World-wide maritime trade has increased every year over the past decade. In 2019, 811 million twenty-foot equivalent units were processed through maritime ports globally. Additionally, the critical nature of this sector was highlighted in March of 2021 when the Ever Given blocked maritime traffic through the Suez Canal. That event alone resulted in an estimated $9.6 billion cost daily. There is no doubt, maritime operations are a critical aspect of national and global economies. Despite this, the importance of maritime cybersecurity, especially operational technology (OT) security, often remains overlooked. To prevent the potential impacts of a cyber incident, maritime stakeholders need to move from mere cybersecurity awareness to robust cybersecurity implementation.
The importance of this topic is underpinned by the diverse landscape of threat actors. Today, maritime stakeholders must consider threats as diverse as nation-states, criminal groups, and insider threats. These actors are abusing technological trends, such as the Industrial Internet of Things (IIoT) and the growing overlap between OT and IT systems, to exploit new areas of vulnerability. Each development, therefore, represents a unique challenge and heightened level of complexity for maritime security operators.
To meet these emerging cybersecurity issues, maritime stakeholders should familiarize themselves with the differences between IT and OT systems and their respective cybersecurity needs. Understanding how these systems interact within a particular business can better inform vulnerability management strategies. Knowing where the strengths and weaknesses of these systems exist will enable educated risk management strategies. Finally, stakeholders ought to invest in asset management and threat detection. As we saw in the Colonial Pipeline incident, the ignorance of their own assets and network architecture was weaponized directly against them. Understanding your devices, their software, and the network connections between OT, IT, and IIoT infrastructure is vital to true cyber resilience.
In addition to external and internal cybersecurity threats, the complicated web of potential compliance standards presents another challenge. The interconnected nature of the maritime industry leads to a complicated relationship between international and national regulatory bodies – each providing their own disparate security standards. The International Maritime Organization (IMO), The European Union Agency for Cybersecurity (ENISA), and the United States Coast Guard each publish guidelines and regulations. This multiplicity of bodies creates the risk of divergent recommendations that could lead to systemic risk. For example, the appropriate standards for a large automated shoreside terminal may be different than what is best for a small manually operated port. Therefore, maritime stakeholders should familiarize themselves with these standards and their own assets, as well as the five foundational security controls that most security standards share:
As maritime trade continues to play a vital role in the world economy, it is of paramount importance that stakeholders take the appropriate steps to minimize their cyber risk. To help them address this challenge, we created a white paper dedicated to OT cybersecurity for maritime stakeholders. This white paper explores OT security topics in greater detail, including the current cyber threat landscape, best practices we have learned over the past decade, plus recommendations for meeting future compliance and regulatory challenges.
