IMO’s Cyber Risk Management Code 2021 (IMO 2021) sets the framework and foundation for cyber security resilience, but Inmarsat is committed to going beyond simple regulation.
“The IMO Maritime Cyber Risk Management Guidelines have helped stakeholders address cyber threats, but the nature of digital attacks continues to evolve due to advances in computer technology and evolving geopolitical conflicts,” said Ben Palmer, President of Inmarsat Maritime.
With cyber attacks on the maritime sector on the rise, the Inmarsat report promotes Unified Threat Management (UTM) as a foundation for managing cyber risks. UTM combines a number of defenses such as antivirus programs, firewalls, intrusion detection systems and content and content filters in a single software and hardware package. Inmarsat offers its own Fleet Secure UTM which it says simplifies the installation and operation of security infrastructure.
By making security easier to configure and maintain, UTM also makes proactive cyber security more affordable for maritime companies, Inmarsat said.
The report states a 2021 penetration test of 100 vessels in a certain fleet. Of the 292 emails sent to fleet nodes, 92% were opened, 90 sailors clicked on the link inside, and 44 of them entered sensitive information on the website.
If bad actors gain access to systems, vulnerabilities in our industry include: bridge systems, cargo handling and control systems, propulsion and machinery control systems and power control, access control systems, passenger service and management, public passenger-facing networks, administrative and crew social protection systems and communication systems.
Inmarsat uses Danish tanker company Evergas as an example of a shipping company facing up to its cybersecurity responsibilities.
Evergas IT Manager, Poul Rævdal, said: “The regulations provide a good starting point, but from our perspective it is important to go above and beyond the guidelines… Being able to consolidate the separate parts of our network security into one solution and Business primarily with single vendor allows our IT team to focus on optimizing the day-to-day support provided to our ships and systems.”
The report provides additional details on seafarer training and awareness, attack vectors used against the maritime industry, creating a cybersecurity-aware culture, pathways to regulatory compliance and overcoming compliance.
The full report is available to download from Inmarsat’s website.
Comments are closed.