Actualités
Faced with the digitalization as well as the automation of the navy in Europe, this sector is increasingly facing significant risks of cyber-attacks that could compromise various data and directly impact the proper functioning of maritime infrastructures (ports, ships, oil platforms, beacons, etc…).
In this issue, we will focus on the European maritime cybersecurity market and its applications in the markets targeted by Surfeo.
« Ships and other vessels may appear to be unusual targets for cyber-attacks. But with their increasing use of Industrial Control Systems (ICS) and satellite communications, pirates have a new playground that is ripe for attack.”
The cybersecurity can be defined as a method of actively managing risks or actions to protect systems, equipped with technology, connected to a network. Cybersecurity makes it possible to protect in most cases important or confidential data against computer attacks. These attacks would aim at stealing this information or using it for the wrong reasons. Cybersecurity therefore guarantees the confidentiality and integrity of the data concerned.
The term « cyber » has its origin in the early development of the Internet and the significant advance of digital technology in our society. The subject of cybersecurity today represents a major subject due to its influence within various economic, political, or strategic stakes. Cybersecurity today is an unavoidable subject for any company wanting to protect its information but also, concerning military or governmental infrastructures. This « protection » is so important that a measurement index today makes it possible to evaluate the level of development of each country in this field, this index is the GCI (Global Cybersecurity Index).
Cybersecurity is a means of protection that is constantly adapting and becoming more complex with each new attack on data. Therefore, answers to the following two questions are necessary: The first, how to protect and cope with attacks on infrastructures? The second, how to organize cooperation between the private and public sectors? Indeed, for this tool to work properly, it requires perfect cooperation between the different players involved, but also real-time notification of alerts so that they can be responded to as quickly as possible.
Today, the maritime sector is facing numerous and ever-increasing attacks on the technological and IT tools present on-board ships. This does not only affect ships but also ports or even oil platforms.
The maritime sector represents in large part the pillar of the supply of goods in the world. It is one of the oldest industries and one of the engines of the world economy, accounting for 90% of world trade. All types of goods are transported to the four corners of the world, which is why protecting them from cyber threats must be a priority.
These attacks, whether indirect or direct, create incredibly significant operational impacts. This requires even greater vigilance because these attacks affect not only data, but also goods or the safety of people working in the maritime sector.
The majority of computer systems affected during these attacks are:
These different technologies are necessary and vital for the optimal operation of vessels but represent a risk of potential cyber threats due to their almost permanent use. Therefore, it is essential to secure these different systems, as their shutdown, or even cases of malfunction, could lead to serious consequences following these computer attacks.
Since 2016, the European Parliament and the European Council have decided to apply measures (EU Article 2016/1148) to ensure a threshold of overall safety and security of networks and information systems within the EU (European Union). This underlines once again the importance linked to the need to make European networks and information systems as secure as possible. This decision of the European Union therefore ensures that all member countries apply this security measure, in response to the growing threat of cyber-attacks on the private and public sector. For example, France has decided, from 2018 onwards, to apply this measure of the European Parliament, as a first step towards the OSEs (Essential Service Operators), which deliver a service where no interruption could be envisaged at the risk of having a heavy impact on the economy of the country or a company.
These OSEs are, among others, ports or merchant ships, which are therefore subject to these safety and security obligations. They must then adopt technical and organizational changes to deal with cyber threats.
The European Agency for Cybersecurity supports this project which aims to ensure security for all in the European maritime sector. They provide recommendations, strengthen the development of regulations, and also play a major role in facilitating information exchange, notably through the organization of awareness raising events. We can easily find online a report published by the European Agency on the best practices to recommend in terms of Cybersecurity.
There is certainly no miracle cure for cyber-attacks, as they are increasing day by day and are also adapting to the security systems put in place by the companies concerned. On the other hand, there are certain practices that have been developed to mitigate maritime cyber-attacks. In 2017, the IMO (International Maritime Organization) has created a resolution (MSC.428(98)) regarding the management of cyber risks in security management systems (SMS). Therefore today, for each security management system to be approved, it must ensure that it considers all the risks of cyber-attacks.
The IMO has also drawn up guidelines to be followed, which consist of high-level recommendations on maritime cyber-risk management to ensure the protection of the various transport modes in the face of the current and constantly evolving vulnerabilities in this sector.
In order to do so, various concrete practices exist and can be implemented quickly:
« Maintaining effective cyber security is not just an IT issue, but rather a fundamental operational imperative in the 21st century maritime environment, » said the U.S. Coast Guard in its July 2019 security warning.
One of the most significant examples of a cyber-attack took place in June 2017 by the « NotPetya » virus which caused more than 10 billion dollars of damage to a Ukrainian company. This virus spread more and more, even affecting pharmaceutical companies, delivery companies (FedEx) and the Danish shipping giant « Maersk ».
As we explained earlier, cyber security is nowadays essential for the protection of the maritime sector to avoid any impact causing heavy losses of money, jobs, or which could even represent a serious risk for the safety of people working in this field.
Second Cyber Attack in Notpetya on March 3, 2020
Even more essential today with this frenetic increase in digitization, the digitization of all our structures or systems that we operate daily.
Contact us to learn more and discuss your business development objectives!
Office: +33 (1) 55 17 14 64
Articles similaires
By continuing your navigation on this site, you accept the use of cookies to enable us to allow you to offer the best service.