Cybersecurity for Marine and Offshore EDGENETIC provides independent assurance and threat-led cybersecurity services to marine and offshore organisations around the globe.

Why Do Marine and Offshore Organisations Need to
Pay Attention to Cybersecurity?

The marine and offshore industries are becoming more connected, more dependent on advanced technology and more digitally aware. Most marine and offshore companies are steering their future strategies toward digital transformation.

Statistics confirm that the threat of unauthorised data access and maritime cyber-attacks is serious and growing – and systems or data hacking can directly impact an organisation’s ability to control its critical systems. Marine and offshore cyber threats are simply the new risk battleground in industries where safety and security have always been paramount.

 

Today’s range of cybersecurity-driven challenges include:

1) Reliance on digital communication, automation and interconnected technologies. 

This leaves infrastructure vulnerable to cyberattacks.

2) Complexity of the marine and offshore ecosystem. 

Multiple stakeholders, industry bodies, administrations and regulators at an international, national and sector-specific level add additional challenges around compliance with cybersecurity best practices.

3) Potential for legal liability around vessel delays and subsequent cargo, supplier or passenger claims. 

Marine and offshore organisations must ensure that cybersecurity processes do not impede them in meeting strict timelines.

4) A lack of industry awareness around cyber threats. 

A lack of awareness and staff training remains an issue in the marine and offshore industries, making them susceptible to targeted phishing attacks.

Facing this complex cyber threat landscape requires a shift in mindset.

Threat-Lead Approach

Cybersecurity is the single largest growing threat to organisations globally, as the expansion of threat surfaces through interconnected technologies and automation significantly increases exposure and risk.

Additionally, the cybersecurity landscape is rapidly changing; as threat actors adjust their approaches in response to advances by security professionals and technical defenders. Through a dedicated Research and Innovation team, EDGENETIC  looks at how marine and offshore organisations can create a scalable cybersecurity strategy.

 

Threat Briefings

Cybersecurity
Concerns in
Key Ships Systems

8 Cyber Threats
Facing the Marine and Offshore Sector

Cyber Impacts for
Cruise Ships and Super Yachts

GPS Cybersecurity
Threats and Impacts

Security Considerations
for Remote Access Solutions Onboard Ships

How Targeted Phishing
Emails Are Impacting the
Shipping Sector

Cyber Risks in Ships Communications Systems

Security Challenges
on Modern Ships

Marine and Offshore
Cyber Briefing: Threat Case Studies

IMO Resolution on Cybersecurity (Operational level)

The International Maritime Organisation (IMO) released a resolution and guidance around cyber risks in 2017.

1. Resolution (Mandatory) Maritime Cyber Risk Management in Safety Management System (Resolution MSC.428(98))

2. Guidelines (Recommended) on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3)

The Maritime Safety Committee adopted the resolution MSC.428(98) (Maritime Cyber Risk Management in Safety Management Systems) in June 2017. 

This resolution:

– AFFIRMS that an approved safety management system should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code

– ENCOURAGES administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance (DOC) after 1 January 2021.

The ISM Code covers many areas that are impacted by cyber capabilities such as roles and responsibilities, risk assessments and management, training, awareness and the implementation of relevant procedures to ensure cyber safety is maintained. EDGENETIC ‘s consultants have extensive experience across all areas of cybersecurity including IT/OT architecture, cyber event preparation, technical security controls, assurance/penetration testing. EDGENETIC can assist ship operators to be best prepared for the DOC and SMC audits that will be required post-January 2021.

EDGENETIC  also works closely with ship owners to ensure that operators are preparing at the right pace and priority and with shipyards and marine technology vendors (IT and OT) to ensure that new vessels are built with cybersecurity considerations included from the outset in the designs, build and commissioning.

Cybersecurity For Marine and Offshore

EDGENETIC  have developed a comprehensive suite of products and services for the marine and offshore market. These are not just designed for Class or for the IMO/ISM Code resolution, but also for organisations to consider holistically the impact and remediation/detection capabilities needed for their whole company, suppliers and cloud services.

Where To Start – The Cyber Journey

Cybersecurity can very quickly descend into technical language and conversations that are hard to relate back to the business. Impacts and threats can be imagined or blown out of proportion. However, it is important to do something, and the best starting point is to understand the risk – the real risk – your organisation is facing.

The diagram below shows how you can start with a simple risk assessment that can be used to progress to more strategic plans and capabilities.

Class Services

EDGENETIC  is part of one of the world’s largest and most respected classification societies and can guide you through a non-prescriptive, fully integrated, risk-based approach, assuring the security of cyber-enabled ships from concept to operation. The following technical guidance has been developed by EDGENETIC  to allow clients to adopt cyber technology safely and securely:

LR Cybersecurity Framework (CSF)
Defining a best practice cyber framework for the marine and offshore industries, aligned to recognised standards.

