July 2, 2021

 

 

 

 

As ICT technologies are rapidly being adopted in the shipping and port industry, digital transformation is also accelerating. However, the risk of cyberattacks exploiting vulnerabilities is increasing accordingly, raising the need for greater awareness and preparedness.

 

At the 2021 Korea Maritime Online Trade Show (KOMTS) 2021, Kim Sang-yong, Director of Marineworks, stated during his presentation titled “Smart Ship Projects in the Era of Digitalization”:

 

“Three to five years ago, smart ship R&D was mainly led by certain research institutes. However, in recent years, shipowners have increasingly begun to require smart ship specifications when placing orders, indicating that market interest has grown significantly.”

 

 

Shipowners are improving efficiency and productivity by collecting vast amounts of structured and unstructured data related to operations, including weather conditions, speed, equipment operation, and fuel consumption. In addition, amid the COVID-19 pandemic, remote collaboration systems have been established among crew members, engineers, and partner companies. Ports, where vessels come and go, have already entered a stage of automation or semi-automation. As technological development gains momentum, the automation of berthing and unberthing is also accelerating.

 

However, as reliance on ICT technologies increases, so does the potential for cyber threats to penetrate systems, calling for heightened caution. Until now, onboard security has primarily focused on management aspects such as physical security—controlling the use of USB devices, tablets, Wi-Fi and Bluetooth—as well as restricting access to unauthorized areas when external personnel are on board.

 

With the advancement of maritime satellite communications such as VSAT and Inmarsat Fleet, entry points for cyber threats have diversified. As a result, not only physical security but also technical cybersecurity can no longer be overlooked. As innovative technologies are increasingly applied in the implementation of smart ships and predictive maintenance, maritime cyber threats are expected to grow further.

 

Recent notable cases include the world’s largest shipping company, Maersk, which suffered losses of approximately $300 million due to a ransomware attack, and incidents where operations at U.S. Coast Guard ports were disrupted due to GPS jamming interference. According to Israel-based defense company Naval Dome, attempts to attack maritime targets such as vessels increased by 400% in February and June 2020.

 

More recently, reports that HMM experienced minor operational disruptions due to a mail server attack have heightened a sense of crisis within the domestic industry. The lack of preventive and response procedures for cybersecurity incidents has drawn renewed attention, as such incidents can cause damage to safety, the environment, and business operations—and may even jeopardize transport contracts.

 

Kim Sang-yong, Director of Marineworks, commented:

“Overall, it is true that shipowners have tended to overlook security. However, organizations such as OCIMF, DRYBMS, and INTERCARGO are now planning to directly evaluate cybersecurity response capabilities, which will inevitably push shipowners to strengthen their security preparedness.”

 

However, a closer look at the reality suggests that there is still a long way to go. A considerable number of vessels operated by small and mid-sized shipowners lack even basic firewalls. Compared to the security posture of small and mid-sized manufacturers and plant operators on land, the gap remains significant.

 

Moreover, most proven security solutions on land, which are based on TCP/IP communication protocols, cannot be directly applied to maritime protocols such as NMEA. This underscores the need for specialized cybersecurity risk management strategies tailored to the shipping industry.

 

The International Maritime Organization (IMO) mandates the establishment of cybersecurity risk management systems for internationally navigating vessels through its regulation (MSC.428(98)) and guideline (MSC-FAL.1/Circ.3).

 

At KOMTS, Lim Jung-gyu, Principal Surveyor of the Cyber Certification Team at Korean Register (KR), stated during his presentation titled “Maritime Cybersecurity and Certification”:

 

“When evaluating cyber risk management, the first step is to designate personnel responsible for management and oversight and to identify vulnerable points to potential attacks. This is followed by regularly diagnosing and inspecting risk control processes.”

 

In identifying risks—such as network disruptions, operational delays, and data breaches—and developing solutions, measures are implemented separately for vessels and companies.

These include:

 

• signing security compliance agreements with employees and partner companies
• establishing remote access approval procedures
• improving network architecture through network segmentation
• introducing remote access management solutions and operating control centers
• In particular, newly built vessels are required to obtain the Cyber Security (CS Ready) notation. CS Ready is granted to new vessels that pass 49 inspection items across 12 categories, including risk and asset management, incident response, and recovery.

 

 

Through workshops, vulnerabilities are identified and security systems are applied. On-site inspections are conducted to assess actual vulnerabilities, including penetration testing. Surveyors use penetration testing equipment (Cyberflood DBA) to individually verify the performance of security systems such as firewalls, IPS, and IDS.

 

Last year, Korean Register (KR) awarded the CS Ready notation for the first time to an ultra-large LPG carrier. Surveyors conducted document reviews and on-site inspections of onboard systems such as the Alarm and Monitoring System (AMS) and Integrated Smart Ship Solution (ISS) before granting the notation.

 

Meanwhile, Korean Register (KR) is currently conducting five type approvals for maritime cybersecurity systems based on existing solutions. Among them, four have been completed, including HGS Integrated Smart Communication System (ISCS), Suncom TAMS, S&Sys IAS, and Hanwha’s integrated security solution.

 

The Korean Register also plans to expand its scope beyond shipping companies and vessels to a broader smart maritime logistics ecosystem. Lim added:

 

“The goal of cybersecurity is to ensure data integrity in the exchange of information among shipping companies, vessels, equipment, and classification societies. We aim to secure cybersecurity certification technologies based on 5G, blockchain, big data, AI, and IoT, and to implement an integrated system capable of detecting real-time threats across internal and external communication networks and responding proactively and immediately.”

 

Original Article:Shipping Companies Turn to Cybersecurity Solutions Amid Rising Maritime Threats

Source:Industry News