Some questions may help provide a picture of vessel network segregation

“When was the last time a third party verified the segregation of the various networks on board”

“Which systems on the bridge have access to the OT network?”

“Does an OOW have access to bridge systems from anywhere other than the bridge?”

“Do any computers on the vessel business network have access to OT systems, e.g bay planning, ballast/trim, propulsion etc?”

“What steps have been put in place to ensure that the crew Wi-Fi network can only access the internet or other crew leisure systems?”

Whilst it can be time consuming to implement, network segmentation brings many benefits.

Users access can be managed on a ‘need to know’ basis: Why would a deckhand need access to a billing system?

Layers of defence are built: an attack breaches one layer, but the remaining layers remain in place.

Incidents are easier to respond to: if someone accidentally opens an email containing malware, VLAN access can quickly be removed, isolating the incident from the rest of the network.

Traditionally, computer networks were ‘open’ in that any one computer on the network could see any other. That made setting up access very easy, but it also meant that an incident anywhere on the network could quickly spread to all devices on it.

For example, a ransomware outbreak on one device might propagate to all devices. A hack of one system on the network might lead to data theft from all systems.

In the past, IT and OT networks were completely isolated or ‘air gapped’ meaning the only route to compromise was through physical intervention. USB, floppy disc and maintenance laptops were the most common source of infection.

More recently, OT and IT networks have been joined together to make processes more efficient and facilitate the concept of the smart ship.

Network segregation describes the process of giving devices access to only the systems they need. This makes the hackers life somewhat harder and also makes isolating compromised devices much easier.

Connections between shore and OT systems can be relevant in a wide range of applications like performance monitoring, predictive maintenance, and remote support just to mention a few. Common for these systems are that they are not strictly necessary for operating the ship safely. However, they represent a potential attack vector to the systems that are needed for the ship’s safe operation. Therefore, it is relevant to assess when these connections are allowed and under what circumstances. Plans should be established specifying when such OT systems should be temporarily separated from the shore network connection to protect the ship’s safe operation. Disconnecting will help prevent the attacker from being able to manipulate safety critical systems or take direct control of the system. Disconnecting could also take place to avoid malware spreading between network segments. To effectively shut down shore connections, it is important to have the network and connectivity services designed in such a way that the networks can be physically segregated quickly by removing a single network cable (eg marked in an odd color) or powering off the firewall.

Investigating a cyber incident can provide valuable information about the way in which a vulnerability was exploited. Companies should, wherever possible, investigate cyber incidents affecting IT and OT on board in accordance with company procedures. A detailed investigation may require external expert support.

The information from an investigation can be used to improve the technical and procedural

protection measures on board and ashore. It may also help the wider maritime industry with a better understanding of maritime cyber risks. Any investigation should result in:

• a better understanding of the potential cyber risks facing the maritime industry both on board and ashore
• identification of lessons learned, including improvements in training to increase awareness
• updates to technical and procedural protection measures to prevent a recurrence.