October is designated as National Cybersecurity Awareness Month in the U.S., and it’s a good time to rethink your cybersecurity strategy. It’s a growing need in all industries, especially with the impending IMO (International Maritime Organization) resolution — Maritime Cyber Risk Management in Safety Management Systems — approaching in 2021.
Faimatea says they’ve seen significantly increased interest in their online courses and online audits, particularly as the January 1, 2021, annual verification of the company’s Document of Compliance comes into place: “The Maritime Safety Committee, at its 98th session in June 2017, also adopted Resolution MSC.428(98) — Maritime Cyber Risk Management in Safety Management Systems. The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.”
“Cybersecurity is considered one of the most significant risks to businesses, and yachting is no exception,” says Will Faimatea, founder of Bond Technology Management (Bond TM). “Research continually shows that 80 percent of all cybersecurity breaches are caused by staff and often in error. Having gone through the process of being GDPR-compliant, I understand the importance of processes as well as the technical aspects.”
Three years ago, after becoming increasingly more aware of the IMO guidelines, Faimatea looked to cyber-forensics expert Dr. Paul Hunton. “To me, it was clear that establishing awareness and education was a very important factor in a way to minimize incidents within our sector.” They began constructing a GCHQ-compliant maritime cyber awareness course two years ago. “Simply carrying out a ‘white hacking’ exercise is not enough but seems to have been the focus by many in the past,” Faimatea adds.
“Navigational cybersecurity is a vital piece of the cybersecurity puzzle that has been largely overlooked until the new IMO Resolution MSC.428(98) ‘Maritime Cyber Risk Management in Safety Management Systems’ was announced,” says Sean McCrystal, senior maritime marketing manager for Orolia Maritime. “As the 2021 deadline for the mandate draws nearer, it is important that the entire vessel management ecosystem, from port coordination to critical bridge systems, includes protection of navigation by creating a resilient position and timing source detection and mitigation plan.”
While the mandate might be new, threats to GPS aren’t, says McCrystal. “In the past, incidents such as accidental interference near shore have been a problem, but the growth in knowledge, access, and affordability of jamming and spoofing solutions mean more sophisticated threats are now being regularly reported,” he says.
Orolia Maritime’s M-SecureSync (SecureSync Maritime Navigation Protection System), which launched in 2019, employs various technologies to resist spoofing attacks, alert the bridge to discrepancies in the navigational signals, and activate defense solutions. It offers modular layered protection that can be utilized as a standalone safety indicator or integrated into existing navigation solutions.
“Another option is to use the M-SecureSync system as a geo-location indicator to authenticate communications from the vessel — so you can verify that the email you received from within the vessel is truly being sent from that location. This provides an additional layer of protection from phishing scams,” McCrystal says.
This column is taken from the October 2020 issue of Dockwalk.