Subscribe to our Mailing Lists (It's free!)
Friday, July 11, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    IMO piracy

    IMO Piracy Report: Twenty five incidents during May 2025

    Dryad Global

    Dryad Global: Geopolitical tensions continue to shape maritime landscape

    ireland drug seizure

    Ireland’s largest drug smuggling plot leads to eight men in jail

    limpet mines tankers

    Greek tanker fleet boosts security amid limpet mine fears

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

    clean air act

    California updates ballast rules for water from low salinity areas

    biofuels

    India’s DGS issues biofuel bunkering guidelines

    biofuel

    Companies sign deal to advance crude lignin oil biofuel

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Panama Canal

    Panama Canal reports increase in transits despite dry season

    UNCTAD

    UNCTAD: Global trade endures policy changes and uncertainty

    Eternity C

    Watch: Eternity C sinks in the Red Sea following Houthi attack

    newbuildings xclusiv shipbrokers

    Xclusiv Shipbrokers: Newbuilding momentum slows sharply in 2025

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    IMO piracy

    IMO Piracy Report: Twenty five incidents during May 2025

    Dryad Global

    Dryad Global: Geopolitical tensions continue to shape maritime landscape

    ireland drug seizure

    Ireland’s largest drug smuggling plot leads to eight men in jail

    limpet mines tankers

    Greek tanker fleet boosts security amid limpet mine fears

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

    clean air act

    California updates ballast rules for water from low salinity areas

    biofuels

    India’s DGS issues biofuel bunkering guidelines

    biofuel

    Companies sign deal to advance crude lignin oil biofuel

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Panama Canal

    Panama Canal reports increase in transits despite dry season

    UNCTAD

    UNCTAD: Global trade endures policy changes and uncertainty

    Eternity C

    Watch: Eternity C sinks in the Red Sea following Houthi attack

    newbuildings xclusiv shipbrokers

    Xclusiv Shipbrokers: Newbuilding momentum slows sharply in 2025

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Managing cyber risk in the smart era

by Max J. Bobys
September 26, 2018
in Cyber Security, Opinions
cyber attack vallianz
FacebookTwitterEmailLinkedin

The pace in overall technology development in the world has been unprecedentedly fast, however, there is concern that the shipping industry moves slowly due to some of its traditional characteristics and resistance to change. Mr. Max Bobys,Vice President, HudsonCyber, gives his insights on how shipping could move forward and accelerate in the smart era, noting also that cyber risks are looming; thus he suggests four key steps to help shipowners safeguard their businesses.

As a boy my father regularly invoked a modified version of Sir Isaac Newton’s first law of motion: “a body at rest remains at rest until given a stiff kick in the rear end”.  In other words, a body’s natural state is one of unchanged behavior until an outside force impacts it.  In this respect, Newton anticipated my father’s motivational intent.

Both my father and Newton’s observations remain instructive regarding the resistance to change exhibited by many shipowners’ desire to maintain the natural state of business as usual in the “Smart Era”.  Reluctant to change, they excuse decisions based on market dynamics, cast responsibility to IT staff, resist investment, and hope to avoid a major attack in today’s “cyberized” environment.

It is axiomatic among shipowners that shipping is an aggressive business; in broad terms charter rates remain competitive, and despite increases in container volumes, for example, slim profits persist.  The day-to-day market dynamics of shipping are tough. It therefore remains unsurprising that many shipowners have little appetite for allocating discretionary funds to invest in cybersecurity.  Surprisingly, this posture persists even among some who have suffered cyber attacks. Such continued resistance leaves companies vulnerable.

RelatedNews

Watch: Avoid the risk of electrocution for shipboard welding

SQE MARINE: Keep your Biofouling Management Plan up to date

While some early adopters have embraced new ways of addressing cybersecurity challenges, many remain stubbornly doubtful about the extent to which they must assume oversight.  Their natural instinct is to delegate cybersecurity responsibility to Information Technology (IT) staff.  However, as the shipping industry enters the 21st century’s hyper-connected Smart Era this is a critical mistake.

Certainly, IT staff are expert in dealing with IT based applications and systems, combating cyber threats daily, but effective organizational cybersecurity neither begins nor ends with them. As ships and fleets become more inter-connected, deploying Internet-of-Things (IoT) enabled technologies, networked-enabled systems, and predictive analytics, shipowners must accept the Smart Era’s new normal.  By relinquishing cyber risk management responsibility to IT staff, they are inadvertently placing their company at a disadvantage in an age of hyper-competition, rapid technical innovation and adaption, and chronic cyber threat evolution and pervasiveness.

IT-only leadership on cybersecurity responsibility, oversight and accountability misplaces the responsibility of managing Balance Sheet risk. IT cybersecurity activities are only effective if there exists alignment with other personnel across the business –spanning security, engineering, crewing, ship management, health and safety, compliance, training, finance and administration – and especially the DPAs.  To implement effective cyber risk management, shipowners and Boards of Directors must assume primary overall responsibility for leading and managing their organization’s cyber risk management efforts.

