Is maritime cyber security keeping up with the ever-changing digital landscape?
In our maritime cyber security series last summer, we looked at the threats to our sector from cyber-attack and discussed the main areas that are at risk. Since we last discussed this important topic, there have been further advances in digitalisation. Whilst this is good news for the maritime industry, it also adds more risk from the perspective of cyber security. Digitalisation means that ships are more connected within the vessel and to corporate networks, this poses an increased cyber risk. We are now going to focus on looking at whether cyber security is keeping up with these advances, if so how, and what measures are being put in place.
Cyber security is not just a ‘nice to have’ addition for shipping companies, the International Maritime Organisation (IMO) is not just focusing on the sulphur cap, it is also putting into place a requirement for cyber security to be addressed in safety management systems by January 2021. Failure to comply with this could result in ships being detained! One of the difficulties with cyber security guidelines in the maritime industry is that they are not particularly clear as to how to make a vessel cyber secure, and crucially, how to measure this. The year 2020 proves to be a busy one for maritime organisations, in order to meet the IMO 2021 deadline.
A development that is becoming an even bigger focus this year is automation, the industry will be watching with interest at the launch of the Mayflower on its voyage from Plymouth, UK to Massachusetts, US, later this summer. But with this comes a big cyber security risk, if the systems controlling the ship were to be attacked, it could be run by the attackers. It is not only vessels that are becoming automated, but there are also many systems that are moving towards automation, including within ports when checking in vessels and cargo.
Shipping companies will need to perform an assessment of risk exposure, as a result, they will need to put into place measures to include in their safety management systems to mitigate cyber threats. Like other industries subject to cybercrime, such as banks, criminals are using phishing emails which impersonate vessel names. Opening these emails or documents within them can set off an automated attack, gaining data, logins, downloading files, or much worse. This demonstrates that it is not just higher-level management that needs to be aware of cyber security, training is required for all staff.
If the worst does happen, it’s not just IT systems that are affected…
Shipping operations are interrupted, plus the knock-on effect of this on the supply chain
Danger to the crew, including injury or death
Loss or damage of vessels
As a result of a spill, pollution
Loss of cargo, impacting the supply chain and consumers
Contraband cargo entering a port untraced
How are you mitigating the risk of cyber-attacks? Do you feel confident that your organisation is protected against cyber criminals?
Please contact us for any maritime security matters: firstname.lastname@example.org