During last SAFETY4SEA’s Virtual Forum, the attendees gave their insights on cyber security and its part in the shipping industry, highlighting that shipping has still a lot way to go, in regards to how it treats cyber risks. Also, in what is an industry first, the experts applauded IMO’s Resolution, effective from January 1st 2020, and explained why, to some extent, the COVID-19 crisis has a positive impact on the digital evolution.
Starting the discussion, Mr. Apostolos Belokas, Managing Editor of SAFETY4SEA, questioned where the industry stands concerning cyber security. All the attendees explained that the industry has still a long way to go, in order to be fully protected from the cyber risks or adopt a notion of dealing with an attack.
• There is gap between technology and the measures to protect smart vessels
• IMO’s Resolution challenges ship operators
• 4 categories of cyber-hit companies
• The right mindset is needed to remain protected from a cyber attack
• It is important to understand the hacker’s motivation
• Cyber safety & security has become a business imperative
• COVID-19 has accelerated digitalization
Specifically, Mr. Francesco Arischia, RINA, Senior Consultant, highlighted that there has always been a gap between the technology and its evolution, with how the industry protects the smart vessels and its technologies from attacks. He also focused on the importance of implementing risk assessment, as a crucial step to understand the challenges of cyber-attacks, and advised that shipping companies should begin their cyber security plans from the base; the port facilities and the vessels.
Referring to IMO’s Resolution, Mr Themistoklis Sardis, Costamare Shipping Company S.A., IT Manager stated that although the resolution is here, technically, the sector is not 100% ready. In the meantime, Mr. Arischia argued that the IMO’s advice that cyber security should be included in the ship’s SMS is a sign that the vessel’s security and safety are merged.
During the digital discussion, four categories of cyber-hit companies were revealed;
- The companies that have been hacked
- The companies that haven’t been hacked
- The companies that have been hacked, but they don’t know it
- The companies that have been hacked and will be hacked again in the future.
The four categories reveal the gap existing in the shipping industry, with some shipping companies not focusing enough on the cyber risks, and acting like there is no risk. In that regard, Mr. Manos Christofis, Diaplous Group, Cyber Security Strategy Advisor, highlighted that the future of cyber-attack is unsure; therefore, we need to threat cyber-attacks as a technical, operational risk.
Having the right mindset
Having the right mindset to keep up with the evolution and the technological changes, plays a crucial role on how the industry will deal with the cyber security challenges arising, Mr. Stavros Koutoupes, World Link Communications, Greece Country Manager, noted.
In that regard, it is advised to keep in mind the following:
- Implement cyber security safety in a line manner
- Hackers do not stay idle; they evolve and improve
- Stay alert on anything not tested or used in the past
- For top security, you have to sacrifice cherished things, such as the easiness of doing things
The lack of mindset throughout the industry can be also seen on the way many organizations address cyber security. An example is the lack of awareness as to which OT assets to protect and which vulnerabilities to address. Moreover, another challenge remains the human error and the lack of training, which comes with the lack of cyber skilled staff, that may lead to a cyber-attack.
Furthermore, Mr. Christofis explained the importance of understanding the motivation behind the hacker’s attack, as he argued that the attack is not only being done for the money. Mr. Christofis referred to the geopolitical attacks, which are being done by people who make a living out of it, giving a geopolitical perspective in cyber-attacks.
Cyber-attack as a business imperative
It was argued that the shipping industry is both aware and unaware of cyber hazards. Mr. Sardis, explained that the mentality noticed in the shipping sector is “cyber-attack might happen to somebody else and not to me”. This shows that the industry remains partly ignorant of how severe a cyber-attack could be for both the shipping company, as it could lead to economic losses, as well as the vessel’s safe operation, as it could lead to a fatality or severe casualty. Concerning the industry’s evolution on handling cyber-attacks, Mr. Sardis commented that it is not a wait and see situation.
In addition, cyber security has to be a business decision for shipping companies. In other words, as operations become more and more connected between vessels and companies on shore, it is highly crucial that shipping companies develop and implement a cyber security plan. Mr. Yannis Maroulis, ABS Group, Manager, Business Development, noted that nowadays government make cyber security a priority, while insurers work better to understand cyber risk.
COVID-19 role in digitalization
The new normal arising during the pandemic is now remote surveys and inspections, as much as possible. In the question on how the COVID-19 impacted the shipping’s evolution in the digital part, the attendees explained that the people of the sector quickly adapted to the new normal. Also, it was stated that money spent on technology will always come with a fruitful outcome, as seen now. Technology plays a crucial role during the pandemic, from remote inspections to the majority of employees working from home.
Concluding, the experts noted that overall, cyber security regulations and their implementation will be a good start to drastically deal with the cyber risks. The mentality should be that whatever the regulations and legislations are, the industry has to change its mind and move forward.
