving between ship and shore increases.

For example, with less human intervention, unexpected problems may need to be handled remotely, making the resilience of the ship to shore link more critical than ever. There will need to be ample bandwidth and a failsafe system in place in the event that the communications link is broken, or if a remote operation centre is hit by a power outage.

With machinery, sensors, systems, and networks interlinked and connected to the internet, any vulnerability in cybersecurity therefore has the potential to become a serious chink in an autonomous ship’s armour if not managed properly. As a provider of secure data communications software, GTMaritime will continue to develop products which meet the increasingly sophisticated requirements of increased automation.

Mike McNally, Global Commercial Director at GTMaritimeMike McNally, Global Commercial Director at GTMaritime, has more than 25 years’ experience working in the industry both at sea and in senior maritime communications management positions.