[290615.EN.SEA] Maritime Sector Open To Cyber Attack, ESC Global Security Warns

CYBER-SECURITY chief at ESC Global Security, Joseph Carson, has warned that the maritime industry is vulnerable to cyber-crime unless it develops a better awareness of the dangers and adopts security best practice.

"Certainly there is the possibility for AIS [automatic identification system], GNSS [global navigation satellite system], ENC [electronic navigation chart] and ECDIS [electronic chart display and information system] charts to disappear from bridge screens or be modified, but the issue today is that most adversaries want to obtain data for financial gain or criminal activities," said Mr Carson.

He pointed out that payment systems, for example, can be easily attacked using phishing scams to raise fake invoices or even to change shipping manifests in order to transport illicit goods, drugs and weapons. While the threat is indeed a real one, greater computer literacy and security awareness can reduce the risk by as much as 25 per cent.

"The biggest risk is from human operators not understanding how to deal with or identify a possible security breach. Almost 70 per cent of malware is manually shared through social media, so awareness and continuous training can have a tangible impact."

Mr Carson explained that the maritime industry is operating computer systems that "remain unpatched" for long periods, but continuous updating can prevent vulnerabilities in software from being exposed and used by adversaries.

"Approximately 99 per cent of all cyber-security breaches are from known vulnerabilities with the common vulnerabilities and exposures (CVE) listed in the National Vulnerability Database.

About 90 per cent of these breaches, however, have patches [software updates] available containing the required security fixes," he said.

"No one has established best practice guidelines that specifically targets maritime industry cyber threats," said Mr Carson.

"We need to act in concert so that the International Maritime Organisation [IMO] has the information required to implement measures that will ultimately safeguard the maritime industry from cyber-crime and protect very sensitive data," he said.

Source : HKSG.