MARINE & OFFSHORE CYBER SECURITY
We provide independent assurance and threat led maritime cyber security services to marine and offshore organisations around the globe, leveraging our unique insight created by the combined knowledge of industry-based cyber research and the extensive marine and offshore experience of our parent company, Lloyd’s Register.
The marine and offshore industries are becoming more connected, more dependent on advanced technology and more digitally aware. Most marine and offshore companies are steering their future strategies towards “digital transformation”, but statistics confirm that the threat of unauthorised data access and maritime cyber-attacks is serious and growing – and systems or data hacking can directly impact a company’s ability to control its own critical systems.
Marine and offshore cyber threats are simply the new risk battleground in industries where safety and security has always been paramount.
Request a free quote
The cyber security driven challenges faced by marine and offshore companies today are:
- Reliance on digital communication, automation and interconnected assets: the potential for performance improvements by using live process data as an input to operations is largely uncontested by marine and offshore industries. This, together with the advent of always-on satellite connections, has exposed companies to a number of maritime cyber-attacks, from Maersk to Cosco just to name a few. Many more incidents affecting smaller businesses are likely going unreported.
- National Infrastructures: Malware, cybercrime and data leaks impact all national infrastructures, including transportation and operations at sea. The seas constitute a strategic means of communication and transport of goods, as well as granting access to remote areas and resources. State sponsored attacks aimed at gaining political or economic advantage from the control of activity at sea are a real threat for Marine and Offshore industries.
- Complexity of the ecosystem: Maritime cyber-attacks, either to vessels, sea-based assets or on ports, are peculiar due to the number of stakeholders involved in the operations and in the supply chain. Consequences of these attacks are a serious concern also due to the potential for legal liability caused by vessel delays and subsequent cargo claims.
- Lack of Awareness: Phishing attacks remain the preferred attack method for gaining access to organisations and data, and it is important to ensure Marine and Offshore organisations are effectively protected. Overlooking the human element when it comes to maritime cyber security can totally undermine the acquisition of new technology – and instead introduce risk rather than allow owners to reap the benefits.
Facing this complex cyber threat landscape requires a shift in mindset.
Cyber security is the single largest growing threat to organisations globally, as the expansion of threat surfaces through interconnected technologies and automation significantly increases exposure and risk.
Additionally, the cyber security landscape is rapidly changing; the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances by security professionals and technical defenders. Through a dedicated Research & Innovation team, Nettitude look at how Marine and Offshore organisations can create a scalable security posture based on risk and driven by threat intelligence.
Threat Case Studies
Security Research Review
Marine and Offshore Cyber Briefing
Cruise Ships and Super Yachts
Cyber Risks in Communications Systems
Security Considerations for Remote Access Solutions
Combining Nettitude’s award winning cyber security intelligence and Lloyd’s Register’s 260 years of Marine and Offshore expertise, Nettitude are perfectly placed to act as a trusted partner for Marine and Offshore organisations as they build a robust cyber security strategy. Nettitude provide a complete suite of maritime cyber security services to help clients identify, protect, detect, respond and recover from cyber threats in the Marine and Offshore industries.
We know both the marine and offshore specific operational technology systems that drive performance and the information technology platforms.
We understand the threat landscape and the changing regulations faced by the Marine and Offshore industries and we know how to deliver a cost-effective solution while reducing our clients’ vulnerability to cyber threats.
Our work helps to ensure that marine and offshore organisations’ assets and processes are secure, safe, sustainable and compliant with the applicable regulations.
Nettitude is part of one of the world’s largest and most respected classification societies and can guide you through a non-prescriptive, fully integrated, risk-based approach, assuring the security of cyber-enabled ships from concept to operation.
The following technical guidance has been developed by Nettitude to allow clients to adopt cyber technology safely and securely:
- LR Cyber Security framework (CSF) – defining a best practice cyber framework for the Marine and Offshore industries, aligned to recognised standards.
- LR ShipRight Procedures – defining cyber requirements for a vessel to be in Class both at design/build stages and in operational use.
- Type Approvals – defining requirements for HW and SW components deployed on board a vessel.
Compliance based services
As advised by BIMCO, to successfully defend against attacks, a marine business should understand which events could happen, what the consequences of those events would be, and how they can be detected. This summarises Nettitude’s approach well.
Nettitude provide marine and offshore organisations around the world with security services for managing corporate governance, risk management and compliance with sector specific regulatory requirements like BIMCO, TMSA, IMO, ISM, US Coastguard, UK DfT as well as NIST, ISO and PCI DSS.
We provide these services for applications within all areas including passenger and cruise vessels, LNG, bulk carriers, tankers, mega yachts, military systems and fixed and mobile offshore assets.
From guidance and training to vulnerability and risk assessments, Nettitude can help you develop a cyber security strategy that will work for your business now and in the future.
