Computers on ships are a fact of life in these digital days and just as computers ashore they are subject to all manner of security threats and issues. Whether they are standalone devices or are integrated into a network that could be limited to the ship itself or part of a wider company network, these computers are vulnerable to all manner of cyber threats.
A standalone computer installed years ago that is used only for producing letters or filling forms and is not connected to the internet is probably safe, but those that have wider applications are where the vulnerabilities lie.
There has been much discussion about cyber protection in recent years but one aspect that is often overlooked is ensuring that a computer’s operating system is kept up to date. Although it is not the only operating system available, Microsoft’s Windows is probably the most widely used.
For those who are only interested in producing the letter, crew list, customs form or report they are working on, the choice of operating system may not be a consideration. There are probably ships in operation that have very early Windows versions on their computers and are unaware that support for their operating systems ceased many years ago.
Depending upon the source used, Windows accounts for between 76% and 91% of all operating systems used by computers connected to the internet. Of all the computers using Windows, Windows 10 is used by 72%, Windows 11 by 14%, Windows 7 almost 11% and the rest spread over other versions.
Microsoft has always recognised the problem of bugs – defects in the program not revealed during the development stage, and threats caused by malicious malware and viruses and has regularly released updates to the operating system aimed at eliminating known problems. In this regard the company is fighting a constant battle with hackers and the criminally minded in protecting its clients and their reputation against new threats.
However, there is a lot of work involved in this and as older systems drop below a pre-determined user level or when Microsoft decides to offer free upgrades to a new operating system, the company will end support. The same is true of applications that run on the computer (Office, Word, Excel etc or third party apps). Windows XP, Windows 7 and Microsoft Office 2010 are all examples of products that are no longer supported by updates although they will still operate.
With Windows 10, Microsoft’s default mode for the operating system was for it to download and install cumulative updates automatically. Designed as an aid for less technically minded users, this facility can be a nuisance and was controversial when introduced. The same system continues in Windows 11.
A criticism often levelled at the automatic update feature is that it may not activate for several days or weeks but then seems to be activating daily before reverting to a less regular activation. There is of course a valid reason for this, new threats do not happen on a daily basis but need to be addressed as and when they do arise. The frequency of updates reflects the growing cyber threat that users face and should be recognised as such.
Although intended to protect the machine from attack and to improve performance, the updates can sometimes contain bugs and can cause problems with applications that previously ran faultlessly. Usually this is due to a driver or application compatibility issue. Another issue is that downloading and installing the updates will cause the device to become unavailable for a period – often lengthy.
This last point can be annoying as it impacts workflow, but on a ship, it could even make essential systems suddenly unavailable. It is possible to turn off this automatic updating feature, but that in itself could mean that the system is no longer protected by the security updates introducing other vulnerabilities.
To avoid system availability issues but at the same time ensuring security updates are received, it may be an idea to disable the automatic update feature of the operating system and perform a manual update. This manual update can be done when the ship is less likely to be compromised such as immediately after arrival in port. After performing this update, a check should be carried out on essential system availability as comprehensively as possible. Any issues should be reported to head office and to the equipment system maker so that the information can be disseminated to other ships in the fleet.
Ideally the question of operating system updates should be incorporated into the company ISM system. This could involve a risk assessment of the impact on equipment availability, compatibility of systems and ensuring back up while a device is being updated.
If replacing a computer that is integrated into a network onboard, compatibility issues could be discussed with the company’s IT department or the computer supplier beforehand. It may be better to have the new computer loaded with the same operating system as that which it is replacing rather than a new version.
There are applications available that can check for updates of the operating system and other software applications without necessarily performing the update immediately. These types of applications can be configured in various ways to make updating simpler. Some are available as free downloads from the Internet but unless their use has been sanctioned by the shipowner, they should not be installed by crew acting alone.