author photo
By Clare O’Gara
Thu | Jul 11, 2019 | 6:40 AM PDT

We're gonna need a bigger boat.

Or at least better cybersecurity practices for it.

From cruise ships to cargo vessels, these giants of the sea are turning into floating computer networks.

The United States Coast Guard just released a Marine Safety Alert about managing cybersecurity aboard commercial vessels:

"With engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery.

It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures."

The report was brought on by a cyber incident on a freighter in February 2019. While the essential control systems weren't impacted by the attack, the Coast Guard wants other shipping and cruise line companies to take action: 

"Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st century maritime environment.

The Coast Guard therefore strongly encourages all vessel and facility owners and operators to conduct cybersecurity assessments to better understand the extent of their cyber vulnerabilities."

Specific maritime cybersecurity measures

The U.S. Coast Guard recommended implementing the following measures:

  • Implement network segmentation.
  • Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary.
  • Be wary of external media.
  • Install anti-virus software.
  • Keep software updated.

From the sound of it, your cruise ship needs more than a zip-line. It may also need zippier cybersecurity.

You can read the complete Marine Safety Report here.

[RELATED: The Shipping Company that Re-Installed Software on 45,000 Machines After a Cyber Attack]

Comments