At a time when vessels and other critical maritime infrastructure are becoming increasingly connected to IT systems, less than half (40%) of maritime professionals think their organization is investing enough in cyber security, according to new research from DNV.[1] While the maritime industry has focused on enhancing IT security over recent decades, said the class society, the security of operational technology (OT) – which manages, monitors, controls and automates physical assets – is ‘a more recent and increasingly urgent risk’.
Three quarters (75%) of the 800 industry professionals taking part in the DNV survey said that OT security is a ‘significantly higher priority’ for their organization than it was just two years ago, but only one in three was confident that their organization’s OT cyber security is as strong as its IT security.[2]
The Head of Maritime Cyber Security Advisory at DNV commented, “The maritime industry is still thinking IT in an era of connected systems and assets. With ship systems being increasingly interconnected with the outside world, cyber-attacks on OT are likely to have a bigger impact in the future.” Worryingly, the responses to the DNV survey indicated an ‘almost universal expectation’ that cyber-attacks will disrupt ship operations in the coming years.”
Three quarters of the respondents believed a cyber incident is likely to force the closure of a strategic waterway (76%). More than half expected cyber-attacks to cause ship collisions (60%), groundings (68%), and even result in physical injury or death (56%).
The CEO Maritime at DNV added, “Cyber security is a growing safety risk, perhaps even the risk for the coming decade. But crucially, it is also an enabler of innovation and decarbonization. Because as we pursue greener, safer, and more efficient global shipping, the digital transformation of the industry is deeply dependent on securing these inter-connected assets. Making it vital that we work collaboratively to strengthen our collective cyber security.”
DNV said that tighter regulation of maritime cyber security is ‘on the horizon’ as industry bodies and government authorities seek to encourage the sector to improve its security posture. Consequently, maritime organizations must prepare to comply with new rules, including the IACS Unified Requirements and the EU’s NIS2 Directive from 2024. According to DNV, most maritime professionals believe that regulation provides the strongest motivator to unlock much-needed cyber security funding, but only just over half (56%) of those taking part in the survey were confident the effectiveness of cyber security regulation and in their ability to meet requirements.
“Regulation only sets a baseline for cyber security. It doesn’t guarantee security,’ said DNV. “Rather than taking it as our goal, the maritime industry should use it as a foundation, on which to further improve and adapt to the changing threat landscape. As we have seen in the safety domain, regulation becomes more straightforward and effective when it is supported by industry players coming together to share knowledge. Our research indicates that the industry needs to take big steps forward in openly sharing cyber security experiences, the good, the bad and the ugly to collectively create security best practice guidance for a safer, more sustainable maritime sector.”
DNV’s new research report Maritime Cyber Priority 2023: Staying secure in an era of connectivity is available for download: https://www.dnv.com/cybersecurity/cyber-insights/energy-cyber-priority-2023.html DNV has also published a new report on cyber security perceptions in the energy sector, entitled Energy Cyber Priority 2023, which can be downloaded: https://www.dnv.com/cybersecurity/cyber-insights/energy-cyber-priority-2023.html
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
[1] DNV is the world's largest classification society (Norway), providing services for 13,175 vessels and mobile offshore units (MOUs) amounting to 265.4 million gross tons, which represents a global market share of 21%.
[2] https://www.bunkerspot.com/global/59179-global-dnv-less-than-half-of-maritime-professionals-think-their-organisation-is-investing-enough-in-cyber-security
Comments