b'FOGHORN FOCUSMINIMIZING CYBER SECURITY RISK for Ships at SeaBY:AHMED HASSANHEAD OF CYBER SECURITY, ABB MARINE & PORTSBRUCE STRUPPSENIOR ACCOUNT MANAGER, MARINE SYSTEMS, ABB MARINE & PORTSPhoto: ABB Inc. D ivertedemailpayments,thedormantvirus,andnetwork management, password protection, or third-party access ransomware are now part of digital life and, with greaterpolicies is an open door. connectivitythaneverbefore,seagoingvesselsare increasingly exposed to the cybercriminals. Last year (2020), the U.S. Department of Homeland Security responded to 295 industrial control incidents 1 , 98% of which Withshipscarrying90%ofglobaltrade,2.1billionferrywere identifi ed as cases which could have been mitigated with passengers (Interferry), and up to 30 million cruise guests (CLIAbasic processes or controls. Logged incidents were reckoned to fi represent only a fraction of the number of attacks overall.gure for 2019) per year, digitalization off ers substantial gains for ship efficiency, crew welfare and passenger lifestyles, but highspeedThe number of cyberattacks made on or internetisnottheonlyreasonGiven that IBM hasaff ecting ships at sea is not on record, but forthegrowingcybersecurityalso estimated thathigh-profi le maritime cases have involved imperative. As diverse as it is huge,some of the biggest names in shipping, shippings connected fl eet includescompanies take 197 daysleadingportsandevenshippings vessels featuring the most up-to- regulatorybody,theInternational on average to identify a2dateandrobustcybersecurityMaritime Organization(IMO).protection, but also those runningcyber breach, the need obsoleteandunsupportedArecentPonemonInstitutestudyfor operatingsystems,inadequatefor ships at sea to includeIBMfoundthatdatabreachescost security confi gurations, and usingrobust fi rst lines ofabasketofland-basedcompaniesan outdatedsoftwareprotectionoraverageof$4.24million perincident 3 . none at all.defense is only too clear. High-profi leattacksonsomeof shippingsbiggestnameshavecostfar All of these stakeholders are at risk, and not only from targetedmore, with one notable example costing the owner an estimated remoteattacks;amorelikelysourceforconcernwillbethe$250300 million. But the potential consequences for a ship at people on board. However unwittingly, passengers or seafarerssea go beyond the bottom line: compromised navigation systems themselves can bring cyber threats onboard. Ship networkslikerepresent a safety risk for those on board, and for the environment anyothersarevulnerabletotheinfectedUSB,theattachedin case of a grounding causing pollution for instance. Given that virus,orthecross-sitescriptingattack:anydelinquencyinIBM has also estimated that companiestake197 days on average FOGHORN FOCUS: TECHNOLOGY 12 FOGHORN'