Bridge Watch: attack vectors and maritime cyber security

In this episode of Bridge Watch with CEO Dryad Global Corey Ranslem, he talks about the best way to reduce attack vectors and implement a robust maritime cyber security process.

Time and time again gaps in cyber security are exploited by criminals. There are a number of measures that ship operators and yacht management companies can take to reduce the risk of cyber attack.

Let's break it down into 3 areas:

1. Personnel. The biggest gap that criminals can exploit via cyber crime is weaknesses around personnel. Make sure that your crew and land-based staff are thoroughly trained and aware of cyber security best practices. We see cyber attacks occur time and time again as a result of poor crew training. Make sure that if you're developing a crew training programme either internally or through an outside agency that your cyber security training is thorough and understood by all. Your staff provide the critical link between land and sea operations, but their cyber security training is often overlooked. Dryad Global will have more information about our training courses and support resources very soon.

2. Misconfiguration of equipment. The misconfiguration of network and supporting equipment can leave a business open to cyber attack. Ensure that network equipment, firewalls, routers, switches, modems are all securely configured. Frequently Dryad Global's team will interrogate how a clients' network is set up. Many of them have multiple networks, which we recommend, but it is imperative to ensure configuration is correct otherwise this can leave networks open to penetration. The misconfiguration of equipment or failure to update networks can lead to vulnerabilities and attack vectors.

3. Third party risk. These days we are so interconnected with customers, suppliers, IT, devices and partners that some of the biggest risks faced by companies can come from third party suppliers.

What can you do to make sure they’re secure?

- limited access into and out of systems

- consider whether they really need access

- complete a CIA triad self-assessment to benchmark where third parties are from a cyber security perspective

- don’t give third parties access to your critical cyber security systems unless they absolutely need it. Open and close that window as needed to reduce attack vectors. We’ve seen in the maritime industry some of the biggest attacks on infrastructure come from this party providers.

Remember to subscribe to our YouTube channel to recieve our weekly blog.