The importance of cybersecurity in the maritime industry

Cybersecurity in maritime has a huge potential to affect the safety of the crew, vessel, cargo and even ports. Cybersecurity in shipping is concerned with the data protection of IT systems, onboard ships hardware and sensors and data leak from unauthorized access, manipulation and disruption
In the digital age, information security and data safety issues are critically important. Even large IT companies that are developing complex software and hardware solutions, Internet platforms and IoT (Internet of Things) devices often cannot provide the required level of cybersecurity. Everyone is aware of the latest cases of information leakage and hacking of the protection of such companies as Twitter, Garmin, Intel and other huge industrial players, which were attacked in 2020. And this has an impact on us all, because we or our friends and relatives can be users of any of these products.
Cybersecurity has a huge potential to affect the safety of the crew, vessel, cargo and even ports. Cybersecurity is concerned with the protection of IT systems, onboard hardware and sensors and data leak from unauthorised access, manipulation and disruption. Cybersecurity policies and plans cover different types of risks like information integrity, system and hardware availability on board and in the office of the shipping company. Different incidents can be as the result of:

  • Problems with data transfer from the shipping company to the vessel and vice versa. For example, incorrect transfer of charts from the shipping company to vessel's ECDIS can cause delay in voyage or even possibility to reset all charts already installed on ECDIS
  • Problems with onboard equipment and hardware. Not every member of the crew knows what to do with every operational equipment installed on board in case of disruption or even disaster. That can lead to more heavy consequences with vessel operations
  • Loss of or manipulation of external sensor data, critical for the operation of a ship. Not to tell about the problems that may occur if vessel systems or shipping company systems will be attacked by hackers.

These are just examples of what can happen with the systems of the ship and the shipping company. With the development of information technologies in maritime logistics, such problems will arise more often if measures are not taken to prevent them in advance.

Cyber Risk Management should:

  • Define the roles and responsibilities of users, key personnel and management both ashore and aboard
  • Identify systems, assets, data and capabilities that, if breached, could pose a threat to the operations and safety of the ship
  • Implement technical and procedural measures to protect against cyber incidents and ensure business continuity
  • Carry out activities to prepare for and respond to cyber incidents.

The company's Cyber Risk Management plans and procedures should complement the existing security risk management requirements of the ISM Code and the ISPS Code. Cybersecurity should be seen at all levels of the company, from top management onshore to onboard personnel, as an integral part of the safety culture required for the safe and efficient operation of a ship.

Vessels are increasingly integrated with onshore operations as digital communications are used to conduct business, manage operations, and keep in touch with office managers. In addition, critical vessel systems required for the safety of navigation, power supply and cargo management are increasingly digitized and connected to the Internet to perform a wide range of legitimate functions, such as:

  • Monitoring of engine operation
  • Service and management of spare parts
  • Loading, handling, crane, pump control and laying planning
  • vessel performance monitoring.

It is important to protect critical systems and data with multiple layers of safeguards that address the role of people, procedures, and technology to:

  • Increase the likelihood of detecting a cyber incident
  • Increase the effort and resources required to protect information, data or the availability of IT hardware.

Connected hardware on board should require more than one technical and / or procedural protection. Perimeter defenses such as firewalls are important to prevent unwanted intrusion into systems, but may not be sufficient to combat internal threats.

This defense in depth approach encourages a combination of:

  • Physical safety of the vessel in accordance with the ship security plan (SSP)
  • Network protection, including efficient segmentation
  • Intrusion detection
  • Periodic scanning and testing of vulnerabilities
  • Software whitelist
  • Access and user controls
  • Appropriate procedures regarding the use of removable media and password policies
  • Staff awareness of the risks and familiarity with the relevant procedures.

But how important is cybersecurity in the maritime industry?

cyber risk management approach
Marine Digital Fuel Optimization System is a cloud-based system hosted at Amazon facilities in compliance with cybersecurity requirements.

AWS IoT Core provides automated configuration and authentication upon a device's first connection to AWS IoT Core, as well as end-to-end encryption throughout all points of connection so that data is never exchanged between devices and AWS IoT Core without a proven identity.

AWS IoT Device Defender audits device-related resources (such as X.509 certificates, IoT policies, and Client IDs) against AWS IoT security best practices (e.g., the principle of least privilege or unique identity per device), continuously monitors our device fleets to detect any abnormal device behavior that may be indicative of a compromise by continuously monitoring high-value security metrics from the device and AWS IoT Core (e.g., the number of listening TCP ports on your devices or authorization failure counts).

Case study of data protection and cyber security by Marine Digital

Cyber risk management approach in shipping

The importance of cybersecurity in the maritime industry
Marine Digital FOS box (hardware part, which installed on a vessel) consists of a Data Collection Unit (DCU), a power supply, and a GSM modem, all-in-one robust enclosure, interfacing with the sources of input signals via a read-only NMEA connection, that pulls in data integrated sources, encodes and records it to the integrated storage, and then uploads the collected data to the cloud data lake when a GSM connection is available, autonomously from the shipboard systems. So there is no way to access the equipment on board.

Find more information about the issue of the safety of connecting and exchanging information when implementing Marine Digital FOS, or write to us hello@marine-digital.com
TOP 5 factors contributing to lower fuel costs for Shipping companies
Get a presentation with a full description of the features and free pilot project with trial of Marine Digital FOS for 2 months
"Clicking the button, you consent to the processing of personal data and agree to the privacy policy"
Get an overview "The Pathway to Zero Carbon Shipping:
IMO Compliance and CII Optimization through SEEMP" on email and download it for FREE! Leave your email now!
"Clicking the button, you consent to the processing of personal data and agree to the privacy policy, as well as consent to subscribe to the newsletter. "
Аdvantage of Fuel Optimization System from Marine Digital:
Marine Digital FOS can be integrated with other system and third-party's solutions through the API. To implement vessel performance monitoring for any vessel, we are using mathematical algorithms, machine learning and the same equipment as in FOS. The more data we collect from vessels, the more precise reports and recommendations our system will perform according to your individual requirements in fleet management.

If you have any questions about the solutions and the Marine Digital System platform, write to us, we will be happy to answer
Increased business process speed
Increased business process speed
Reducing to zero the number of errors
Reducing to zero the number of errors
Best offer to the clients
Best offer to the clients
Reduction in operating expenses
Reduction in operating expenses
Have a questions?