Cyber security for shipping needs unique approach
Specialist cyber-security product manufacturer LightCyber has told IHS Maritime that shipping needs a new approach to cyber security.
LightCybers' technology provides "visibility into security incidents and cyber breaches by monitoring and profiling user behaviour, and accurately detecting suspicious behaviour". The company said it was experiencing significant demand for its assistance from the shipping industry.
Speaking to IHS Maritime, LightCyber's chief product officer Giora Engel said, "In the shipping sector, network security has become nearly as important as physical security, and we are seeing significant demand in the form of customers from that industry."
Engel, who served as an officer in an "elite technological unit" in the Israel Defense Forces for nearly a decade, initiating and managing "interdisciplinary high-risk projects", said that the risk to shipping companies was unique and potentially much larger than in other industrial sectors, when the potential for goods theft and redirection of ships added to the risk of data breaches.
"From protecting confidential business data to safeguarding operations and logistics, shipping companies need to adopt the new breed of security visibility and threat detection," he said.
Both the ship's and company's on-shore systems need protecting because a ship's system is not entirely separate from the shipping company's on-shore logistics and process management systems, said Engel, as "there is typically some flow between the central control and the ship".
The focus should be on protecting the "corporate network including the logistics and operational systems" and the centre's communications with the ship, Engel said, as the corporate network is "the weakest link and for attackers it is typically the starting point".
Engel is also of the view that companies need to install automated systems to help their security officers to spot system breaches, which are often noticed too late.
"The biggest gap [in cyber security] is detecting [the breach] on time. Therefore, attackers typically spend a year or more inside the company's network stealing data and creating significant damage before they are exposed," Engel explained.
A widely reported breach at the Port of Antwerp last year is a good example. Police officers uncovered a drug-smuggling operation enabled by computer hackers accessing the port's computer systems, two years after it had started.
"There is a huge gap today in the ability to detect a breach once the attacker bypasses the perimeter. Companies really need systems that will assist their team to get the necessary visibility into the important events and investigate them on time," said Engel.
In a recent article, he explained that an automated system "can reduce the number of events" that a security officer or team has to sift through from "hundreds or thousands of alerts per day to just a fraction of that". It does this through "focusing on the right events".
He concedes that very large organisations might have sufficient resources to employ programmers and data scientists to develop the logic required, but for smaller organisations "there are some commercial products now available that perform this type of automated breach detection out of the box."
Source: www.ihsmaritime360.com; Girija Shettar