Another global cyberattack has plagued a myriad of countries, industries, and individuals. The maritime industry was very much impacted by the Petya ransomware attack, and its most public victim was Maersk. How did this happen? Petya specifically exploited vulnerabilities within unpatched systems and networks.
In the maritime industry, cybersecurity is growing challenge as shore- and ship-based activities are continuously realizing the added benefit of integrated networks and digitalization. With these additions, however, comes the addition of vulnerabilities and threats. Approaches to address these challenges must be implemented to minimize any impediment to critical maritime operations. One of the most proactive steps a company can take to reduce exploitation from cyber threats is to patch published vulnerabilities in software and systems in a correct and timely matter. Maritime organizations must realize that software maintenance has a cybersecurity aspect. Standards for software maintenance to protect shipboard networks and equipment should be implemented, according to BIMCO’s second edition of “The Guidelines on Cyber Security Onboard Ships.”
Like other equipment and systems found within the maritime industry, information systems require routine upkeep to keep vulnerabilities at bay. Only through the routine maintenance can you be sure that they will not be exploited. Application software security, or patching, is an integral part of this. Patching is the process and upkeep of adding software code to eliminate a vulnerability and ensure the integrity of data residing on an IT/OT system. However, patch management can be an arduous process. Vulnerabilities and fixes must be identified, analyzed, and tested before patches can be deployed and implemented. This important, yet often under prioritized work, can often be very time consuming, impacting time and the cost associated with labor, facilities, and equipment. There is also an added layer of complexity within the maritime industry, specifically its operational environment with critical systems and globally dispersed assets in often low bandwidth areas. How can organizations ensure that operations are not disrupted during an update or patches have been properly deployed?
Maritime organizations would greatly benefit automated patch management solutions. Gnostech’s VulnX is designed specifically to address cyber challenges in the industry’s operational environment:
- Automated, cloud-based solution that deploys published patches and remediates software and system vulnerabilities
- Secures systems against cyberattacks without interference to mission critical operations
- Applies select patches and upgrades to specific across assets and facilities
- Allows you to easily review and assess your organization’s security posture and compliance levels
- Customizable solution to meet specific organizational needs and requirements
- Designed for use in the maritime industry and environment
The maritime industry must manage cyber risk in the operational environment. It is not a matter of if you will be hacked, but when. It took days for Maersk to return to normal business operations and the financial impacts from Petya are still unknown. Many maritime organizations cannot tackle this growing issue alone and need a trusted service partner, like Gnostech, to help implement automated solutions and other needed cybersecurity engineering services. Using such a consultant allows organizations to mitigate risk while reaping the benefits of improved operations.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.