THE majority of cyber security breaches on board ships are due to human error, however, they can be avoided through the deployment of cutting edge technology and implementation of policies to stop crews from unknowingly infecting shipboard systems.
That was one of the key takeaways from a maritime cyber conference held in London at which delegates were informed of the potentially catastrophic consequences when operational technologies are hacked, a press release issued by Israel-based cyber security specialist Naval Dome said.
'The problem is that when crew or operators use USB sticks to upload system files or log on using their own mobile phones, laptops and tablets or open an infected email, they can potentially upload a malware virus or worse,' Naval Dome CEO Itai Sela told delegates attending the European Maritime Cyber Risk Management summit.
Since 150 million emails are sent globally every minute by four billion Internet users, it would be right to assume that some of them will be infected and opened by unsuspecting crew members.
'The biggest issue is the internal attack and the human element is definitely part of the problem. Crew training alone is not a solution,' said Mr Sela. 'Also, when a technician boards a vessel and connects a laptop or equipment directly to the ECDIS or radar to fix or service these systems, can they verify their own systems are secure and have not been infected?'
However, there is also an external threat, warned Mr Sela. 'Since headquarter and vessel operations go hand-in-hand, it is important to know that when a shipping company's offices have been hacked it means the company's vessels are also compromised.'
Another topic raised at the summit was that many systems onboard are still based on old operating systems, such as Windows XP, Windows 7, or Linux - systems designed and manufactured without consideration of the cyber threat.
That many of these systems remain unprotected with critical PC-based IT and OT systems frequently using the same Internet connection was a significant concern raised by Lloyd's Register's cyber security product manager Elisa Cassi.
'Industrial control systems may still run on separate networks, but true physical isolation is becoming the exception rather than the norm. Even with no direct connection, malware can bridge air-gapped networks by exploiting human activity and operator error.'
Templar Executive's director Chris Gibson said that 47 per cent of ships' crews have been targeted, with IT and OT systems 'very vulnerable to attack.'
'The maritime sector is a keystone of a modern, digitised world but remains vulnerable to cyber attack.'
That was one of the key takeaways from a maritime cyber conference held in London at which delegates were informed of the potentially catastrophic consequences when operational technologies are hacked, a press release issued by Israel-based cyber security specialist Naval Dome said.
'The problem is that when crew or operators use USB sticks to upload system files or log on using their own mobile phones, laptops and tablets or open an infected email, they can potentially upload a malware virus or worse,' Naval Dome CEO Itai Sela told delegates attending the European Maritime Cyber Risk Management summit.
Since 150 million emails are sent globally every minute by four billion Internet users, it would be right to assume that some of them will be infected and opened by unsuspecting crew members.
'The biggest issue is the internal attack and the human element is definitely part of the problem. Crew training alone is not a solution,' said Mr Sela. 'Also, when a technician boards a vessel and connects a laptop or equipment directly to the ECDIS or radar to fix or service these systems, can they verify their own systems are secure and have not been infected?'
However, there is also an external threat, warned Mr Sela. 'Since headquarter and vessel operations go hand-in-hand, it is important to know that when a shipping company's offices have been hacked it means the company's vessels are also compromised.'
Another topic raised at the summit was that many systems onboard are still based on old operating systems, such as Windows XP, Windows 7, or Linux - systems designed and manufactured without consideration of the cyber threat.
That many of these systems remain unprotected with critical PC-based IT and OT systems frequently using the same Internet connection was a significant concern raised by Lloyd's Register's cyber security product manager Elisa Cassi.
'Industrial control systems may still run on separate networks, but true physical isolation is becoming the exception rather than the norm. Even with no direct connection, malware can bridge air-gapped networks by exploiting human activity and operator error.'
Templar Executive's director Chris Gibson said that 47 per cent of ships' crews have been targeted, with IT and OT systems 'very vulnerable to attack.'
'The maritime sector is a keystone of a modern, digitised world but remains vulnerable to cyber attack.'