3 BEST MARITIME CYBERATTACK CONTROL METHODS

According to IBM, transportation has gone from the fifth industry most targeted by cyber criminals in 2015 to the second most targeted sector now. To answer the question of “How can you control a cyberattack?”, Rachael Bardoe, Director of Operations and Cyber Centre of Excellence at DCSA, outlined three key steps below for controlling a cyberattack on a vessel.

“Cybercrime is rising, and shipping is a top target in 2020. An attack at sea is different from one ashore due to limited cyber skillsets, legacy systems and satcom bandwidth constraints. During an incident, systems must fail not just securely, but safely. Controlling an attack requires the following.

Preparation to minimize the impact. Having a Configuration Management Database detailing assets, their criticality and location, is key to prioritizing protection strategies and identifying vulnerabilities. Ensure that patches and anti-virus signatures are up-to-date, security train the crew. Network segmentation is paramount for vessel safety. Maritime systems, OT, IT and crew welfare systems should sit on separate networks, separated by gateways, to contain the attack at network boundaries.

Rapid response to quarantine affected systems. Crew members must follow a Security Incident Response plan to remove affected systems from the network and replace them with spares. Maintaining the chain of custody of impacted systems will facilitate a forensics investigation. Review network ports on boundary devices, ensure that vulnerable ingress and egress points are secured.

Forensics. Once at port, the crew must provide the infected asset to cybersecurity experts for investigation. Maintaining the chain of custody from the point of quarantine ensures any findings will be permissible in court, which may protect the company from serious reputational and financial damage.”