Cybersecurity breaches have shutdown rigs, jammed signals and enabled pirates to pick the most lucrative targets. What’s more a crew once plugged a USB into a vessel system and shut down the charts.
“It’s not a matter of if, it’s a matter of when,” Steve Burke, regional director, BlueTide Communications, told a seminar at the 2016 International WorkBoat Show Thursday. Companies should integrate cybersecurity measures into routine safety operations and audit vessel networks. “It’s as important as your safety briefing.”
“You’d be amazed at the number of companies that don’t have content filtering on their vessels,” Burke said.
Software complexity is the issue, said Cris DeWitt, senior manager of operational technology cybersecurity, ABS, which performs cybersecurity asset assessments and gap analysis. For example, the space shuttle main engine computer, which was at the bottom of a list measuring millions of lines of code, has never had a launch failure.
“Vessels are seeing greater levels of automation and increasing complexity,” he said.
And in the maritime world, cybersecurity is unique, Burke said. Crews are highly trained, the number of personal devices is growing, vessels are highly independent with no or few IT people onboard and ever increasing requirements for systems to be remotely operated.
Traditional threats include ransomware, which will be a billion-dollar industry by the end of the year, scanning and botnets. The culprits are activists, terrorists and disgruntled employees. Their goals are money, destruction of data and economic disruption.
“It’s a real threat out there,” Burke said.