Starting January 2021, the International Maritime Organization (IMO) requires vessels to be cybersecurity compliant in international waters and everywhere they go in the world. Flag states will ultimately be in charge of putting in place regulations for their country or flag state and will be enforcing those regulations on their inspections of the vessels. This opens up new business opportunities globally for cybersecurity companies to cooperate with known providers in the marine industry and provide their combined services to existing clients and new customers by adding a cybersecurity plan to the existing International Safety Management (ISM) plan, a regulation that applies to every vessel that has a current, active and approved ISM through their flag state.
Most vessel manufacturers build vessels such as tankers or luxury yachts based on client demands, and from my observations, most of the time there is little or no focus on cybersecurity implementation. These vessels can often be secured by a $50 wireless home router. Once a yacht, for example, is in the marina, the owners and personnel connect to the marina’s Wi-Fi, which oftentimes is not secured and open to everybody. Individuals with deep cybersecurity knowledge are able to intercept traffic or even infiltrate computers connected to the Wi-Fi network and gain access to sensitive data. In the worst-case scenario, they could execute a man-in-the-middle attack or crypto-locker ransomware and hold important sensitive data hostage for ransom.
Port cities like Los Angeles, Miami, Fort Lauderdale or New York have an existing infrastructure to support the daily maintenance of all kinds of vessels. Companies like IMSA provide already managed services for the marine industry. Local or global cybersecurity specialists or IT consultants can be a part of the next step toward making vessels IMO 2021-certified by offering the right services and hardware and software solutions for the upcoming demand in this industry. We all use our mobile devices and laptops in our daily business not really knowing what is happening in the background of these devices, if the Wi-Fi we are connecting to is secured or if we are subject to vulnerabilities and exploits. It’s not only necessary and mandatory to provide services in securing physical equipment and software of the vessel, but it’s also even more important to educate the individual on how to utilize technology in a safe way and how not to unintentionally create a blueprint of the environment and open up an entire network to vulnerabilities while opening an infected email attachment or website.
As mentioned in my previous article, you can’t put a firewall or antivirus in a person’s head, but we can offer professional IT solutions and the mandatory training for staff on a recurring basis. Provide an alert system that is monitoring the IT infrastructure’s health status, creating restrictions, accessing rules and segregating networks for active and passive use. This will be an ongoing business model for this new IMO requirement.