The IMO’s 2021 cyber risk management code (IMO 2021) sets a framework and baseline for cyber security resilience, but Inmarsat advocates for going beyond simple regulatory compliance.
“The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts,” said Ben Palmer, President, Inmarsat Maritime.
With cyberattacks against the maritime sector on the rise, the Inmarsat report promotes Unified Threat Management (UTM) as a foundation for managing cyber risks. UTM combines a range of defences like antivirus programmes, firewalls, intrusion and detection systems and content filters in one software and hardware package. Inmarsat offers its own Fleet Secure UTM which it says streamlines the installation and operation of security infrastructure.
By making security easier to configure and maintain, UTM also makes proactive cyber security more accessible to maritime companies, said Inmarsat.
The report notes a 2021 penetration test across 100 vessels in a particular fleet. Of 292 emails sent to fleet nodes, 92% were opened, a link inside was clicked by 90 seafaring officers and 44 of those went on to enter sensitive information on a website.
Should bad actors succeed in accessing systems, vulnerabilities within our industry include: Bridge systems, Cargo handling and management systems, Propulsion and machinery management and power control systems, Access control systems, Passenger servicing and management systems, Passenger facing public networks, Administrative and crew welfare systems, and Communication systems.
Inmarsat uses Danish tanker company Evergas as an example of a shipping company facing its cyber security responsibilities.
Evergas IT Manager, Poul Rævdal, said: “Regulations provide a good starting point, but it is important from our perspective to go above and beyond the guidelines... Being able to unify the separate parts of our network security into a single solution and deal primarily with one supplier allows our IT team to focus on optimising the day-to-day support given to our ships and systems.”
The report goes into further detail on seafarer training and awareness, the vectors of attack used against the maritime industry, creating a cyber security aware culture, pathways to regulatory compliance and moving beyond compliance.