Cyber Security Is A Technical Issue Not A Human One – Naval Dome CEO
According to Naval Dome CEO Itai Sela, the unconscious downloading of a virus is a major cybersecurity issue for the shipping industry. This is why the companies should be aware of the breaches that the systems are attributing to human error.
Itai Sela believes that cyber awareness, training of the crew or the enforcement of crew guidelines will have a long-lasting positive effect. This is because hackers will always come up with something new.
“When the cyber-criminal will always need the unwitting assistance of an unsuspecting crew member, technician or employee to activate or spread the virus, irrespective of the level of their cyber training or awareness, it is not enough to put it under the ‘human factor’ umbrella or apportion individual blame when a critical system has been breached.
“A cyber incident happens because systems are not protected, and hackers will continue to develop innovative ways and sophisticated solutions intended to take advantage of any weak spots in human nature. The implication, therefore, is that any cyber awareness training is a waste of time and money.”
The researchers at Palo Alto Networks’ Unit 42 say that sophisticated, new and advanced hacking methods like malware trojan called xHunt. These are being especially deployed to target the shipping industry. It is alleged that the networks of two companies that are operating from Kuwait have been infiltered by xHunt and Hisoka which were used as a backdoor to facilitate trojan delivery.
“The attackers have added some fun capabilities to Hisoka and its associated toolset. The attackers are aware of probable security measures in place at their targets and have attempted to develop ways to get in undetected,” Ryan Olson, Vice President of threat intelligence at Unit 42, told ZDNet.
Sela also believes that not only is blaming individuals pointless but also problematic. This is because the envision of the possible legal proceedings have a vital effect and damages the ship, it’s systems, personnel and also the environment.
“It would be very easy to point the finger at an individual crew member, technician or employee for inadvertently spreading malware or other viruses, but this would not prevent further system breaches. What it will do is create unnecessary friction between employers and employees.”
“Prohibiting internet access is not the answer. This is now considered a basic human right and with many seafarers away from loved ones for months at a time, if they are unable to maintain regular contact with those at home, then not only could it adversely affect their well-being but deter others from a maritime career.”
According to Sela, the maritime sector needs more than just the implementation of a culture change. The industry has to adopt technical ways in order to prevent system hacks. Further talking about the incident when a Mobile Offshore Drilling Unit had lost it’s control over it’s Dynamic Positioning System when they were drilling in the Gulf of Mexico, she said that it was found that some crew members introduced malware due to plugging in of their smartphones and other such devices.
“Would this have been considered human error if the DP and associated OT systems were adequately protected and the hack thwarted? I doubt it. If cyber-crime continues to be designated a human factor event, then the industry does not fully grasp the cyber problem.”
Reference: Naval Dome