Strengthening Cyber Resilience in Maritime Operations

In recent months, the maritime industry has experienced a surge in cyber-attacks, a trend that has been largely driven by escalating geopolitical tensions. As global trade becomes an increasingly attractive target for state-linked hackers, the importance of robust cyber defenses has never been clearer. A recent article in the Financial Times highlighted this growing threat, underscoring the urgent need for maritime operators to fortify their cyber resilience.

At Marlink, we understand the critical importance of protecting your operations and assets. With the integration of Diverto’s advanced IT and OT security solutions into our portfolio, we are uniquely positioned to help you navigate the complexities of regulatory compliance and enhance your cybersecurity posture.

The evolving maritime cybersecurity landscape

The maritime cyber security landscape is rapidly changing, with IACS UR E26 & UR E27 mandating cyber resilience from July 2024, IMO's MSC.428(98) requiring cyber risk management in Safety Management Systems since January 2021, and the NIS2 Directive introducing stricter EU standards in October 2024. The NIST Cybersecurity Framework (CSF) also offers global guidelines to support these efforts.

Recommended Cybersecurity Measures

To help you stay ahead of these changes, we recommend implementing the following strategies:

Security Testing and Assessment: Regular risk assessments and penetration tests for IT and OT systems, Wi-Fi networks, key applications, and the supply chain are essential. These measures not only identify vulnerabilities but also ensure compliance with IACS UR E26/E27, NIST, and NIS2 regulations.

Phishing Simulations and Awareness: Conducting regular phishing simulations and cybersecurity training will help strengthen your organization’s security culture, significantly reducing the risk of successful attacks.

Security Policy Development: A comprehensive security policy, aligned with NIST and international standards, is crucial. Ensure it’s regularly updated to maintain compliance with IMO 428, IACS UR E26/E27, and NIS2.

Incident Detection and Response: Implement proactive security measures, including a 24x7 Security Operations Centre (SOC), to provide continuous monitoring and rapid response to any incidents.

CISO Role: If your organisation lacks an in-house Chief Information Security Officer (CISO), consider outsourcing this role. A CISO can effectively manage your cybersecurity strategy and ensure the coordination and reporting of all security activities.

How Marlink Can Support You

The Marlink Group is committed to helping you address these critical areas. With the expertise of our newly integrated team from Diverto, we stand ready to assist with security assessments and ensure your compliance with the latest regulations. Your safety and operational continuity are our top priorities, and we are dedicated to helping you fortify your defenses against the ever-evolving cyber threat landscape.

To learn more about our latest acquisition of Diverto please refer to the press release from 02 July 2024.