Navigating the Digital Seas: Insights from the Maritime Cybersecurity Summit

Secure shipbuilding challenges

Cyber security begins in the shipyard. Panelists emphasized the need for secure-by-design principles, incorporating cyber security into procurement and design from the outset per IACS UR E26 and E27. Supply chain vulnerabilities, such as unpatched PLCs from leading manufacturers like Siemens and Mitsubishi Electric, were flagged as significant risks.

Building a robust vendor risk management program and collaborating closely with manufacturers to vet hardware, software, and components were highlighted as critical measures.

OT cyber security monitoring and architecture best practices

Securing Operational Technology (OT) networks requires a layered approach. Experts recommended continuous OT monitoring and network segmentation to limit the spread of threats. A zero-trust approach was deemed essential, ensuring that every user and device, even within the network, undergoes authentication. By dividing networks into IT, OT, and critical zones, ship owners can enhance their defense against evolving cyber threats.

Emerging threats in OT – From AI to advanced threat actors

The dual role of Artificial Intelligence (AI) in OT security took center stage. While AI enhances threat detection, it also enables adversaries to automate attacks. Real-world examples demonstrated how advanced persistent threats (APTs) leverage AI to exploit OT systems, urging maritime operators to collaborate with threat intelligence communities like MTS-ISAC to stay ahead.

Undressing Braz Conus

An in-depth profile of the elusive threat actor Braz Conus revealed their specialized methods of conducting maritime fraud by contacting ships via Inmarsat satellite messages and pretending to be port authorities requesting immediate payment of invoices for port services.

By understanding the tactics, techniques, and procedures of such actors, maritime organizations can better tailor their defenses and strengthen their response to spear-phishing and supply chain attacks.

Cyber incident response case studies

Real-world incidents underscored the importance of rehearsed response plans. From malware detection tools to segmented networks, panelists shared strategies to detect, contain, and recover from attacks. The value of frequent backups and post-incident analysis for improving resilience was a recurring theme.

Updates to maritime industry cyber security guidelines

The release of Version 5 of the Cybersecurity Guidelines Onboard Ships introduced updates such as multi-factor authentication, remote access controls, and expanded vendor risk management practices. Emphasis on mitigating risks associated with the Industrial Internet of Things (IIoT) and smart ship technologies reflected the need to align with evolving standards like NIST and IACS Unified Requirements.

International cyber security harmonization efforts

There is still a lot of work to be done in harmonizing regulations and standards across the globe. New guidelines, standards, and regulations such as U.S. Coast Guard (USCG) Notice of Proposed Rulemaking, EU NIS2 Directive, and expected new IMO cyber security guidelines help to elevate the cyber security floor of the maritime industry but also add a compliance and enforcement challenge to both the industry and regulatory agencies.

Seasoned maritime community stakeholders are quick to point out the disconnect between regulators and those who have spent a career working on vessels and in ports, along with the feasibility of implementing new policies, processes, and security control within legacy environments.

Executive and boardroom conversations

While the maritime industry is relatively immature from a cyber security perspective compared to other industries such as automotive, board members and executives are coming to terms with the importance of cyber security and resilience for their organizations. Recent attacks, especially ransomware attacks, within and outside of maritime have helped leaders understand the business risk around inadequate cyber security practices and controls.

This business risk along with new regulatory requirements such as the SEC cybersecurity incident disclosure requirements means that cyber security is no longer an afterthought.

Ransomware and GPS vulnerabilities

Ransomware remains a formidable challenge, with panelists stressing the importance of clear response policies and regular backup verification.

GPS spoofing and satellite broadband vulnerabilities were flagged as persistent issues, disrupting maritime operations and necessitating regular assessments and advancements in satellite security technologies.

Final thoughts

The summit emphasized that collaboration is the cornerstone of maritime cyber security. Through shared intelligence, robust incident response strategies, and proactive compliance with updated guidelines, the maritime community can navigate the challenges of a rapidly digitizing industry with confidence.

For port and fleet cyber security officers, the insights from this event serve as a roadmap to fortify resilience against current and future threats.