It is the start of a new year and a great time for maritime companies to hit the play button on implementing a cybersecurity plan. Cybersecurity will continue to weigh heavy on the maritime industry. How do companies begin to understand the technical engineering aspect of this issue and thoroughly secure their systems, assets, and facilities? Here are the minimum cybersecurity measures maritime companies should begin implementing today to reduce exploitable weaknesses and defend against avoidable data breaches and cyberattacks.
- Maintain an Accurate Inventory of Control System Devices and Eliminate Any Exposure of this Equipment to Internal and External Networks. Organizations should conduct assessments of their systems, both on the operational and corporate sides, to determine where connections exist. Although some organizations’ control systems may not directly face the Internet, a connection still exists if those systems are connected to a part of the network, such as the business side, that has a communications channel to external resources.
- Implement Network Segmentation and Apply Firewalls. Network segmentation entails classifying and categorizing IT assets, data, and personnel into specific groups, and then restricting access to these groups. By placing resources into different areas of a network, a compromise of one device or sector cannot translate into the exploitation of the entire system.
Access to network areas can be restricted by isolating them entirely from one another, which is optimal in the case of industrial control systems, or by implementing firewalls, smart switches and routers. The capability to monitor, restrict, and govern communication flows yields to a practical capability to baseline network traffic, and identify anomalous or suspicious communication flows.
- Use Secure Remote Access Methods. The ability to remotely connect to a network has added a great deal of convenience for end users, but a secure access method, such as a Virtual Private Network (VPN), should be used if remote access is required. Remote access can further be hardened by reducing the number of available ports and protocols along with Internet Protocol (IP) addressing that can access it by utilizing network devices and/or firewalls to specific IP addresses and/or ranges.
- Establish Role-Based Access Controls and Implement System Logging. Role-based access control grants or denies access to network resources based on job functions. This limits the ability of individual users, or bad actors, to reach files or parts of the system they should not access. In addition, limiting permissions through role-based access controls can facilitate tracking network intrusions or suspicious activities during an audit. Implementing a logging capability allows for the monitoring of system activity.
- Consider Strong Access Controls, Use Only Strong Passwords, and Change Default Passwords. Two-factor authentication, also known as 2FA, two-step verification or TFA (as an acronym), is an added layer of security that is known as “multi-factor authentication.” This lays the foundation before the use of standard login credentials. Use strong passwords to keep your systems and information secure, and have different passwords for different accounts. Hackers can use readily available software tools to try millions of character combinations to attempt an unauthorized login.
- Maintain Awareness of Vulnerabilities and Implement Necessary Patches and Updates. Applying patches and updates in a timely matter is the most proactive step an organization can take to protect their systems and remediate identified vulnerabilities. Unpatched vulnerabilities are “low-hanging fruit” for cybersecurity thieves. To protect one’s organization from these opportunistic attacks, a system of monitoring for and applying system patches and updates should be implemented.
- Develop and Enforce Policies on Mobile Devices. The proliferation of laptops, tablets, smartphones, and other mobile devices in the workplace presents significant security challenges. The mobile nature of these devices means they are potentially exposed to external, compromised applications and networks and malicious cybersecurity thieves. This is further complicated by the “Bring Your Own Device (BYOD)” phenomenon. Therefore, it is important to develop policies on the reasonable limits of mobile devices in the operational environment and on networks.
- Implement an Employee Cybersecurity Training Program. Human factors play a role in cybersecurity, and employees can potentially serve as a conduit for cyber exploitation. Employees should receive initial and periodic/annual cybersecurity training to help maintain the security of the organization as a whole.
- Involve Executives in Cybersecurity. A cybersecurity plan must involve all levels of an organization, even at the executive level. In some instances, organizational leaders may be unaware of the organization’s cybersecurity threats and needs.
- Implement Measures for Detecting Compromises and Develop a Cybersecurity Incident Response Plan. It is not a matter of “if” an organization will become the victim of a cyberattack but “when.” When a compromise occurs, those that fare the best will be able to quickly detect the issue and have a plan in place to respond. An effective cybersecurity response plan will limit damage, increase the confidence of partners and customers, and reduce recovery time and costs.
It is vital for maritime organizations to protect themselves against cyber exploitation as this issue will only continue to evolve. Having the measures and plans in place is the first step to mitigate cyber risk.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com or stay connected by following us on LinkedIn or @GnostechInc in Twitter.