LR ShipRight Procedures
Defining cyber requirements for a vessel to be in Class both at design/build stages and in operational use.

Type Approvals
Defining requirements for HW and SW components deployed onboard a vessel.

Compliance-Based Services

As well as preparing for the IMO operational requirements to be met through the ISM Code and implemented Safety Management System, EDGENETIC  also helps the organisation adopt best practice industry standards. As advised by BIMCO, to successfully defend against attacks, a marine business should understand which events could happen, what the consequences of those events would be, and how they can be detected. This summarises EDGENETIC’s approach well.


EDGENETIC  provides marine and offshore organisations around the world with security services for managing corporate governance, risk management and compliance with sector-specific regulatory requirements like BIMCO, TMSA, IMO, IACS, US Coastguard, UK DfT as well as NIST, ISO and PCI DSS.

We provide these services for applications within all areas including passenger and cruise vessels, LNG, bulk carriers, tankers, mega yachts, military systems and fixed and mobile offshore assets.

Effective Cybersecurity Strategy at The Organisational Level

Developing an effective, relevant and pragmatic approach to the threats faced by cyber incidents starts with strategic intent and direction. Ensuring that the risks are understood and that the right operational capabilities and actions are taken is key. Ensuring a governance process that manages changes and provides the right level of assurance is essential.

Appropriate coverage of ships, shore, fixed and mobile assets, and third parties as well as future buildings, regulations, and Class and national requirements must be part of this holistic approach. EDGENETIC  has developed guidance on how to build an effective cybersecurity strategy and program and can assist your organisation in implementing this from the board room to the engine room.

EDGENETIC  Can Help Your Maritime Organisation Become Cyber Secure

Explore our related cyber services for maritime clients:

Cybersecurity Strategy
and Planning

Create a board-level
cybersecurity strategy & plan

ISO 27001

Addresses requirements
for an information security
management system

Security Audit

Analyse your IT infrastructure,
exposing weaknesses and
high-risk practices

Managed Security

Outsource your network
security services to
cybersecurity experts

Managed Detection
and Response

Improve your ability to detect
and respond to threats

Red Teaming

Assessment that simulates
threats to evaluate how you
would stand up to a real adversary

Social Engineering

Explore human weaknesses
found in the organisation

 

 

Penetration Testing

Evaluate the security
of your system(s)

Web Application Testing

Assess applications for
potential bugs before
going live

Incident Response

Address and manage the
aftermath of a security breach
or attack

Security Training

Deliver security awareness
training for key business
stakeholders such as employees

Why Choose EDGENETIC  As Your Cybersecurity Partner?

Mitigate cyber risk

EDGENETIC  is perfectly placed to act as a trusted partner for marine and offshore organisations as they build a robust cybersecurity strategy. EDGENETIC  provides a complete suite of maritime cybersecurity services to help clients identify, protect, detect, respond, and recover from cyber threats.

We understand the threat landscape and the changing regulations faced by the marine and offshore industries and know how to deliver a cost-effective solution while reducing vulnerability to cyber threats. Our work helps to ensure that marine and offshore organisations assets and processes are secure, safe, sustainable, and compliant with the applicable regulations.

EDGENETIC  helps its clients to stay one step ahead of cybercriminals, giving a first-line cyber defence and response to all types of incident, and resilience to stand up to cyber-attacks. It also encourages intelligence sharing amongst the technology industry, and sophisticated testing to mitigate an organisations risk of a breach or an attack at every level.

EDGENETIC ‘s cybersecurity credentials

As a trusted member of CREST and one of the world’s first accredited CBEST testing organisations you can be sure that you are in the most capable hands.

We are proud to be one of the few global companies that is certified by CREST across all key disciplines. Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In parallel, we were the first organisation to be accredited for our Security Operation Centre services.

EDGENETIC e are certified by a range of governing bodies for our work within highly regulated industries, in the maritime sectors and the payment card industry and are approved as a Qualified Security Assessor (QSA) company. We practise what we preach and have the highest levels of rigour applied to all the risk management and security controls that are relevant to our organisation itself. We are certified against ISO 27001 and ISO 9001.

EDGENETIC  research and development

Through its research and development (R&D) as well as active client work,EDGENETIC ‘s dedicated R&D team analyses and studies threat actor behaviour, gaining greater insight into the specific threat landscape within the maritime sector. You can also access EDGENETIC ‘s latest zero-day discoveries through EDGENETIC  and subscribe to receive EDGENETIC ‘s most recent findings as they are publicly released. 

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.