A comprehensive new report by a group of Norway’s leading shipping and cyber security organizations has found that all types of ships and maritime infrastructure are now highly vulnerable to criminal cyber attacks.
In an open letter written to the entire maritime sector by the Norwegian National Cyber Security Centre (NCSC), Norwegian Maritime Authority, and Norwegian Shipowners’ Association have set out their latest findings and advice.
They warn that ship owners operating in MARSEC level two areas or higher should be particularly aware of the situation.
In the current cyber climate, they recommend the following measures:
To ship owners and companies with infrastructure on ships:
- Segmentation of the network. There should not be a physical connection between administrative and operative parts of the network.
- Log activity on all endpoints and in the network. NSM NCSC recommends keeping logs for at least 6 months.
- Use encrypted communication where it is possible, also between ships and land- based infrastructure. Manipulation of communication can easily be done if it is not encrypted.
- Restrict access to information and systems to people that require it due to their position and role. Restriction of access will in most cases limit the consequences after an incident.
Be aware of, and be critical to, emails with links or attachments:
- If there are any doubts whether an attachment or a link is safe to open – make an assessment if opening it is necessary. Report suspicious emails or messages that relate to the company to your employer.
- Be careful with documents that suggest enabling macros in Word, Excel or PowerPoint.
In social media:
- Suspicious messages received through social media should be reported to the employer if they can be connected to your employment or the company in general.
- Establish and maintain contact only with people whose identity can be verified.
- Be critical to messages with links and attachments in social media.
- Expect that everyone can see all information shared on social media about work and
In your private life:
- Do not publish work-related information without consent from your employer.
- Do not publish information about other individuals without their consent.
- Enable available security settings in products and applications.
- Do not reuse the same password across services.
Cyber criminals, the organizations say, are known to attack marine assets using LinkedIn to deliver malware attachments. LinkedIn is a favoured platform for criminals because it’s an easy way to map key personnel within a company.
Another technique is to use emails that pretend to be from a person and company already known to the recipient, with attachments that look like ordinary invoices.
If the attachments are opened, malware is able to invade a ship’s computer.
It is recommended that all maritime users install the latest security updates and versions for programs and operating systems to keep themselves as secure as possible.
The full report can be found at: https://www.sdir.no/en/news/news-from-the-nma/cyber-risk-in-the-martime-sector/