According to Itai Sela, CEO of cyber security supplier Naval Dome, equipment manufacturers are not doing enough to provide customers with the sufficient level of protection against cyber.
Speaking to delegates attending a conference organised by the Maritime and Port Authority of Singapore (MPA), Sela said, “There is no high-level cyber security on operational systems aboard ships, on offshore oil and gas platforms, or ports and terminals.
Few original equipment manufacturers and system providers are supplying equipment with level 4 security, resulting in end-users being unable to get a true picture of the integrity of their critical systems. It’s like driving with your eyes closed.”
According to DNV GL type approval criteria and IEC 62443 standards security Level (SL) 1, the most basic, provides protection against casual or coincidental violation. SL2 to SL4 cover increasing protection levels against intentional violation, depending on sophistication of means, and the likely level of resources, motivation and skills of potential offenders.
SL4 protects against the highly motivated, highly sophisticated attack. With the shipping industry becoming increasingly reliant on connected systems and the Internet of Things, critical infrastructure is left vulnerable. Sela continued to explain that ship owners investing in equipment that does not carry the highest level of protection could result in not only financial loss but damage to assets, the environment and even loss of life.
Naval Dome is also seeing an increase in the number of spoofing incidents at ports. Spoofing, is the act of changing and manipulating satellite signals once they’ve been received by the global positioning system, (GPS) making out that assets are in different positions to where they really are. This affects container handling equipment especially, such as ship-to-shore cranes, reach stackers and straddle carriers, all rely on GPS to move and transfer containers to specific locations.