Welcome
Summary
Course
Exam
Certificate
Library
News
Verify
Support
My Account

Profiled Partners

  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • Be Cyber Aware at Sea
    Start the Course now!
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
 

 
 

Shipping and offshore oil and gas industries at risk of cyber attack

Riviera Maritime Media, August 2019 
August 27th 2019
Riviera Maritime Media, August 2019
These are interesting times when all shipping and maritime organisations should be on their guard. The recent announcement by the National Cyber Security Centre, the Norwegian Maritime Authority and the Norwegian Shipowner's Association is a warning we should all heed. Read the article online here .

In a joint statement, the NSM’s National Cyber Security Centre (NCSC), the Norwegian Maritime Authority and the Norwegian Shipowner’s Association have identified the maritime and oil and gas sectors as victims of targeting campaigns, noting that companies and organisations should be prepared for continuous activity in the short-to-medium term.

NSM recommends owners and companies responsible for shipboard infrastructure take the following measures:

  • Segment the network. There should not be a physical connection between administrative and operative parts of the network.
  • Log activity on all endpoints and in the network. NSM NCSC recommends keeping logs for at least six months.
  • Use encrypted communication where possible, also between ships and land-based infrastructure. Manipulating communications is easier if it is not encrypted.
  • Restrict access to information and systems according to a user’s need. Restricting access may limit the consequences after an incident.

Companies associated with Norwegian interests are recommended to perform continuous security monitoring.

NSM highlighted campaigns carried out via social media and through links or attachments containing malware sent via email as of particular concern and made the following recommendations:

  • If there is any doubt whether an attachment or a link is safe to open – assess whether opening it is necessary. Report suspicious emails or messages that relate to the company to your employer.
  • Be careful with documents that suggest enabling macros in Word, Excel or PowerPoint.
  • Suspicious messages received through social media should be reported to the employer if they can be connected to your employment or the company in general.
  • Establish and maintain contact only with people whose identity can be verified.
  • Be wary of messages with links and attachments in social media.
  • Expect that everyone can see all information shared on social media about work and your private life.
  • Do not publish work-related information without consent from your employer.
  • Do not publish information about other individuals without their consent.
  • Enable available security settings in products and applications.
  • Do not reuse the same password across services.