MARINE & OFFSHORE CYBERSECURITY

We provide independent assurance and threat led maritime cybersecurity services to marine and offshore organizations around the globe, leveraging our unique insight created by the combined knowledge of industry-based cyber research and the extensive marine and offshore experience of our parent company, Lloyd’s Register.

The marine and offshore industries are becoming more connected, more dependent on advanced technology and more digitally aware. Most marine and offshore companies are steering their future strategies towards “digital transformation”, but statistics confirm that the threat of unauthorized data access and maritime cyber-attacks is serious and growing – and systems or data hacking can directly impact a company’s ability to control its critical systems.

Marine and offshore cyber threats are simply the new risk battleground in industries where safety and security have always been paramount.

Why do Marine and Offshore Organisations Need to Pay Attention to Cybersecurity?

Today’s Marine and Offshore companies are facing a range of cybersecurity-driven challenges. These include:

  • Reliance on digital communication, automation and interconnected technologies. This leaves infrastructure vulnerable to cyberattack.
  • Complexity of the M+O ecosystem. Multiple stakeholders, industry bodies, administrations and regulators at an international, national and sector-specific level add additional challenges around compliance with cybersecurity best practices.
  • Potential for legal liability around vessel delays and subsequent cargo, supplier or passenger claims. M+O companies must ensure that cybersecurity processes do not impede them in meeting strict timelines.
  • A lack of industry awareness around cyberthreats. A lack of awareness and staff training remains an issue in the M+O industries, making them susceptible to targeted phishing attacks. These attacks are increasingly being seen in the sector.

Facing this complex cyber threat landscape requires a shift in mindset.

 

Threat Led Approach

Cybersecurity is the single largest growing threat to organizations globally, as the expansion of threat surfaces through interconnected technologies and automation significantly increases exposure and risk.

Additionally, the cybersecurity landscape is rapidly changing; the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances by security professionals and technical defenders. Through a dedicated Research & Innovation team, Nettitude look at how Marine and Offshore organizations can create a scalable cybersecurity strategy.

Threat Briefings

 

Cyber Security Concerns in Key Ships Systems

8 Cyber Threats facing the Marine and Offshore Sector

Cyber Impacts for Cruise Ships and Super Yachts

GPS Cybersecurity Threats and Impacts

Security Considerations for Remote Access Solutions on-board Ships

How targeted Phishing Emails are Impacting the Shipping Sector

Cyber Risks in Ships Communications Systems

Why Nettitude?

Combining Nettitude’s award-winning cybersecurity intelligence and Lloyd’s Register’s 260 years of Marine and Offshore expertise, Nettitude is perfectly placed to act as a trusted partner for Marine and Offshore organizations as they build a robust cybersecurity strategy. Nettitude provide a complete suite of maritime cybersecurity services to help clients identify, protect, detect, respond and recover from cyber threats in the Marine and Offshore industries.

We know both the marine and offshore specific operational technology systems that drive performance and the information technology platforms.

We understand the threat landscape and the changing regulations faced by the Marine and Offshore industries and we know how to deliver a cost-effective solution while reducing our clients’ vulnerability to cyber threats.

Our work helps to ensure that marine and offshore organizations’ assets and processes are secure, safe, sustainable and compliant with the applicable regulations.

 

IMO Resolution on Cyber Security (Operational level)

The International Maritime Organization (IMO) in 2017 released a resolution and guidance around cyber risks.

  • 1. Resolution (Mandatory) Maritime Cyber Risk Management in Safety Management System (Resolution MSC.428(98))
  • 2. Guidelines (Recommended) on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3)

The Maritime Safety Committee adopted the resolution MSC.428(98) (Maritime Cyber Risk Management in Safety Management Systems) in June 2017. This resolution:

  •  AFFIRMS that an approved safety management system should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code, and,
  •  ENCOURAGES administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance (DOC) after 1 January 2021.

