Why End-User Security Is Essential to Maritime Operations
In a previous post on maritime cyber security, we reported on an official “Marine Safety Alert” issued by the U.S. Coast Guard in response to a cyber security incident involving a commercial vessel. The vessel’s onboard computer systems were infected with malware that “significantly degraded” their functionality. We discussed the maritime cyber security best practices recommended by the Coast Guard and the robust security tools GDS integrates into its marine connectivity solutions.
A malware infection in onboard computer systems is a serious issue that could affect electronic charts, cargo management and other critical functions. In light of that risk, vessel operators need to take steps to ensure that their systems and network are protected against maritime cyber attack.
However, it’s also critically important to implement effective end-user security. Hackers are more likely to target end-users than attempt to thwart state-of-the-art security controls, and are often more interested in stealing data than disrupting onboard computer systems.
IHS Markit Maritime Cyber Security Survey
In the IHS Markit Maritime Cyber Security Survey 2018:
- 86 percent of respondents said they were concerned that their navigation systems were vulnerable to cyber attack.
- 46 percent said they felt their safety systems were vulnerable
- 39 percent were worried about their power systems
- 33 percent were concerned about their cargo control systems.
In reality, however, 93 percent of cyber attacks affected IT systems, with just 7 percent affecting operational systems and 7 percent affecting navigational systems. A small number of attacks (2 percent) affected all of the organization’s systems.
About half (49 percent) of reported security incidents involved phishing emails, with 30 percent involving spear phishing. Malware was a factor in 44 percent of attacks. Other common types of incidents included theft of credentials (28 percent), ransomware (23 percent) and man-in-the-middle attacks (21 percent). Corporate data, including personnel and payroll information, was stolen in 19 percent of attacks. Just 7 percent of attacks resulted in loss of operational control, and just 3 percent involved cargo theft.
In other words, maritime companies suffer the same types of cyber attacks as other organizations. It’s important to understand what the real threats are when developing a cybersecurity strategy and prioritizing investments.
Secure Marine Connectivity Solutions
The rise of cyber attacks targeting marine vessels is hardly surprising given their increasing reliance on computer systems. That’s why GDS integrates robust security tools into its marine connectivity solutions. GDS delivers elastic bandwidth via a fully managed software-defined platform that incorporates these security features:
- Detect malware by continuously scanning for malicious content and actively monitoring all types of endpoint devices to detect threats.
- Leverage contextual data and threat intelligence to detect unknown and zero-day attacks.
- Use sophisticated analytics to detect and investigate behavioral anomalies that could be evidence of an attack.
- Prevent phishing attacks and malicious emails and attachments from ever reaching users’ inboxes.
- Block access to malicious domains and content, and prevent malware from connecting to the attacker’s command-and-control servers.
- Control the use of unapproved applications and prevent risky behaviors that can cause the loss or exposure of sensitive information.
GDS offers end-user, email and web security solutions that work in concert with infrastructure security to greatly reduce the risk of cyberattack. These solutions are continuously monitored in our state-of-the-art Network Operations Center to detect emerging threats. We also provide ongoing maintenance and management to ensure that your security tools are kept up-to-date and performing optimally.
These security controls are also tightly integrated with our managed connectivity solutions. With GDS, you gain access to high-performance, highly available connectivity for your entire operations, including maritime vessels, with built-in security, expert management and one simple bill.
Today’s high-tech maritime operations need a holistic security strategy that blocks attacks on onboard systems and protects against end-user security threats.