Back in the olden days of sailing, a ship’s complement of crew struck a balance between keeping the rigging functional and manning the watches. According to Naval records, the USS CONSTITUTION was manned by about 451 men and boys during the War of 1812. The Padua (later known as Kruzenshtern) was a circa 1926 barque with a crew of 257 men. Today, however, an enormous 1000-foot liquefied natural gas (LNG) carrier with a 22-person crew and 500-foot bulk carrier with a 27-person crew is now the norm. This is a result of automation and machinery to replace manning.
When the weather turned bad or an emergency arose for those olden sailors, a cry of all-hands on deck meant hundreds of men coming together for a mutual goal. With a crew of less than 30 men, a modern ship is heavily reliant on machinery and industrial control systems (ICS) run by computer systems. With such a reliance on machinery for a ship’s survival at sea, preventative maintenance must be taken very seriously. In other words, there will be no “gun decking” on this watch!
Unfortunately, maritime organizations often fall short when it comes to maintaining the computers they rely on to manage and run these essential systems. In general, 42% of companies ignore critical security issues when they do not know how to fix them or have the time to address them. In the cyber world, we call preventative maintenance patch management. Simply maintaining the updates and patches of these computer systems and software can make the difference between loss of an essential system or not. The important fact is 99% of all security breaches are from known vulnerabilities and 90% of these breaches have available patches. Most cyber adversaries seek out that unpatched system with a known vulnerability, so they can ultimately disrupt operations. Imagine this scenario: The engines that you believe are running at optimum performance are in fact running dangerously over limits in real time due to a cyberattack. What if you had a loss of automation for steerage? How many people would it take to manually control your course? Now multiply this by all the things that could go wrong if any onboard system becomes compromised. Chances are all-hands on deck would not be enough.
The threat is real, and the results could be devastating. Of course, patching your systems is not a guarantee that you won’t be attacked, but it reduces the risk substantially. Most hackers look for an easy target, and the maritime industry is among them. A continuous patch management solution reduces those opportunities and improves your chances of being ignored or passed over as a potential target. The National Institute of Standards and Technology (NIST) recommends organizations use automated patch management tools to expedite the distribution of patches to systems.
In the Maritime industry, patch management poses a unique challenge. With shipboard systems bandwidth, limited skilled personnel, and remote locations, patch management is often neglected. Gnostech’s VulnX solution addresses these unique maritime challenges, providing patch management and continuous monitoring of cyber enabled systems. Addressing patch management is becoming increasingly important as the IMO is requiring shipowners to address cyber risks in safety management systems by January 1, 2021.
Implementing an automated patch management solution is your best defense against cyber threats. With the limited resources available to ships at sea, VulnX is ready to meet the challenge.