Human error is often the cause of cyber security breaches on ships and new technology and policy can prevent infection, carriers have been told.
Delegates at London’s European Maritime Cyber Risk Management summit were warned that when operational technologies are hacked it can lead to catastrophic consequences, yet most of the time this results from largely-preventable errors.
Speaking at the event Itai Sela, CEO of cyber security provider Naval Dome, said: “The problem is that when crew or operators use USB sticks to upload system files or log on using their own mobile phones, laptops and tablets or open an infected email, they can potentially upload a malware virus or worse.”
With 150 million emails sent globally every minute by more than 4 billion internet users, crew members can easily come across infected messages. However, threats can also come from technicians.
Sela said: “When a technician boards a vessel and connects a laptop or equipment directly to the ECDIS or radar to fix or service these systems, can they verify their own systems are secure and have not been infected?”
The vulnerability of old systems onboard was also discussed at the summit, with systems such as Windows XP, Windows 7 and Linux, which are often found on vessels, designed and manufactured without consideration of the cyber threat.
Elisa Cassi, product manager of cyber security at Lloyd’s Register, said: “Industrial control systems may still run on separate networks, but true physical isolation is becoming the exception rather than the norm.
“Even with no direct connection, malware can bridge air-gapped networks by exploiting human activity and operator error.”