Cyber security is a phrase we seafarers and all related to the maritime industry have started to hear more often now.
Basically the “Cyber security” refers to the system in place which would be a combination of below
1) Antivirus, firewalls like soft wares,
2) process implementation like checklist for installing a new software or updating old software,
3) passwords and access codes
4) emergency and contingency plans in case of an attack
and other specific actions taken to safeguard Ship and company’s private data, safe operation and conduct of business on board the ship and office.
The Ships and offices are seeing unprecedented growth in technology, computers, Artificial intelligence to make our lives easier. There is always a dark side to any positive improvement which is supported by people or sometimes big organisation for various types of unlawful gains. For E.g. there is a virus called “Ransom ware” whose way of operating is to block all operation of the computer and the person who had put in the virus demands money to unlock or un block the system. This is as good as stealing your system and returning the same against payment of money.
NonPetya (Name of the virus) ransomware forced Maersk to reinstall 4000 servers, 45000 PCs which caused losses of up to $300 million due to "serious business interruption."
A virus whatever name given to it is basically a small software which is designed for disrupting the normal operation of the equipment where it is installed or silently send out sensitive information to the person who created the virus.
If a single person or a small group of people can cause such a loss to a big company like Maersk, it is very important to take security of the computers and equipments using internet or the local server onboard seriously.
The reason for these viruses are mostly always directly or indirectly for earning money in an un-lawful way-maybe similar to robbery!
We will now see how does these various types of viruses gets into the system in the first place-This step is called IDENTIFY.
The below are the sources of these viruses
1) Internet-If a system is connecting to internet thorough any Means-Wi-Fi, direct internet leased line, through phone internet. Internet is always the primary source of the virus as the person who created the virus can be operating from anywhere in the world! Browsing non secure websites, torrent sites, downloading torrent files, porn sites are major sources of viruses on the internet.
2) Removable Devices-Pen drives, hard drives, and any other devices which is used for data transfer and where the data can be added or removed. For E.g.-a non-writable CD got from a genuine source can never have a virus. Again these sources are secondary meaning they have been infested by a file from the internet.
3) Emails-Emails now a days are the most accessible and easiest way for a virus to enter your system, these out of the place emails which mostly talk about you getting a big gift or a lot of money are mostly laden with virus. Once the viruses get into your computer, then they get attached your genuine mails infecting your vendors, clients and if ships if you send this mail to the ship.
These are the major sources of any kind of virus which can infect the computer and other equipments on board
Now as we know the major sources of the viruses the next step is to PROTECT ourselves, our ships and our companies from these dangerous viruses.
Below are few precautions we can take to protect from these viruses
1) Do not use any gadget (computer, phone, tab etc..) without an antivirus installed. If it’s a computer, it is always better to have a paid version which has better protection and virus details are updated regularly.
2) Avoid using pen drives and hard drives, if you need to use, always run a virus scan before using it in any of the ships computer or systems.
3) Do not click on links in emails or download suspicious looking attachments.
4) Do not allow surveyors, inspectors to use their pen drives/hard drives or use any computer connected to other computers on the ship or connected to the internet.
5) Always ask the technicians coming onboard to update/repair systems computers to run a virus scan on any external drives they need to connect to ship’s systems.
6) Use common sense, as Antivirus may not be able detect few viruses hence need to be extra vigilant, as one small mistake will be very expensive to the ship/company
In a rare case after all the above precautions, a virus does get in to the ship’s system, you need not panic but need to get the virus out as soon as possible. How will we know if the ships system is attacked? Some indications as below can be helpful; this is the DETECT step
1) The systems stop working suddenly and you don’t see any other reason especially after a recent upgrade or repair by a technician in an earlier port.
2) The system response has become very sluggish and is very slow in responding
3) Sometimes it is very clear mostly in case of a ransomware, where you would be able to see a message on the screen for instructions to clean the ransomware
4) The systems and computers act weirdly and if it’s a control equipment might give incorrect actions
5) You see new soft wares being installed which you are not familiar.
6) Passwords and other credentials changed without your knowledge
7) The computer is connecting to the internet frequently when you are not using it.
8) Your internet searches are being redirected.
9) Extra browser windows may appear or turn off without your involvement.
10) Unrecognized anti-virus software scans randomly appear.
11) Additional toolbars are added to your internet browser.
12) Frequent pop-ups load when you access the internet.
13) Your mouse/pointer moves on your screen intelligently on its own.
14) Your task manager, registry editor, anti-malware, and anti-virus software appear to be
disconnected or disabled.
15) Your e-mail contacts begin to receive e-mails from you, which you did not send.
16) Money disappears from your bank account.
17) You receive invoices or find payments made for purchases you did not make.
Hmmm this is a huge list, this shows the viruses can affect your computers and systems in various ways for different purposes. However, viruses can lie silent for months or years before its actually detected if we are not vigilant and look for subtle signs.
Once you observe any of the above symptoms, you can be very sure that your computer or the Ship’s system has a virus, now hence the same should be removed at the earliest-this step is called RESPOND
To remove the virus, it wold mostly require a professional help and we may not able able to remove the virus, unless your Antivirus scan detect the virus and is able to successfully detect and remove it. The more time we spend with the virus in the system, it will not only be affect that system but might be spreading to other computers connected to the network, hence it might be better to turn off the equipment till a professional inspects the equipment.
Once the equipment is in the hands of the professional it would surely be a matter of time to remove the virus, it depends on extent of the damages caused by the virus. Most of times the systems must be completed formatted to get the viruses out.
Once the virus is completely remove, all the data needs to be installed back to the system-This process is called the RECOVERY, i.e recovering from the attack.
In summary, with ships becoming smarter every day, with artificial intelligence and computers, the reason for us to worry about Cyber-attacks also increase. Companies, seafarers, regulatory bodies all need to work together to reduce or complete remove very potent threat to the whole industry.
We from the Seafarerslife wish you safe networking!
If you like the content, please comment and share!