Our approach to Maritime Cyber Security Assessment

Our approach is focused on Information Technology (IT) and industry-specific operational technology (OT) systems.

1

Pre Engagement

This stage includes important aspects such as gathering the requirement and arranging meetings related to it while gathering information.

2

Organisational and technical gap assessments

Our cyber security experts will work with your onshore and offshore personnel to audit the written and unwritten praxis of your company's vessels and port infrastructure in accordance with your requirements for compliance with applicable regulations and standards (e.g., IMO Resolution MSC.428(98), ISO/IEC 27001, NIST Cybersecurity Framework, TMSA 3, GDPR).

3

Classification of Critical Assets

Identify the critical information assets and identify them appropriately to create a separate inventory of them.

4

Risk Assessment

This is the most critical implementation stage because it is during this stage that an asset register containing all of the Organisation, Vessels and PORT's Infrastructure information assets is created. This process entails meeting and conversing with onshore personnel and offshore crews to identify and address your cyber security risks via various assessment levels. The critical information assets are then subjected to a comprehensive risk assessment, from which appropriate controls to mitigate identified risks are selected.

5

Assessment of Ships in Operation

We conduct cyber security assessments and testing onboard your vessels, which includes visual inspections of the systems and their surroundings, crew interviews, and system and network testing.

6

Risk Treatment

We assist you in closing cyber security gaps efficiently through the formulation of improvement plans that consider systems, the human aspect, and management procedures, all of which are based on a methodical assessment.

7

Penetration Testing

Testing the resilience of your barriers is critical to ensuring the security of your assets. Our penetration testing ensures that your systems and procedures are evaluated thoroughly and effectively.

8

Employee Training

Our (virtual) classroom instruction includes classes on general awareness, management, technological skills, and hacking. Our e-learning solution may be delivered onboard or in the office, enabling your personnel to address critical components of any cyber security system - including the human factor.

9

Emergency Response Exercise

To ensure that you are prepared for an emergency, we assist you in conducting exercises onboard and onshore to train and verify effective communication, response, and recovery actions.

10

ISO/IEC 27001 Certification Preparedness

HackersEra evaluates and assists you in improving current documentation in order to assist you in preparing for certification.

11

Report Submission

Once the assessment is complete, a detailed written report outlining each observed and or exploited vulnerabilities, along with the root cause analysis and categorisation along with mitigation and confirmatory retest certificate if the need arrives.

12

Support

What really makes us stand apart is our excellent and round the clock support, making sure our clients never have to witness hurdles in the business.

What we offer

IoT Device Penetration Testing

Embedded Device Security Assessment

SDR Exploitation

ICS / OT / Security Assessment

WEB / API / Mobile Application Security Assessment

Secure Code Review

Firmware Security Assessment

Red Teaming

Physical Pentest

Coordination and Assistance for Third-Party Risk Advisory Certification

Coverage

Our cyber solutions target three critical areas of the maritime industry that are particularly vulnerable

  • On-board technology Security Assessment
  • Shipping headquarters and port operations Red-teaming
  • Regulatory Compliances

Why

Maritime Cyber Security Assessment

To protect ships, customers, and businesses, decision-makers must be vigilant about the risks of running insecure IT Infrastructure. These risks include

Customer data exposure - For example, Cargo Management Systems uses many devices to measure and transmit sensitive data. Barcode scanners, trackers, and security systems all transmit data that could be used maliciously.

Corporate data exposure - When connected directly to a port’s IT infra, IoT or other devices open security holes fundamentally outside the expertise of most in-house IT staff. These systems may cause catastrophic vulnerability and data loss.

Physical damage - Many products contain actuators which can physically harm personnel if they are improperly triggered.

High-risk downtime - Some services can pose fatal threats in the case of service failure. Connected devices must still function correctly when offline.

Broader liability - As detailed above, hacks can create liability for physical harm that goes beyond data loss or identity theft. Hacks to these products can have existential life and property liability, which has been shifted to the companies producing connected devices.

Reputation and brand damage - Brand-focused corporations can suffer massive losses in the wake of a security attack. Companies must guard against any large scale news event that damages reputation.

Why

HACKERSERA?

HackersEra brings extensive experience and expertise to the maritime sector's cyber security. We are currently engaged in on-shore, offshore, and at-sea projects aimed at securing maritime assets such as ships, ports, and communication infrastructure. We combine traditional information technology security best practises with an in-depth understanding of maritime operations and automated control systems in industry. Our local and international experts draw on a wealth of knowledge and experience in the fields of cyber security risk management, maritime operations, and human factors. All testing and mitigation measures are tailored to the unique maritime requirements.