Cookies help us deliver the best experience on our website. By using our website, you agree to our use of cookies Dismiss

Plenty of ‘phish’ in the sea, warns security company

ESCGS head of cyber security, Joseph Carson ESCGS head of cyber security, Joseph Carson

Advancement in broadband technologies and the move towards ‘Big Data’ will leave the maritime industry vulnerable to cyber-crime unless it develops a better awareness of ICT security and adopts security best practices, according to ESC Global Security’s head of cyber security, Joseph Carson.

{mprestriction ids="1,2"}“There is the potential for a major cyber-attack on the maritime industry to significantly disrupt food and energy supplies given that shipping transports 90 per cent of the world’s global trade,” said Mr Carson.

“Certainly there is the possibility for AIS, GNSS, ENC and ECDIS charts to disappear from bridge screens or be modified, but the issue today is that most adversaries want to obtain data for financial gain or criminal activities.”

Mr Carson points to payment systems, for example, as a part of a shipping company’s infrastructure that can easily be attacked using phishing scams to raise fake invoices, or even to change shipping manifests in order to transport illicit goods, drugs and weapons.

Referencing comments made by World Economic Forum managing director Espen Barth Eide at Nor-Shipping 2015 in Oslo, who said that “every conflict we see in the future will be a cyber-conflict”, Mr Carson suggests that while the threat is indeed a real one, greater computer literacy and security awareness can reduce the risk of maritime cyber-crime by as much as 25 per cent.

“The biggest risk is from human operators not understanding how to deal with or identify a possible security breach. Almost 70 per cent of malware is manually shared through social media, so awareness and continuous training can have a tangible impact,” he said.

Mr Carson claims that the maritime industry is operating computer systems that “remain unpatched” for long periods, which is exacerbating the threat given the fact that continuous updating can prevent vulnerabilities in software from being exposed and used by adversaries.

“Approximately 99 per cent of all cyber-security breaches are from known vulnerabilities, with the common vulnerabilities and exposures (CVE) listed in the National Vulnerability Database. About 90 per cent of these breaches, however, have patches [software updates] available containing the required security fixes,” he said.

“No one has really established best practice guidelines that specifically targets maritime industry cyber threats. We need to act in concert so that the International Maritime Organisation has the information required to implement measures that will ultimately safeguard the maritime industry from cyber-crime and protect very sensitive data.”

“Cyberspace was once just a way to communicate but now pretty much everything depends on it; trillions of dollars pass through cyberspace each year. Our critical infrastructures for energy, healthcare, banking, transportation and water are dependent on how well we protect and secure the systems and the data that controls them.”{/mprestriction}

Related items

Joomla SEF URLs by Artio


Register or Login to view even more of our content. Basic registration is free.

Register now

Digital Ship magazine provides the latest information about maritime satellite communications technology, software systems, navigation technology, computer networks, data management and TMSA. It is published ten times a year.


Digital Ship Ltd
Digital Ship - Digital Energy Journal
39-41 North Road
N7 9DP
United Kingdom

Copyright © 2020 Digital Ship Ltd. All rights reserved           Cookie Policy         Privacy Policy