Hello there...
The dawn of the 21st century witnessed the introduction of new IT wonders and from there the human world hasn't turned its back. Every industry has seen the increased efficiency after the addition of IT factor. The Maritime industry witnessed a digital revolution changing its entire form and making it more reliable after the digital revolution. The Digitalization of the world has pushed us in an entirely new era. An era where data is of the utmost importance and value.
Operating in a digital dimension has its own pros and cons. With ever-increasing digitization, the cyber attacks and world's vulnerability towards it, is also increasing hand in hand. Cybersecurity is currently one of the most discussed topic in the world. This time around, we are going to learn about the same.
CYBERSECURITY: WHAT & WHY
Cybersecurity can be understood easily as the entity protecting the entire corporate ecosystem from the outside world, given the excessive dependence of the corporate world is on the data and its management. Cybersecurity essentially checks the blocking and theft of any sensitive data which has the potential to strategically affect the business and performance of the company or organization.
In March 2021, The Italian Society for Cyber Security published the Clusit 2021 report, affirming the fact that 2020 was the worst year ever, in terms of the cyber attacks and most affected industry was the healthcare industry. The cyber attacks have increased by 12% when compared with the Clusit report 2020 encompassing the cyber attacks of 2019.
In nearly all the Clusit reports published over a period of 5 years by the Italian Society for Cyber Security, it has been observed that 80-90% of the accidents in the cybersecurity have a little contribution of human negligence. For instance let us take the example of Petya or NotPetya virus which struck the shipping giant Moller-Maersk and shook the whole maritime fraternity. The virus took computer systems as hostages to ransom money from the company. It has also attacked the companies like Saint Gobain, American Pharmaceutical company Merek sharp and Dome and Chernobyl Nuclear power plant in Ukraine.
|
Symbol of Petya Virus Source: Wikipedia |
This shows that there is a utmost requirement that the industry professionals and the employees must be aware of such attacks and how to cope up with them.
BASICS OF CYBER-SECURITY:
Before marching into the topic of cyber security, it is necessary for us to be well aware of the social engineering which is essentially the study of the psychological techniques of Human behavior. Using the ideas extracted from this social engineering, attackers attack and steal information through different possible methods.
There are a number of methods used for attacking any company or its employees. Some of them vastly used are mentioned here:
1. PHISHING
Phishing involves convincing people to provide sensitive information on the internet. Phishing social engineering the attackers exploit the people on there aspect of trust and Helping Nature and receive them for or extremely sensitive information like passwords and transaction information.
The activity is mainly done through emails and malware programs. An attachment sent through a mail can inject ransomware comma Malware and Trojan software air is a computer device so as to infect and does retrieved information. Whereas sometimes coma infectious links can also be sent by the scammers Who are disguised as company. Most of the times they are disguised as fake banks and merchandise websites.
2. SPEAR PHISHING
Spearfishing on the other hand is more organized. In this case attackers attack on specific target and gain access to the sensitive information about any organization, its intelligence, investor information and other significant data that can either be sold or be used to harm the business.
Spear phishing attackers mostly attack the mobile devices as these devices are more prone to 'clicking links and subscribing to things' ideology. After clicking the link and some password typing, a profile of the attacker is made on the device which gets access to all applications and personal information which can then be sent to the attacker.
3. WHALING
Really is quite similar to phishing and Spear phishing. Here the attackers attack on the high profile personal in the company to retrieve sensitive information and sometimes ransom as well.
4. SNIFFING
Sniffing is acquiring the data illegally while its transit from the sender to the receiver. The act of sniffing does not harms any computer system but it transfers the data which can be sensitive to the darker you can use it to harm the business of the company.
5. SPOOFING
Spoofing can be termed as cheat for theft. Cheating is a kind of activity which is as old as the human existence. In the act of spoofing a person claims to be an employee of a company but he or she is not. Similar can be in the case of website for applications as well. Any application or website can claim to be the official application or website for any mi company but in case of spoofing the application or website is a trap for the less aware people.
Spoofing can be done in following ways:
- Email Spoofing
- DNS Spoofing
- IP Spoofing
- DDoS Spoofing
- ARS Spoofing
ANALYSIS & MITIGATION
The mitigation of the cyber attacks is the proper education and implementation of Risk management program in the respective industry. A proper Risk management system determines the policies as rules and regulations to be followed so as to mitigate the risk of cyber attacks.
A Risk management program is calculated using 3 factors namely Threat, Vulnerability and Impact.
Threat is a potential cause of accident. It may include flood, fire, human unawareness and breakdown of the computer system. Whereas vulnerability encompasses the weakness of the management system. And the impact factor determines the actual damage caused in the cyber attack.
A cyber attack is usually done with an ambition which may include:
- To hamper the reputation and stature of the organization
- To use resources of organization
- To show off the hacking and attack skills
- Automated random attack through worm and viruses.
An attack simply affects the entire mechanism of the system and thus affects the entire business and working of the company. To protect such mishaps sensitive information in any company must be confidential, editable and available for the authorized personnel only.
THE RESPONSE OF IMO FOR CYBERSECURITY
International Maritime Organization, after acknowledging the threat of cyber security made it a necessity that the Security Management System (SMS) should adequately address. This was addressed to be done in the Security Management System by the first annual verification of the company's compliance document after the 1st January 2021 (Art 2).
IMO then published a document enlisting its guidelines on the maritime cyber risk management which consists of recommendation addressed to all the organization in Maritime sector to encourage the cyberspace security management practices and to safeguard shipments from cyber threats and vulnerabilities. IMO also identified the most vulnerable systems including:
- Information systems of Cargo
- Electronic Navigation
- Communication systems
- Information regarding the passengers (in cruises)
Not only IMO but also, associations like Baltic and International Maritime Council (BIMCO), Cruise Lines International Association (CLIA), International Chamber of Shipping (ICS), International Association of Dry Cargo Shipowners (INTERCARGO), International Association of Independent Tanker Owners (INTERTANKO), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), published the document titled, 'The Guidelines on Cyber Security Onboard Ships'. This document mainly focuses to aware the industry professionals about:- Identification of threats.
- Identification of vulnerabilities in the ship's information security system.
- Maritime cyber risk assessment.
- Detection of threat and minimizing its impact.
- Establishment of contingency plans to reduce the incidence of threats.
These recent developments shows the increasing awareness towards the Cyber risks in maritime industry. Now IMO identifies the Risk management as -
"The process of identifying, analyzing, accessing and communicating a cyber related risk and accepting, avoiding, transferring or mitigating it to an acceptable level considering costs and benefits of the actions taken to stakeholders."
CONCLUSION
The cyber based dimension is a good friend and a bad foe. On one hand it has provided us the non-limiting opportunities to learn and express. With a single mobile device, a person is connected to the world and its happenings. One can avail the world-class education sitting in an entirely different continent. On the other hand, it has also increased the scams and thefts and that too on an international levels. Overall, cyber-space is boon when used correctly and a curse for the world, when in the bad hands.
The world can only be aware and educated of the threats posed by the Cyber-attacks and its severity.
Hope that you enjoyed the article. Please mention your views in the comment section.
THANK YOU FOR YOUR VALUABLE TIME...
"Our best work is done, our greatest influence is exerted when we are without thought of self."
- Swami Vivekananda