Ransomware / Security hole

Cyber security in shipping – BSI warns!

Cyber security in shipping – BSI warns!

Digitization affects almost all industries. This includes the entire shipping and logistics industry that goes hand in hand with it. A large and costly example of this is the ransomware wave from 2017, when cyber security was affected by the malware “NotPetya” from many logistics companies and shipping lines in the shipping industry, and lost many millions as a result. Now the German Federal Office for Information Security has published a guide on how to improve IT security in this industry.

Large attack point for hackers

Increasing digitalization and the associated networking provides more points of attack for hackers. In areas where digitization has been or is being implemented quickly, security gaps are often found due to misconfiguration, or other errors that have occurred in the fast. Cyber security in the shipping industry is now a hot topic since the BSI has published a recommendation.

Ships can be such areas, because networked systems that are not sufficiently protected are vulnerable to conscious or unconscious attacks. Even members of the ship’s crew can unconsciously take malware on board by infecting a private device beforehand and then dialing into the ship’s network.

Rules contained in the BSI guidelines have been incorporated into the already existing code of the Federal Ministry of Transport and Digital Infrastructure. The ISM Code this Federal Ministry is an international set of rules and regulations which defines measures for safe ship operation in a binding way.

For a first introduction, the Federal Maritime and Hydrographic Agency (BSH), which works closely with the BSI on this point, recommends that the compendium for the basic IT protection of the authority be applied. Subsequently, the instructions of ISPS should be followed.

Cyber security – A lot to do for the shipping industry

In view of the importance of shipping for world trade as a whole, the BSI President urges that resolute action be taken. In Germany, too, shipping is “an important component of passenger and freight transport”. Both in the port and in open waters there is a great need to catch up in the area of IT security.

In order to prevent major damage caused, for example, by ransom goods, the federal ministries mentioned here all recommend that individual companies in the shipping industry act quickly and consistently.

A concrete measure that has been formulated is that the captain must be able to recognize deficiencies or weaknesses in his own networked system. For various weak points, suitable defense plans should be implemented and the incident should be reported to a responsible person as quickly as possible so that greater damage can be prevented.

It will still take some time until these guidelines can be fully implemented and cyber security in shipping has improved, but the past has already shown how hard a cyber attack can hit the shipping industry!

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.