This was the stark message from Ben Densham, chief technology officer of Nettitude, a cyber security company owned by Lloyd’s Register, as he addressed a Maritime Autonomous Systems Regulatory Conference, held virtually this week.
The incidence of attacks has increased markedly since the onset of the pandemic, he said, revealing that “the bad guys have used it to infiltrate systems”. But shipping’s vulnerability has never been greater, he pointed out, as the industry’s digital transformation continues to accelerate. “Moving online opens up the attack surface,” Densham warned, “with more opportunities for hackers.”
He drew attention to the seven-month-old cyber espionage campaign, SolarWind, widely thought to be state-sponsored which is estimated to have infiltrated more than 18,000 targets with malicious code which initially lay dormant for some weeks. Many Fortune 500 companies are thought to have been attacked, as well as US Government departments and Microsoft.
Against a backdrop of heightened risk, Densham said that shipping needs to change its thinking. “We need to think security, not just compliance,” he declared, pointing out that building cyber security into assets at the design stage is fine, but systems subsequently need constant attention in operation to guard against the speed and agility of threats and attacks in the cyber arena.
Densham stressed the importance of continuous testing of cyber resilience. As remote connectivity and varying degrees of autonomy transform many long-established shipping business models, companies must focus on cyber risks and their possible impact, he said, because they pose a constant threat that runs through all aspects of business.
In addition to its involvement in shipping and energy, Nettitude provides cyber security services to governments, the defence sector, financial services, healthcare, manufacturing and retail.