Maritime Cyber Security: No Substitute for Testing
12 October 2017
Concerns were raised about the cyber vulnerability of the new HMS Queen Elizabeth. Photo: Getty Images.
It is not a matter of if you will be attacked, but when. No organization, be those international institutions, government agencies or small businesses can ever be 100 per cent cyberattack proof, as several examples have recently indicated. Therefore preparedness, in the form of testing cybersecurity structure via different tools for any potential attacks, is vital for minimizing cyber risks. This is as true for the maritime sector and any other, since the outcomes of such an attack may vary from loss of revenue to environmental disaster and loss of life.
Testing, as a feedback process, is required for two reasons. Varying from large scale simulation exercises to pen-testing and internal drills, the initial aim is to identify potential deficiencies, vulnerabilities and back doors to the systems under test. In addition, testing helps to define the most effective code of practise when such an attack occurs; in other words, to develop an effective contingency plan.
The effects of the Petya ransomware attack on AP Moller-Maersk in June this year indicate that the dependence of the international maritime community on cyberspace is substantially increasing and, thus, exposed to new and uncalculated vulnerabilities. The Petya attack on Maersk was not a targeted one but nonetheless caused extensive problems in several …read more