- Through this collaboration agreement, they will implement cybersecurity in the naval environment, something key due to the digital transformation of the sector and the increase in cyberattacks in shipping companies and ports.
- A cyber-attack on a ship’s equipment can endanger the safety of the crew, the passengers (if any) and the vessel.
Valencia, September 17, 2020.- The Spanish company S2 Grupo, (specialized in cybersecurity and critical systems management) and Aeromarine (company specialized in Navigation and Communications Electronics) have signed a collaboration agreement to cyber-protect the maritime industry .
These services include making inventories of IT (standard information systems) and OT (operation and control systems) equipment, consultancies for risk assessment and the proposal of protection measures and shared surveillance, which allows clients to have actively monitored their vessels. In this way, Aeromarine’s ship inspection services together with S2 Grupo’s cybersecurity inspection services will allow to increase productivity, implement maintenance variables, monitor any type of failure, control system needs and, ultimately, an increase in the overall cyber security of ships.
As experts from both companies have pointed out, cybersecurity in the maritime industry is an increasingly important issue due to the rapid digital transformation of the sector in recent years. The optimization of operations is a key point for this sector and the use of digital solutions is a great advantage. However, this is a critical point, since the operability of the ship depends on it.
Added to this is the need to protect against cyberattacks that, with increasing frequency, shipping companies and ports are beginning to suffer, and which can cause millions in losses and the disappearance of those companies that are not sufficiently prepared.
The vessels have IT (standard information systems) and OT (operation and control systems) systems. In this way, IT systems tend to be more prepared for cybersecurity, especially on land. An attack on the IT systems of a company usually has a great impact on cybersecurity, financial and reputational, that does not usually affect the operating systems of ships for maritime companies. An example of an IT system on a ship would be the AMOS fleet management system. With this type of system, the crew can obtain: the list of crew members, electronic manuals, certificates, work permits, maintenance plans, management and request of assets and parts, management of the ISM standard, etc.
As it has been pointed out by Aeromarine and S2 Grupo, the design of OT systems does not usually include protections for information security, unless they are of the latest generation. A cyberattack on this equipment on a ship can endanger the safety of the crew, the passengers, if any, and the vessel. Currently, the shipyards are working to build and operate ships to comply with certain cybersecurity guidelines of certification companies.
Some of the OT systems of a ship could be: the navigation system, machine control system, the ship’s centralized alarm system, loading and unloading equipment, ramps, watertight doors and gates, communication equipment, etc. In order to know which equipment should be protected against a possible cyberattack, several good practice guides have been created. One of the most reputable is the good practice guide issued by BIMCO. This guide describes the equipment to be protected and the mechanisms that should be put in place to have a cyber-secure boat.
Any attack on these “sensitive” systems poses a serious risk, as with digital transformation, most systems have connectivity for analysis, remote updates or diagnostics. These remote connections can be used as gateways for cybercriminals to access these systems.
In an attempt to establish a safe working environment for ships, IMO (International Maritime Organization) has published resolution MSC.428 (98) and MSC FAL 1-circular 3. These guidelines establish the obligation for all merchant ships to include a cyber-resilience plan, as part of the ISM manual for each vessel. This plan will be reviewed by the classification societies and relevant bodies from January 2021.
Through the collaboration of S2 Grupo and Aeromarine, all the necessary measures can be implemented to curb cybersecurity threats in the naval sector, which are not a specific problem, but a fact that is estimated to remain over time and even increase. For this reason, it is essential to take them into account and establish the necessary protocols to keep them under control.