Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.

Challenges in Maritime Cybersecurity

While the IT world includes systems in offices, ports, and oil rigs, OT is used for a multitude of purposes such as controlling engines and associated systems, cargo management, navigational systems, administration, etc. Until recent years, these systems were commonly isolated from each other and from any external shore-based systems. However, the evolution of digital and communications technology has allowed the integration of these two worlds, IT and OT.

The maritime OT world includes systems like:

  • Vessel Integrated Navigation System (VINS)
  • Global Positioning System (GPS)
  • Satellite Communications
  • Automatic Identification System (AIS)
  • Radar systems and electronic charts
Ship Bridge
Ship Bridge. Images courtesy of Isidoros Monogioudis and Hellenic American University

While these technologies and systems provide significant efficiency gains for the maritime industry, they also present risks to critical systems and processes linked to the operation of systems integral to shipping. These risks may result from vulnerabilities arising from inadequate operation, integration, maintenance, and design of cyber-related systems as well as from intentional and unintentional cyberthreats.

When addressing these cyberthreats, it is important to consider the uniqueness of OT systems, as these assets control the physical world. As such, there are certain challenges to consider, such as:

  • OT systems are responsible for real-time performance, and response to any incidents is time-critical to ensure the high reliability and availability of the systems.
  • Access to OT systems should be strictly controlled without disrupting the required human-machine interaction.
  • Safety of these systems is paramount, and fault tolerance is (Read more...)