The ISM Code covers many areas that are impacted by cyber capabilities such as roles & responsibility, risk assessments and management, training, awareness and the implementation of relevant procedures to ensure cyber safety is maintained.

Nettitude’s consultants have extensive experience across all areas of cyber security including IT/OT architecture, cyber event preparation, technical security controls, assurance/penetration testing.

Nettitude can assist ship operators to be best prepared for the DOC and SMC audits that will be required post January 2021.

Nettitude also work closely with ship owners to ensure that operators are preparing at the right pace and priority and with shipyards and marine technology vendors (IT and OT) to ensure that new vessels are built with cyber security considerations included from the outset in the designs, build and commissioning.

Cybersecurity For Marine & Offshore

LR and Nettitude have developed a comprehensive suite of products and services for the marine and offshore market. These are not just designed for Class or for the IMO/ISM Code resolution, but also for organisations to consider holistically the impact and remediation/detection capabilities needed for their whole company, suppliers and cloud services.

Where To Start – The Cyber Journey

Where do I start? Cyber can very quickly descend into technical language and conversations that are hard to relate back to the business. Impacts and threats can be imagined or blow out of proportion. However, it’s important to do something and the best starting point is to understand the risk – the real risk – your organisation is facing.

The diagram below shows how you can start with a simply risk assessment that can be used to progress to more strategic plans and capabilities.

Class services

Nettitude is part of one of the world’s largest and most respected classification societies and can guide you through a non-prescriptive, fully integrated, risk-based approach, assuring the security of cyber-enabled ships from concept to operation.

The following technical guidance has been developed by Nettitude to allow clients to adopt cyber technology safely and securely:

LR Cybersecurity Framework (CSF) – defining a best practice cyber framework for the Marine and Offshore industries, aligned to recognised standards.
LR ShipRight Procedures – defining cyber requirements for a vessel to be in Class both at design/build stages and in operational use.
Type Approvals – defining requirements for HW and SW components deployed onboard a vessel.

Compliance-Based Services

As well as preparing for the IMO operational requirements to be met through the ISM Code and implemented Safety management System, Nettitude also help organisation adopt best practice industry standards.

As advised by BIMCO, to successfully defend against attacks, a marine business should understand which events could happen, what the consequences of those events would be, and how they can be detected. This summarises Nettitude’s approach well.

Nettitude provides marine and offshore organizations around the world with security services for managing corporate governance, risk management and compliance with sector-specific regulatory requirements like BIMCO, TMSA, IMO, IACS, US Coastguard, UK DfT as well as NIST, ISO and PCI DSS.

We provide these services for applications within all areas including passenger and cruise vessels, LNG, bulk carriers, tankers, mega yachts, military systems and fixed and mobile offshore assets.

 

Professional Services

From guidance and training to vulnerability and risk assessments, Nettitude can help you develop a cybersecurity strategy that will work for your business now and in the future.

Given the cost and the reputation risks associated with a cyber-attack, estimated to be £11.7 million (USD15.4 million) per company according to a 2017 World Economic Forum study, there is no doubting the importance of taking a strategic approach to cybersecurity. After all, a resilient marine or offshore organization is one that gains intelligence on the evolving cyber threats to inform decisions and plans, beyond compliance.

This is how Nettitude can help:

  • Penetration Testing – an in-depth assessment of a system, application, network or environment, demonstrating the impact of ‘exploiting’ existing vulnerabilities, including information and operating technologies.
  • Vulnerability Scans – to identify lower hanging vulnerabilities and poorly configured systems.
  • Risk Assessments (including Threat Modelling) – for the identification and management of cyber risks.
  • Crisis Management Simulation – to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor.
  • Crisis Management Simulation – to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor.
  • Training – to raise employee awareness and prevent an attack from being successful.
  • Additionally, in many organisations, cybersecurity risk management has evolved from a periodic, static compliance assessment to a dynamic real‐time continuous monitoring and assessment of IT and OT systems. This is what Nettitude can offer as Managed Security Services.

