Cyber security: Defending the tanker at sea, in port and from the crew

Whilst we don’t actually have the full facts about the Evergreen incident in the Suez Canal, It’s highlighted the impact of security onboard. The good news is that new compliance requirements are coming in this year. The bad news is that ships are a hotbed of OT to IT crossovers…:

[…] A worrying issue is the number of onboard systems still connected to vessel satellite communications. “Operational technology (OT) should be air-gapped but are unknowingly connected to the vessel business network,” he said. These include loading computers, closed-circuit television systems and engine monitoring and alarm systems.

“These are critical systems, with loading computers linked to the ballast system for example,” Mr Ng said. “Controls need to be in place. Engine monitoring systems should be air gapped.”

CyberOwl also examined shipboard computers, looking for unwanted and potentially dangerous programs, which are regularly installed. “The top offender is PDF editing software,” according to Mr Ng: “In shipping there are a lot of documents and often they come in PDF format and need to be edited and sent back to offices.” If owners have not installed official software for PDF editing, crew will seek to upload free and potentially hazardous programs, “just for the job they need to do” said Mr Ng.

[…]

Original article