Secure newly implemented remote working practices
Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.
Organisations should consider:
- Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
- Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
- Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).
Ensure the continuity of critical security functions
With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.
Considerations in this respect include:
- (Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
- (Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
- Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
- Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.
Counter opportunistic threats that may be looking to take advantage of the situation
In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:
- Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
- Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
- Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
- Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.