Christian Garske: “Every criminal act in the physical world also occurs online”

In the next few episodes of our blog, shipping professionals offer unique insights into the ongoing process of digital transformation in the shipping industry, from seafarers sailing global waters to shore-based employees. Today: Christian Garske from Lufthansa Industry Solutions.

From hacked navigation systems to sabotage in ports — maritime logistics must protect itself against increasing cyber threats and ensure safety on the high seas. Christian Garske holds a degree in business informatics. The IT security expert has been working at Lufthansa Industry Solutions since 2008 and is Business Director of the Center of Excellence “IT Security & Privacy”. He provides insights into the challenges of cybersecurity in shipping, internal and external risks, and the importance of comprehensive security concepts in an era of digital attacks on global logistics.

Christian Garske works as an IT security expert for LHIND

Mr. Garske, can you explain what cybersecurity is?

The term cybersecurity is colloquially a little misleading. In the narrower sense, it describes the protection of infrastructures and digital content against attacks from the Internet. That’s not wrong considering the Internet is a very important data infrastructure and most of the perpetrators are certainly to be found outside your own organization. However, a significant proportion of security risks also come from within, for example, through the improper, malicious or even careless handling of data by employees. At Lufthansa Industry Solutions, we deal not only with “cyber”, but with various aspects of information security.

So, what do we mean by cybercrime?

Virtually every type of criminal act that occurs in the physical world also happens online, ranging from theft to murder. Lives can be destroyed not only by financial or identity theft, but also by character assassination, fake news, and hate speech. These attacks can be easily and cheaply purchased as services. We observe that criminal gangs operate with a high degree of professionalism and generate billions in revenue, which, to me, underscores the urgent need for legislative measures.

Entire industrial plants can also be destroyed.

Yes, in this respect, the Stuxnet attack on the Iranian nuclear program in 2010 was a wake-up call for the industry. The attack showed that and how cyber-attacks can cause real, physical damage. Since then, awareness of the importance of IT security has risen sharply and digital infrastructures are finally being seen as critical components of corporate security. In the globalized and digitized world, digital infrastructure is often the biggest risk for companies. A study recently identified cyber risks as the highest corporate risk.

This brings us to the topic of KRITIS and NIS2. Can you briefly explain what this is all about?

KRITIS stands for “critical infrastructures” and includes organizations and facilities of essential importance to the community whose failure or impairment would result in significant supply bottlenecks or threats to public safety. This includes sectors such as energy, water, food, health, finance, transportation, and traffic, as well as information technology and telecommunications. The protection of these infrastructures is crucial, as they form the basis for the functioning of our modern society. NIS2 stands for the second version of the EU Network and Information System Security Directive. This directive aims to ensure a high common level of security of network and information systems across the EU. It ensures that both large and medium-sized companies take appropriate steps to protect their IT systems. Overall, the EU’s aim is to strengthen the resilience of the European economy, but also that of our society, against cyber-attacks.

What did this mean for the companies?

The NIS2 Directive requires companies that are considered “important” or “particularly important” facility operators to take extensive technical and organizational measures to secure their network and information systems. This includes around 30,000 companies in Germany alone. What is new is that the directive now also covers the supply chain and relationships with service providers, which significantly expands the security requirements. Companies must also report significant security incidents, which promotes a more transparent and responsive cybersecurity environment in the EU.

And that poses major challenges for companies?

NIS2 significantly expands the requirements for cyber security. Not only large corporations, but also medium-sized companies are now required to protect themselves better against IT attacks. This includes a functioning IT risk management system with an information security management system based on it, suitable incident management and business continuity processes as well as the timely reporting of security incidents to the BSI or BBK. Companies must register with national authorities and provide regular proof of compliance. Companies are also required to strengthen their security measures not only against external threats, but also against internal threats.

Can you give an example of this?

One neuralgic point is the issue of responsibility, especially for companies with several sub-companies. A second is the issue of dealing with outdated IT technologies and devices. There are few companies that no longer have fax machines and even fewer that do not have other vulnerable devices, such as unsecured printers. It is also important to include such issues in the company’s security strategy.

What danger should a printer pose?

Office printers usually have hard disks or other storage media and are connected to the company network. It is possible to access the printer’s memory via the network and read out confidential information completely unnoticed. This is a classic example of internal security risks that are often overlooked.

What about maritime logistics?

In March 2021, the accident involving a single 400-metre-long container ship — the Ever Given — in the Suez Canal made it clear just how vulnerable maritime infrastructure can be. Over 422 ships and their cargo were stuck in a traffic jam for over a week. What would happen if hackers paralyzed entire ports? Another example: On January 7, 2023, approximately 1,000 ships were affected by a ransomware attack against DNV, one of the world’s largest maritime organizations. DNV manages technical certifications for the construction and operation of ships and offshore structures and was forced to shut down the IT servers connected to its ShipManager system. Imagine what could have happened, given that DNV serves more than 13,175 vessels and mobile offshore units. The incident is a prime example of how vulnerable the maritime industry and global trade are to cyberattacks.

How vulnerable are ships to cyber-attacks?

Ships are also vulnerable, as they are now also networked. Cyber-attacks can disrupt or even disable navigation systems, for example. Comprehensive risk management is required here, covering both the IT infrastructure on board and the communication systems on land. Take computer-aided route planning or the booking system as an example: imagine a ship ending up in the wrong port due to a cyber-attack — the chaos would be enormous. Or the cargo simply disappears into nowhere because hackers have “rebooked” it. In addition, not only the logistical problems but also the potential security risks for the crew are considerable.

What role will artificial intelligence play in the future of cybersecurity?

The future of cyber security is increasingly being shaped by the integration of AI and machine learning. The ability of AI systems to analyze large amounts of data and recognize patterns can help to identify attacks faster and implement automated defense mechanisms. At the same time, we need to be prepared for the increasing, AI-enhanced sophistication of cyberattacks. Companies need to continuously adapt and improve their security strategies to keep pace with rapidly evolving threats. In other words, there’s never a dull moment in our security business. It’s an exciting profession, especially for young people.

Christian Garske: “The future of cyber security is increasingly being shaped by the integration of AI and machine learning.” ©Adi Goldstein

Information on LHIND’s cybersecurity services

Lufthansa Industry Solutions (LHIND) offers a comprehensive portfolio of cybersecurity services to position companies securely in the digital world. The following points provide an overview of the specialized services that help to strengthen and advance the security architecture of organizations:

1. Security consulting by a specialized team: The specialists at our Center of Excellence for “IT-Security & Privacy” deal with both regulatory and technical aspects of cyber security daily.
2. Operational audits and penetration tests: The effectiveness of existing security measures is tested by our specialists using internationally recognized security standards and best practices on the one hand, and technically offensive penetration tests and Red/Purple Teaming on the other.
3. Use of international standards and certifications: LHIND recommends the use of internationally recognized standards, such as ISO 27001, for the design and management of security structures in companies.
4. Use of artificial intelligence and machine learning: Artificial intelligence is used to support security operations and optimize the efficiency of threat detection and response.
5. Security consulting and training: Key security consulting and training is provided to improve employee awareness and skills.
6. Technology and process audits: Regular audits of the technological infrastructure and security processes identify weaknesses and help to plan preventive measures.
7. Development of customized security solutions: Customized security strategies are developed to meet the specific needs and infrastructure of each company.

These services cover a broad spectrum and are designed to strengthen cyber resilience in an increasingly interconnected and vulnerable business world.