Cybersecurity 101: Playing it safe when logging in at sea

Courtesy Bureau Veritas

Mariners spend less time online than the average landlubber with constant access to Wi-Fi and 5G cell towers, but they often rely on the internet more for managing their lives. Paying bills, shopping or connecting with family and friends during months-long assignments are all done online — using the spotty and often sluggish remote access available to seafaring crews. And while going about this business, mariners, like everyone else, are susceptible to attacks by cybercriminals.

Trained technologists-turned-con artists and online robbers from around the world continually concoct malware and schemes to steal sensitive information for financial gain. Without good cyberhygiene or maintenance of online security systems, any internet user is susceptible to these threats. 

Mariners are subject to “the same spectrum of threats that target any other person or business,” said Alex Soukhanov, managing director of Moran Cyber, a consulting firm for the maritime industry. “If the computer is accessible, it will be a ripe target for it.” 

However, mariners typically lack control over the systems they use, and they lack consistent connections that allow a target to address a security breach quickly. A hacker would have a better opportunity to splurge using stolen credit-card information before any unusual activity is noticed, one of the complications of mariners’ inconsistent internet access.

Professional Mariner spoke with industry experts who provided five tips for maintaining cybersecurity while at sea:

1) Get to know your company’s IT setup and IT person.

For some mariners, internet access might come via a shared terminal on their vessel. John Jorgensen, chief scientist for cybersecurity and software at the American Bureau of Shipping (ABS), recommended that before logging in, ask some questions. “When was the last time they installed antivirus software?” he said. “When was the last time they updated it?” The maintenance of a shared computer can be a neglected task, he said, and crewmembers may be jamming USBs and connecting personal devices into that computer — each of them a potential source of information-stealing malware.

More generally, Jorgensen said mariners should take an active interest in the ship’s cybersecurity setup. “You should ask, ‘Who is the IT person in charge at corporate?’” he said. A little pressure may act as a reminder for them to update their programs or invest in improved ones. 

2) Don’t bite on email phishing scams.

Jorgensen said many common online crimes involve phishing, where a perpetrator sends an email that appears to be from a legitimate entity, like a bank or email service, and asks the target to “verify” security information in an attempt to steal it. Be distrustful of any email or communication that asks for usernames and passwords outside the usual portals. 

3) Mix up and change your passwords.

Due to the accumulation of protected internet accounts, people often have one easy-to-remember password to cover all of them. This is one of the worst habits computer users can have, according to cybersecurity experts. 

“When someone gets your password to one, that means they get your password to all,” Jorgensen said.

Encrypted password managers — they can concoct random passwords and automatically insert them when a website is called up on the device on which they are installed — are a free, reliable solution to the problem, he said. Some web browsers come with them.

4) Be mindful of how you spread your tech setup.

In 2015, the United States Maritime Resource Center, a nonprofit industry research group, began examining cybersecurity setups and risks on commercial vessels. “What we discovered during the first few years of our field work aboard ships was rather remarkable,” said USMRC President Brian Holden.

Personal devices were connected to critical shipboard systems. Crews engaged in highly visible posting or sharing of login credentials. Some expressed a false belief that the vessel was not connected to the internet, or that systems were “air-gapped” in some manner. USBs were used wantonly. Unauthorized or unsupervised vendors had access to shipboard computers. 

“These are all relatively easy fixes,” Holden said. However, mariners tend to become lax about cybersecurity, their minds occupied by other stresses and it not being an area of their expertise. There also can be confusion about who is responsible for securing computer systems — crewmembers, captains or central management. 

Everyone should insist on tighter standards and greater mindfulness, Holden said. There is no reason for equipment to be left in the open or for passwords to be shared, he said. These actions can allow one person’s carelessness to lead to a breach.

“The vast majority of mariners are not cyberwarriors,” Holden said. “(Cybersecurity) work will likely require engagement with shore-based subject matter experts. However, the ship will still need to be operated safely, and that is where mariners are at their best.”

5) Don’t engage with Nigerian princes or lonely singles.

Those notorious “Nigerian prince” emails — from supposedly deposed royalty or a legally hamstrung executive who will give you a cut of some bureaucratic money in exchange for your banking details — are still floating around online, Jorgensen said, and so are countless other fictions that feed off the appetite for easy money. 

Other emails exploit more intimate desires. Some cybercriminals engage in catfishing, posing as someone else, possibly a warm or sympathetic person. They also can offer explicitly sexual engagement. These scammers build a bond of trust and then ask for financial information. For people stuck at sea for months at a time, the emails can be a siren call.

“Not mariners specifically but lonely people are susceptible to catfishing,” Jorgensen said. “There are grifters and thieves looking for lonely people. If you keep people engaged and creative, they will do better with loneliness.”

This leads to a chief reason why cybersecurity is so crucial at sea. Mariners need to be able to use the internet confidently because it helps maintain their well-being, providing them with a connection to home and the ability to maintain their onshore lives.

“The internet is really a key to morale and mental health,” Soukhanov said. “Morale and mental health are really important to the safety of the crew, and when they are not working at full capacity, the ship is not working at full capacity.”

By Professional Mariner Staff