Top 3 cyber security tips to protect ECDIS on your vessel

Are you cyber aware at sea?

Cyber security is more important than ever before: ships and offshore platforms are becoming more sophisticated and in many cases crews are reducing. The cyber threat at sea is a considerable security, safety and financial risk to the maritime industry. Moving forwards, it’s not unrealistic to think that cyber security will be a board level priority issue, in order to tackle the increasing threat. Thankfully, more information is starting to emerge to help all stakeholders understand the challenges that the digital era brings to shipping. Be sure to take a look at the ‘Be Cyber Aware at Sea’ campaign, it’s an excellent resource to refer to on this topic.

Routine cyber security ECDIS procedures: preventing threats from becoming problems

Security awareness: the first step to ensuring safety

Cyber security awareness and training are certainly the first steps to a safer and securer future at sea. Just like any computer system, ECDIS is open to cyber security threats. When reviewing where the potential threats lie, it’s good practice to start by asking yourself some simple questions. Firstly, how do you get updated chart data and permit files into your ECDIS and is this a safe and secure process?

Secondly, what about USB’s and USB ports? Who onboard has access to the USB ports? Are USB sticks checked before use? Are dedicated USB sticks provided and securely stored?

What about ECDIS software updates? Have you any outstanding and has this been discussed with your ECDIS manufacturer?

A further and commonly missed point is that relating to other equipment connected to ECDIS. Have you checked that all other connected equipment is secure? Finally, it’s important to consider what happens in a worst-case scenario such as a breach in cyber security, do all deck officers know the emergency procedures?

Routine procedures protect against threats

Social engineering: when things aren’t always as they seem!

An emerging method that hackers employ is social engineering, which means pretending to be someone that they’re not. An example of this would be a hacker pretending to be a fellow crew member on your ship and ask you to retrieve some information from them using a memory drive, or alternatively send you an email containing a link which is in fact a virus! Blindly complying with such requests may enable malicious viruses to spread throughout your computer network, allowing the hacker to gain access to personal information, sensitive information, or take control of the computer system.

What can we learn from this? If in doubt, don’t give anyone access to your computer systems and don’t download any material, or click on any links in emails if they appear suspicious, or are from an unknown person. After all, it’s absolutely fine to decline a request in an effort to stay secure on your vessel!

Reduce your overall ‘attack surface’

A simple way to reduce risk: separate your personal and work life

In order to reduce risk, it’s advisable to separate personal and work life as much as possible. When using a work computer only for work purposes, you will likely visit fewer websites, install fewer applications, and on the whole, reduce your overall ‘attack surface’ considerably. It’s advisable to further protect the ship or company systems, by rigorously controlling administrative credentials: regularly monitoring and reviewing newly installed applications, and blocking certain categories of ‘high risk’ websites.

Those working at sea should not use the ship’s PCs or systems for personal use. Crew should therefore always be encouraged to use personal devices and not in work time: it’s important to limit crew crossing the work/ life divide.

Training: essential to safe and efficient computerized vessels

Cyber security training is essential

In order to operate modern, computerized vessels safely and efficiently, then comprehensive training surrounding problems with essential computer based systems must become standard practice as part of the shipboard routine. Would you know what to do if your ECDIS became compromised? Do you know best practice when it comes to preventing a breach in cyber security in the first place? If not, it’s time to get skilled up!

Are you after some more information about cyber security at sea? If so, why not give the experts a call! Just contact Martek Marine’s dedicated ECDIS team today for further information.

Not got ECDIS yet?

Perhaps you’re researching ECDIS as you’re still deciding which system to use? One of the biggest concerns we’re hearing from potential customers today is the affordability of ECDIS – which is also the reason for many companies delaying their purchase until they have the money available. With the ECDIS compliance deadline now just 3 months away, it’s time to take action!

Many ECDIS suppliers are now offering attractive offers such as ’Free ECDIS’ and ‘Free Charts’ which look like the best option to consider – after all they’re saving you money! We urge you to be careful when reviewing systems and ask as many questions as possible to find out more – Is there a long contract you have to sign? Are there any ongoing maintenance charges? What hidden costs are there? How much will this system cost me overall for the next 5 years? Some ECDIS offers are fantastic and offer significant cost savings –  we advise you to make sure you find the right supplier that isn’t going to tie you down, or end up costing you lots of money in the long term.

iECDIS from Martek Marine

Implementing ECDIS really couldn’t be easier, meaning you can approach the deadline safe in the knowledge that you are fully compliant and won’t need to pay anything else to remain so, in fact, you will save money.

The iECDIS™ Compliance Package from Martek Marine is available on a hire-purchase agreement, meaning you can get your new system installed as quickly as possible, with zero initial capital outlay. There are no hidden fees or catches, and no ongoing maintenance costs. Flexible payment solutions and the option for a hire-purchase agreement mean you can ensure your iECDIS™ is installed as soon as possible without waiting for your budget to allow for it.

If you’re not looking for a full compliance package but still want a solution you can trust, we also offer free ECDIS, so what are you waiting for? Call us today.