Episode 358 – Maritime Cybersecurity – trends and emerging threats

Michael Vrettos is a senior Marine Cyber Security Expert for RINA Classification Society in Piraeus. 

He is responsible for Marine Cyber Security Services and represents RINA in IACS and EMSA related activities.* (* IACS – International Association of Classification Societies, EMSA – European Maritime Safety Agency)

His past experience includes working for the EU, NATO & the Defense sector. Among other things, he’s been involved in developing a Network Security Operations Center and projects on Cyber Technologies for the European Defense Agency, European Space Agency, EU & NATO.

In this interview, Michael gave an introduction to the Maritime sector, and the stakeholders in the industry who are involved in setting the cybersecurity policy and technical standards (for example, IMO (International Maritime Organisation) and IACS (International Association of Classification Societies). 

He gave a glimpse into how digitalisation in shipping with applications for route optimization, fleet performance and engine automation, (to name a few) driven by increased connectivity and bandwidth along with innovations in satellite technologies, have transformed the sector, with implications for cybersecurity. Hence, in some ways, the ship is increasingly becoming part of an overall “IoT” network. 

Whilst the NotPetya incident that disrupted the sector in 2017 was an important lesson, Michael also noted the additional complexity of cyber defenses due to “Operational Technology” onboard ships using sensors, PLCs (programmable logic controllers), and various software to control ships systems such as bridge, ballast, engine, navigation, etc.

For example, the “always-on” mode means that systems cannot be easily scheduled for patching or for pen-testing in order to avoid an inadvertent disruption. 

Besides basic cyber hygiene and standard cyber protection at network level, Michael also noted other vessels important systems such as the AIS (automatic identification systems) and ECDIS (Electronic Chart Display and Information System) operating with proprietary software thus making difficult to install typical cyber security measures such as antivirus or antimalware. 

Wrapping up, Michael shares his views on the digital evolution and emerging cyber threats, such as those introduced by AI (artificial intelligence), and the importance of not only utilizing the benefits of technology but also investing in cyber security considering the potential risks.

Recorded 25th April 2023, 10.30am, Marina Bay Sands Singapore, Singapore Maritime Week 2023.