On July 8th of this year, the US Coast Guard issued a cybersecurity warning stating that all commercial vessels were vulnerable to cyber attacks.
Explaining the incident with an example, the coast guard said that in Feb’19 a commercial vessel on an international voyage from the port of New York to New Jersey was impacted by a malware cyber attack.
The safety alert stressed on the fact that the malware attack was intensively disrupting the onboard control systems of a ship. However, the crew was super responsive to mitigate the risks on time averting a major accident due to loss of control of the ship.
Later a detailed investigation said that the vessel was operating without effective Cybersecurity measures in place- a wake-up call to the entire Maritime industry.
How the malware entered the network was unknown. But the security experts who analyzed the incident said that the vessel staff used the network only for business purposes like updating the voyage on a digital note and keeping info of cargo data using USB pen drives without scanning them for malware.
So, here the suspicion goes directly on cyber hygiene being practiced on commercial vessels.
US Coast Guard is strongly advising the vessel and facility owners and operators to follow these basic measures in order to isolate their respective vessels from cyber attacks. Those are-
• Network segmentation- Sub-dividing the network on the vessels helps in preventing adversaries in gaining control of systems through cyber attacks in Maritime environments.
• Use unique usernames and passwords- Always issue credentials on a per-user basis and never the generic ones. Also, architect passwords which are enriched with alphabets, numbers and special characters.
• Avoid USBs- Never keep USB ports on the ship computers as it gives an opportunity to bad guys to distribute malware, steal data and spy on the systems.
• Basic Antivirus software- Installing and updating anti-virus software helps in preventing malware or virus spread onto a network.
• Keep the operating system- Update your PCs with Windows or other latest software and avoid using obsolete OSes like Win XP.