The U.S. Coast Guard issued a marine safety alert recommending the shipping industry institute basic cybersecurity measures to ensure the safety of their vessels.

The alert came in response to an incident in February 2019 when a large ship coming into New York Harbor suffered what was described as a severe cyber incident that impacted the ship’s onboard network, although essential systems were not affected. An inter-agency investigation found the vessel was essentially operating without any effective security measures in place, a fact that was known to the crew.

came in response to an incident in February 2019 when a large ship coming into New York Harbor suffered what was described as a severe cyber incident that impacted the ship’s onboard network, although essential systems were not affected. An inter-agency investigation found the vessel was essentially operating without any effective security measures in place, a fact that was known to the crew.

“Although most crewmembers didn’t use onboard computers to check personal email, make online purchases or check their bank accounts, the same shipboard network was used for official business – to update electronic charts, manage cargo data and communicate with shore-side facilities, pilots, agents, and the Coast Guard,” the Coast Guard said.

The Coast Guard noted that it is not sure if this particular ship is representative of most vessels in not having a proper level of cybersecurity in place, but with more and more ship controls being computer operated and navigation being conducted via electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential.

“It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures,” the Coast Guard alert stated.

The basic recommendations included changing pre-set login credentials, segmenting networks, installing anti-virus software and being up to date on security patches.

In addition Tim Mackey, principal security strategist CyRC at Synopsys, said, “An up to date inventory of all software assets, including versions, origins and update procedures, is a bare minimum operational requirement for deployed software. This asset inventory should also include a detailed accounting for all known weaknesses and procedures should be in place to ensure newly disclosed weaknesses or vulnerabilities are amended to the inventory.”