Given the cost and the reputation risks associated with a cyber-attack, estimated to be £11.7 million (USD15.4 million) per company according to a 2017 World Economic Forum study, there is no doubting the importance of taking a strategic approach to cyber security. After all, a resilient marine or offshore organisation is one that gains intelligence on the evolving cyber threats to inform decisions and plans, beyond compliance.
This is how Nettitude can help:
- Penetration Testing – an in-depth assessment of a system, application, network or environment demonstrating the impact of ‘exploiting’ existing vulnerabilities, including information and operating technologies.
- Vulnerability Scans – to identify lower hanging vulnerabilities and poorly configured systems.
- Risk Assessments (including Threat Modelling) – for the identification and management of cyber risks.
- Crisis Management Simulation – to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor.
- Training – to raise employee awareness and prevent an attack being successful.
Additionally, in many organisations, cyber security risk management has evolved from a periodic, static compliance assessment to a dynamic real‐time continuous monitoring and assessment of IT and OT systems. This is what Nettitude can offer as Managed Security Services.
Effective Cyber Security Strategy
Developing an effective, relevant and pragmatic approach to the threats faced from cyber incidents starts with strategic intent and direction. Ensuring that the risks are understood and that the right operational capabilities and actions are taken is key. Ensuring a governance process that manages changes and provides the right level of assurance is essential. Appropriate coverage of ships, shore, fixed and mobile assets, and 3rd parties as well as future buildings, regulations, and Class and national requirements must be part of this holistic approach.
Nettitude has developed guidance around how to build an effective cyber security strategy and programme and can assist your organisation in implementing this from the board room to the engine room.
Nettitude has a dedicated team of vulnerability researchers focusing on cyber security in marine and offshore. They work with clients and partners to identify security vulnerabilities and they have already identified “zero-day” vulnerabilities in IoT components deployed on board commercial vessels.
This work has uncovered zero days in many products from sat com units to VDRs, from remote management and monitoring solutions to fleet management systems.
Threat Intelligence for IoT and marine technology is an active area of research for Nettitude, with researchers focusing on applied threat models for on-ship systems and floating assets.
Another key area of activity is around optimising the processing of security events from devices deployed on board a vessel for continuous security monitoring.
To find out more about how Nettitude can help you build resilience in your organisation and face the particular threats of the Marine and Offshore industries, please complete our contact form and a consultant will respond to your enquiry.
Why is LR/Nettitude a winning partnership?
LR and Nettitude Synergies
- Deep technical and industry knowledge – Both organisations have shared a history of being deeply technical, experts in their areas and pragmatic in their outlook.
- Dedication to assurance – Both organisations are highly focused on real world assurance, ensuring we make a difference.
- Understanding and empathy – Both organisations operate at the personal, bespoke level to tailor services and solutions to the needs and unique circumstances your business operates in.
- Research led – Both LR and Nettitude are research led in their approach, which means we are always looking to the future. Understanding the future threats, technology and needs defines the guidance and help that can be provided now.
- Industry leaders and innovators – Both organisations have driven forward their domains through industry leadership, research, knowledge sharing and a desire to be doing the right thing for everyone.
Benefits of the LR/Nettitude partnership
How can this help you?
- Access to highly experienced, proven and capable cyber security services applied to many diverse sectors, industries and geographies.
- 180+ focused cyber security consultants, experts, analysts and researchers.
- Wealth of experience and background across diverse sectors, mature to immature, CNI to start up, hospitality to global enterprises.
- In depth knowledge of global cyber standards, regulations and frameworks.
- Proven innovation within sectors around risk management, threat intelligence, governance and strategic frameworks, detection and response abilities and penetration testing.
- Understand the holistic cyber threat landscape and how to protect, monitor and govern the risks. Not just vessel security risks but shore, third party, cloud and people-focused risks.
- In depth experience of cyber needs and requirements. This brings the one key area of knowledge to LR customers that, combined with their business and operational knowledge, creates a unique partnership.
Working hard together
- Marine and offshore knowledge – Since becoming a Lloyd’s Register company, Nettitude has invested resources into cyber research for marine and offshore industries, which together with Lloyd’s Register’s extensive experience in these industries, brings a unique and competitive advantage in marine and offshore cyber knowledge.
- Acquisition and integration risk awareness -The acquisition integration approach with Lloyd’s Register has been light touch to ensure our capabilities and brand have been retained. Further investment has, and will continue to be, focused on threat led research in Marine and Offshore, development of new technologies and services (including cyber class standards, type approvals and cyber maturing frameworks), training and geographic growth.
- Maintaining independence – Both organisations are committed to delivering the highest standards and best outcomes for all. Testing and assurance activities will help inform in a collaborative manner to ensure any identified issues can be managed effectively and quickly.