Fortinet and Samsung Heavy Industries sign MoU to drive maritime cybersecurity

Cyber security firm Fortinet and Samsung Heavy Industries Co., Ltd. on Wednesday have announced the signing of Memorandum of Understanding(MOU) for mutual cooperation in the maritime cybersecurity of ships.

The maritime sector, considered the backbone of the global economy, is now increasingly dependent on operational technology (OT) and information technology (IT) systems, such as industrial control systems and satellite communications. This digitalization increased the sector’s cybersecurity risks – with implications for national security.  The sector covers critical organizations and institutions, ranging from ports and the shipping industry, to ships and satellites. With technology proliferation and the adoption of emerging technologies, the vulnerability to cyber risks and threats has grown.

Samsung Heavy Industries has accumulated differentiated technological competency and turnkey manufacturing capabilities in the shipbuilding and marine business fields, and possesses topside design and construction capabilities, which are the core of maritime development facilities.
In April 2022, IACS (International Association of Classification Societies) has adopted UR E26 and E27 to protect ships from internal and external cyber threats and ensure the safety of ship operations as cyber threats such as hacking and ransomware against ships have increased.  

UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. These URs will be applied to new ships contracted for construction on and after 1 July 2024 as mandatory requirements.

Through their agreement, the two companies plan to collaborate on enhancing maritime cybersecurity to comply with the new security regulations of the IACS. In addition, they will cooperate to broaden the base of the cybersecurity market and expand the application of future leading technologies in the maritime field, such as network segmentation and OT protocol-based security services, onshore remote monitoring and control, and autonomous ships.

Fortinet plans to support on designing well-hardened maritime cybersecurity with Fortinet platform solutions, solution optimisation to operate in maritime environment, and training for Fortinet products. Fortinet will be supporting the strengthening of OT security for ships built by Samsung Heavy Industries to fully meet the new UR E26 and E27 mandatory requirements. The Fortinet OT Security Platform as an extension of the enterprise Security Fabric, provides solutions and services for OT protection across the entire Purdue model, from sensors to cloud, securing asset and network visibility, network separation, endpoint protection, authentication and permission management for zero trust access, threat detection and defence technology, and SOC/NOC security operation. Based on its OT security expertise and global leadership, Fortinet will contribute to ensuring the cyber resilience of new ships and for the cyber security of onboard systems and equipment built by Samsung Heavy Industries.

Director of Autonomous Ship Research Centre Jongung Choi of Samsung Heavy Industries explained, “As cyber-issues on ships increase, cybersecurity is becoming an essential element of ship construction and operation. Samsung Heavy Industries will expand its cybersecurity leadership in the ship manufacturing industry by establishing an innovative system for OT security during ship construction and increasing the cyber resilience of ships through close cooperation with Fortinet, a global leader in the OT security field.”

Head of Operational Technology and Critical Infrastructure – APAC, Michael Murphy of Fortinet further noted, “Through this cooperation, we will strengthen the global support system and cooperation in the maritime cybersecurity sector and actively support Samsung Heavy Industries in securing a technical foundation to comply with the new security regulations of the IACS. In addition, Fortinet will continue to expand the scope of its OT business and aim to strengthen OT security and digital innovation for the maritime cybersecurity industry.”

In December 2023, an Australia-owned defense shipbuilder was targeted by a ransomware attack trying to exfiltrate confidential information. Another attack on DP World, Australia’s largest port operator, led to the suspension of operations for three days, impacting 40 percent of goods flow in and out of the country. In 2023, Japan’s biggest Nagoya Port was attacked by Russian hackers Lockbit 3.0.

Among all the existing threats, ransomware presents major risks to the maritime sector, particularly the transportation system, supply chain management, and logistics. Ransomware allows hackers to engage in double extortion, making ransom demands for recovery and demanding money to refrain from leaking sensitive data. Even software supplier companies like DNV have been targeted with ransomware, impacting 1,000 vessels via ShipManager software. 

Maritime cybersecurity is also an area of concern in India. To address the emerging maritime cyber risks, In 2022, India’s JNPT was targeted by a cyberattack that crippled its automated system, and forced the system to return to offline methods, exposing the vulnerabilities. The country must look at maritime cybersecurity and take into consideration the severe risks linked to targeted cyberattacks on its shipping industries, ports, vessels, and the crew, believe experts.