Effective Cybersecurity Strategy At The Organisational Level

Developing an effective, relevant and pragmatic approach to the threats faced from cyber incidents starts with strategic intent and direction. Ensuring that the risks are understood and that the right operational capabilities and actions are taken is key. Ensuring a governance process that manages changes and provides the right level of assurance is essential. Appropriate coverage of ships, shore, fixed and mobile assets, and 3rd parties as well as future buildings, regulations, and Class and national requirements must be part of this holistic approach.

Nettitude has developed guidance on how to build an effective cybersecurity strategy and program and can assist your organization in implementing this from the board room to the engine room.

Research Activity

Nettitude has a dedicated team of vulnerability researchers focusing on cybersecurity in marine and offshore. They work with clients and partners to identify security vulnerabilities and they have already identified “zero-day” vulnerabilities in IoT components deployed onboard commercial vessels.

This work has uncovered zero days in many products from sat com units to VDRs, from remote management and monitoring solutions to fleet management systems.

Threat Intelligence for IoT and marine technology is an active area of research for Nettitude, with researchers focusing on applied threat models for on-ship systems and floating assets.

Another key area of activity is around optimizing the processing of security events from devices deployed on board a vessel for continuous security monitoring.

To find out more about how Nettitude can help you build resilience in your organization and face the particular threats of the Marine and Offshore industries, please complete our contact form and a consultant will respond to your inquiry.

Why is LR/Nettitude a winning partnership?

LR and Nettitude Synergies

Deep technical and industry knowledge – Both organisations have shared a history of being deeply technical, experts in their areas and pragmatic in their outlook.

Dedication to assurance – Both organisations are highly focused on real-world assurance, ensuring we make a difference.

Understanding and empathy – Both organisations operate at the personal, bespoke level to tailor services and solutions to the needs and unique circumstances your business operates in.

Research led – Both LR and Nettitude are research-led in their approach, which means we are always looking to the future. Understanding future threats, technology and needs defines the guidance and help that can be provided now.

Industry leaders and innovators – Both organisations have driven forward their domains through industry leadership, research, knowledge sharing and a desire to be doing the right thing for everyone.

Benefits of the LR/Nettitude partnership

How can this help you?

  • Access to highly experienced, proven and capable cybersecurity services applied to many diverse sectors, industries and geographies.
  • 180+ focused cybersecurity consultants, experts, analysts and researchers.
  • Wealth of experience and background across diverse sectors, mature to immature, CNI to start up, hospitality to global enterprises.
  • In-depth knowledge of global cyber standards, regulations and frameworks.
  • Proven innovation within sectors around risk management, threat intelligence, governance and strategic frameworks, detection and response  abilities and penetration testing.
  • Understand the holistic cyber threat landscape and how to protect, monitor and govern the risks. Not just vessel security risks but shore, third  party, cloud and people-focused risks.
  • In-depth experience of cyber needs and requirements. This brings the one key area of knowledge to LR customers that, combined with their business and operational knowledge, creates a unique partnership.
     

Ensuring success

Marine and offshore knowledge – Since becoming a Lloyd’s Register company, Nettitude has invested resources into cyber research for marine and offshore industries, which together with Lloyd’s Register’s extensive experience in these industries, brings a unique and competitive advantage in marine and offshore cyber knowledge.

Acquisition and integration risk awareness – The acquisition integration approach with Lloyd’s Register has been light touch to ensure our capabilities and brand have been retained. Further investment has, and will continue to be, focused on threat led research in Marine and Offshore, development of new technologies and services (including cyber class standards, type approvals and cyber maturing frameworks), training and geographic growth.

Maintaining independence – Both organisations are committed to delivering the highest standards and best outcomes for all. Testing and assurance activities will help inform in a collaborative manner to ensure any identified issues can be managed effectively and quickly.