A survey of attendees at the recent Maritime Cyber Risk Forum in London revealed ongoing challenges when it comes to cybersecurity on the high seas with 89% of respondents agreeing with the statement that there is a worrying level of complacency about cyber attacks in the maritime industry.
An equal number attributed the complacency to a long-held bias toward physical protection and security over information and cyber security. Attendees agreed unanimously that cyber threats are a real and present risk to business, and that left unaddressed, cybersecurity will not get the organizational attention required to reduce the risk.
Perhaps tellingly, over half of the respondents did not know if their insurance covered cyber risk. The half that did know about their insurance coverage were evenly split between companies that had cybersecurity coverage and those that did not.
But there is hope. Also at the conference, Michael Hawthorne, a former UK defense cyber operations chief and Royal Navy captain offered seven lessons for maritime operators to improve their cybersecurity posture:
- Leadership: Strong leadership is needed to take hold of implementing cyber compliance and risk management.
- Governance: Ensure articulation of roles and responsibilities throughout the organization through effective governance, taking a holistic perspective.
- Identify critical assets: Not everything can be defended so identify the most vital systems in an organization and prioritize efforts around these.
- Risk management: Organizational processes need risk management embedded within them, incorporating the impact on the wider business as well as cyber security.
- Resilience: Assume that systems will go down and plan how to handle that and get operations up and running, building resilience into this process, rather than focusing purely on preventing incidents in the first place.
- Monitoring: The whole network needs to be monitored, not just endpoints, and someone needs to actually be reviewing this monitoring.
- Incident response: Testing out processes through incident response exercises is vital to practicing risk-management processes and understanding where weaknesses lie.
Out-of-band provides hope for maritime operators
Uplogix is deployed on hundreds of vessels around the globe including oil & gas drilling, refining and support; as well as cruise ships and luxury yachts. While the driving initial use case for our customers was nearly always remote access to gear, often over an Iridium satellite connection, Uplogix brings more than just reliable connections to remote gear. Our maritime customers deploy the same platform that serves as a secure gateway for our customers in financial and federal networks. It’s the same authentication and encryption that helps hospital networks meet stringent HIPAA requirements.
As maritime operators race to catch up to today’s cybersecurity risks, we’re excited to be a key tool that many already have in their toolbox.