During Posidonia 2018, SAFETY4SEA team met with Mr. Pantelis Skinitis, Business Development at ABS, to discuss about industry’s response to cyber risks. Mr. Skinitis noted that shipping industry needs specific guidance on how to implement any cyber security regulatory framework and advised to follow the example from other industries; thus shipping needs to adopt technologies that already exist in order to gain full access and control of all the critical functions onboard.
SAFETY4SEA: What are the key drivers and barriers towards ‘cyber hygiene’ in maritime industry?
Pantelis Skinitis: Most of the failures in ‘cyber hygiene’ are due to the failure to execute formal policies and procedures in a cyber program. That alone should be a driver for the owners and the operators. There are a lot of issues that we have, because most of the time there is lack of training, of rigorous policies and procedures implemented by organizations. Also, there is lack of software infrastructure and architecture and absence of software management of change; these are some of the barriers.
S4S: What would be the biggest challenge in terms of cyber safety and security up to 2020 for the industry?
P.Sk.: Having a model that you are able to quantify and measure cyber risk, and also being able to carry out an assessment that can eliminate or detect the cyber risks onboard the vessels in the shipping industry, will be a very critical issue as we move forward. Also, as there is a lot of integration of systems onboard, coming up with a model that enables you to quantify how the different systems integrate with each other, is going to be another challenge.
S4S: Do you believe that the current regulatory framework is satisfactory to mitigate cyber risks? What could be done to move forward?
P.Sk.: I don’t think the frameworks are good because a framework is one dimensional; it basically provides you with a baseline on best practices, but what you need is a more holistic approach to the problem. You need specific guidance on how to implement the framework.
S4S: What are the lessons to be learned from other industries with respect to response to cyber risks?
P.Sk.: The industry needs policies and procedures that need to be implemented all across the board; also a good architecture topology of the systems connections is essential as access and control of the different connection modes on the critical functions on the vessel is required. These technologies already exist and need to be learned and applied in the maritime industry as well.
S4S: What is your key message to stakeholders for a change in the perception from cyber security to cyber resilience within the organizations in the maritime industry?
P.Sk.: Stakeholders need to understand that the heart of the problem is cyber risk. How you are able to measure that, mitigate it and protect it at the local location is very critical. Therefore, industry stakeholders need to understand that all the software critical functions onboard the vessel, how those are connected and whether there is an untrusted identity that accesses those functions, would be very critical in mitigating successfully cyber risks in the maritime industry.
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
View herebelow SAFETY4SEA video interview with Pantelis Skinitis, Business Development, ABS at Posidonia 2018, June 4-8, Metropolitan Expo, Athens