A cybersecurity expert shares his tips and strategies for making the marine industry more secure and resilient.
Mohammad Fuaz Khan
The marine industry needs to adopt an adversarial mindset and build systems that are inherently secure, says a cybersecurity expert who spoke at the Marine Institute’s annual conference on Jan. 11.
Jonathan Anderson, associate professor in the faculty of engineering at Memorial University, said ships are vulnerable to cyberattacks that could cause serious damage or even loss of life.
“Ships contain valuable cargo, sensitive data and critical control systems,” Anderson said. “If an attacker can gain access to these systems, they could hijack the ship, steal the cargo or cause a collision.”
Anderson cited some recent examples of cyberattacks on the marine industry, such as the ransomware attack on the world’s largest shipping company Maersk in 2017, the GPS spoofing attack on a Russian oil tanker in 2019, and the hacking of the Iranian port of Bandar Abbas in 2020.
“These attacks show that the marine industry is not immune to cyber threats, and that the consequences can be devastating,” Anderson said.
Relying on security services to protect systems is not enough, Anderson argued, as they cannot anticipate every possible threat. He suggested the marine industry should take a more proactive approach by thinking like an attacker and testing its own systems for weaknesses.
Anderson recommended several strategies, such as hiring ethical hackers to break into systems, simulating attacks by adversaries, monitoring systems for signs of attack, dividing systems into smaller and isolated components, giving users only the access they need, and encrypting all data.
Each of these strategies could help to prevent or mitigate cyberattacks, Anderson said, giving some practical tips on how to implement them.
Human factors in cybersecurity are vital, said Anderson. Among them are training employees to be aware of risks and to report suspicious activity. He said collaboration between different fields such as computer science and naval architecture is essential to develop more secure and robust marine systems.
Anderson also announced a new research agenda that will focus on developing new cybersecurity solutions for the marine industry. The agenda will be funded by a grant from the federal government’s Maritime Security and Security of Supply Program.
Anderson said he is confident that this research agenda will help to make the marine industry a safer place.
“We need to do everything we can to protect our ships, our cargo, and our people from cyberattacks,” he said.
The audience appeared to appreciate Anderson’s call for action.
“This was a very timely and important talk,” said one audience member.