Stefan Leipold CEO of STARK ProSysCo.biz and Leipold.com, international Cyber-Security speaker since 2003.
Starting January 2021, the International Maritime Organization (IMO) requires vessels to be cybersecurity compliant in international waters and everywhere they go in the world. Flag states will ultimately be in charge of putting in place regulations for their country or flag state and will be enforcing those regulations on their inspections of the vessels. This opens up new business opportunities globally for cybersecurity companies to cooperate with known providers in the marine industry and provide their combined services to existing clients and new customers by adding a cybersecurity plan to the existing International Safety Management (ISM) plan, a regulation that applies to every vessel that has a current, active and approved ISM through their flag state.
Most vessel manufacturers build vessels such as tankers or luxury yachts based on client demands, and from my observations, most of the time there is little or no focus on cybersecurity implementation. These vessels can often be secured by a $50 wireless home router. Once a yacht, for example, is in the marina, the owners and personnel connect to the marina’s Wi-Fi, which oftentimes is not secured and open to everybody. Individuals with deep cybersecurity knowledge are able to intercept traffic or even infiltrate computers connected to the Wi-Fi network and gain access to sensitive data. In the worst-case scenario, they could execute a man-in-the-middle attack or crypto-locker ransomware and hold important sensitive data hostage for ransom.
Port cities like Los Angeles, Miami, Fort Lauderdale or New York have an existing infrastructure to support the daily maintenance of all kinds of vessels. Companies like IMSA provide already managed services for the marine industry. Local or global cybersecurity specialists or IT consultants can be a part of the next step toward making vessels IMO 2021-certified by offering the right services and hardware and software solutions for the upcoming demand in this industry. We all use our mobile devices and laptops in our daily business not really knowing what is happening in the background of these devices, if the Wi-Fi we are connecting to is secured or if we are subject to vulnerabilities and exploits. It’s not only necessary and mandatory to provide services in securing physical equipment and software of the vessel, but it’s also even more important to educate the individual on how to utilize technology in a safe way and how not to unintentionally create a blueprint of the environment and open up an entire network to vulnerabilities while opening an infected email attachment or website.
As mentioned in my previous article, you can’t put a firewall or antivirus in a person’s head, but we can offer professional IT solutions and the mandatory training for staff on a recurring basis. Provide an alert system that is monitoring the IT infrastructure’s health status, creating restrictions, accessing rules and segregating networks for active and passive use. This will be an ongoing business model for this new IMO requirement.
Oftentimes I hear the same statements over and over, all across the world: “I have nothing to hide, why would somebody hack me?” The chain of security is only as strong as its weakest link, meaning having one outdated or end-of-life operation system can compromise an entire organization’s or vessel’s cybersecurity while exploits are not being patched and updated. The same applies to outdated firmware on Wi-Fi routers which are the access into a network and a potential high-risk factor of the chain of security.
Now is the time for IT cooperations in port and marina locations to expand and collaborate into this new territory and generate new business and business models.