Patch management is an essential step to both manage and monitor system security compliance in order to prevent outside intrusions to a company’s network, no matter the industry. Companies within the maritime industry must also bear this in mind. In 2015, CyberKeel, a maritime security firm, found that 37 percent of servers on ships running on Microsoft were vulnerable to hacking because they had not been patched. Spot checks were performed on 50 different maritime sites following a newly released Microsoft software patch. They were first tested to see whether the webservers were using Microsoft, and if they were, whether they remained vulnerable. It was surprising to learn that some major container carriers, in addition to important systems at a number of ports, were on the list of vulnerable sites.
CyberKeel’s CEO, Lars Jensen, commented “Complex systems, such as those provided by Microsoft, are often in need of software patching to plug security holes. Companies need their IT departments to be able to quickly install software patches, as the hacker community operates on decidedly short timeframes…”
Simple security measures, such as applying software patches, are not ingrained in the industry. The fact that the maritime industry has become more reliant on digital information and communication systems to operate cannot be ignored, and patching must become an important step in any company’s security compliance program. When it comes to a patching solution, these firms have a specific set of requirements due to the fact that many have globally disbursed assets operating in low bandwidths:
• Reduce current time-consuming, costly and labor-intensive patch/update distribution processes;
• Effectively operate and update systems in a low bandwidth environment;
• Verify patches/software updates do not negatively impact functionality and operational capability of critical systems; and
• Deploy patches/software updates to globally dispersed operational units that have minimal technical support.
While cybersecurity prevention involves integration of technology, people and procedures, software patching is simply something that maritime companies cannot ignore. The stakes are too high for a company to not plug those security holes. Imagine if one of those vulnerable sites the Cyberkeel study found did become susceptible to a cyberattack or authorized remote access after ignoring that Windows patch? An extreme example but the realization is it can happen.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.