The International Chamber of Shipping released updated “Guidelines on Cyber Security Onboard Ships”. These guidelines seek to assist companies in developing stronger cybersecurity approaches to combat some of the industry’s largest risks, such as poorly protected network control systems. This latest revision follows growing industry-wide cybersecurity awareness as major operational vulnerabilities are exposed.
One of the case studies highlighted within the report reveals the risks ships run in allowing third-party access to poorly protected industrial control systems. As the report details, in a case where a service technician was brought on board for a software installation, the technician introduced a worm into the ship’s server through a malware-infected USB device. Although the worm remained dormant, once the ship was connected to the internet, the worm could have activated itself with severe repercussions to system memory, data collection, and remote operations.
The ICS’ revised guidelines list of common vulnerabilities includes shared accounts and passwords, poor network segmentation, and inadequate third-party access controls. These cybersecurity weaknesses expose ships to a variety of threats ranging from breaches of valuable cargo data, operational safety compromises, and attacks on navigational control systems. The work Xage has done to protect industrial systems addresses a majority of these common vulnerabilities, allowing companies to take the necessary step toward implementing new cybersecurity standards.
As highlighted by the ICS, maritime shipping operations are often plagued by segmented operational networks, where equipment from multiple vendors often requires separate methods for access control, account management, and network capabilities. Managing access proves a major challenge for not only the ship’s operators, but also for third-party contractors and vendors that are required to access their systems on the ship.
Using Xage’s blockchain-protected Security Fabric, ships no longer have to share network access with third-parties, nor maintain shared accounts and passwords. Instead, the Fabric enables role-based access controls across the entire operation, regardless of the type of system or equipment used. Xage ensures that access control is based on the managed identity of the user through multi-factor authentication, and establishes these boundaries through a decentralized system that does not introduce further complexity to operational networks. Key operational systems are therefore protected from external actors. Every interaction must be explicitly recorded and authorized to a specific location, role, and function before allowed through.