With information breaches reported daily, Newton’s cyber “kicks” keep coming and should serve as sobering reminders to any shipowner left wondering about the potential impact of a successful cyber attack.  As Maersk’s experience with the NotPetya attack in 2017 and Cosco Shipping’s recent Ransomeware incident highlight, cyber attacks can still impact the broader operations, market brand and revenue of a modern shipping company.

Though more details in Cosco’s experience will likely emerge, Møller-Maersk’s chair, Jim Hagemann Snabe, recently disclosed, their cyber incident response efforts necessitated “heroic” internal efforts, which involved the re-installation of “4,000 new servers, 45,000 new computers and 2,500 applications.” Mr. Snabe went on to state that the recovery effort encompassed the company’s “complete infrastructure,” and total revised loss estimates range between USD $250-300 million.

To succeed in the Smart Era shipowners must first understand three key points.  First, they must assume overall responsibility for cybersecurity.  Second, they must recognize that there exists no ‘magic bullet’ for purchase that can solve all their cybersecurity needs.

Shipowners must accept the fact that at some point their company will be compromised by a cyber threat which will significantly impact their operations organization wide

Here are four key steps to help shipowners position their businesses for managing cyber risk in the Smart Era:

#1 Develop cyber loss scenarios

It’s critical to understand the business’s exposure in financial terms. Develop a set of cyber loss scenarios that could realistically impact the business and determine their exposure values.  While smaller scale scenarios cover site-specific instances, such as how a vessel or an office might be impacted, broader thinking is recommended to characterize how a multi-vessel/site attack might impact the overall business.

#2 Review and test existing insurance policies against the loss scenarios

Attempt to uncover any gaps that may leave the company vulnerable.  Cyber threats in the Smart Era can impact the entire loss spectrum, spanning first and third – party tangible and financial losses.  Are you covered? How might your insurers respond?  Determine cyber risks for acceptance, tolerance and transfer.

#3 Perform a top-down, cybersecurity capability maturity-model based evaluation

This should not be characterized as a compliance exercise with the objective being certification.  Managing cyber risk is not a once-a-year activity.  Shipowners must understand that cyber risk represents a chronic peril that must be continuously and proactively managed as an organizational risk.  A maturity-model approach uncovers vulnerabilities and opportunities for continuous improvement.

#4 Sustain Cyber Risk Management Resources

Endeavor to sustain an appropriate balance of resources (e.g. people, processes, tools, and funding) to support continuous improvement and incident response activities that align fleet and shore based assets. For example, ensure personnel are trained; revise contracts and vendor reporting requirements; update insurance policies to support incident reporting and recovery; and establish and maintain budgets to support a range of technical and non-technical cybersecurity investments.

The above steps are intended to help shipowners understand how to approach and manage the complexities of cyber risk, as well as to lessen the impact of an eventual stiff cyber kick in the “rear end” that all companies will eventually suffer in the Smart Era.

 

The views presented hereabove are only those of the author and not necessarily those of  SAFETY4SEA and are for information sharing and discussion  purposes only.

 


 

About Max J. Bobys, Vice President, HudsonCyber

Managing cyber risk in the smart eraMr. Bobys draws on 24 years of experience with technology startups, enterprise risk management, and new product development, spanning such disciplines as cybersecurity and integrated physical/electronic security systems in the maritime security space.  As Vice President of Global Strategies for HudsonAnalytix, Inc., a global maritime risk management firm, he currently leads the company’s cyber risk management practice: HudsonAnalytix Cyber (“HA-Cyber”), which specializes in bringing to market best-in-class cyber risk management, assessment and cyber threat information sharing solutions tailored specifically to the global maritime industry.  In this capacity, he led the design and is currently leading the delivery of HA-Cyber’s first-to-market, award-winning maritime cybersecurity assessment and management platform, HACyberLogix (www.hacyberlogix.com).  In addition, he works closely with HudsonTrident, the company’s security arm, in supporting maritime clients with converged and evolving cyber-physical security requirements.  Mr. Bobys previously served in a variety of executive positions at such companies as Civitas Strategy Group, providing specialized advisory support to companies in the Homeland Security, Defense and Intelligence markets; as well as BAE Systems, Stanley, and Ciber, among others.

Mr. Bobys has also successfully co-founded several companies offering innovative, first-to-market capabilities in the cybersecurity space.  These include, among others, Axio, a niche advisory firm specializing in measuring enterprise cyber risk and the underwriting major cyber insurance instruments; Global Cyber Security, a provider of specialized cyber threat intelligence services; and Smart Security Group, a provider of security training and compliance management solutions for the global maritime security market.  He has supported a wide range of clients, including various U.S. Federal, State and Local Government bodies, including all branches of the U.S. Department of Defense, NATO, and numerous allied governments in Europe, Latin America and the Caribbean.  He has spoken widely on the subject of maritime cybersecurity throughout the Americas, Europe, Africa and Asia. He currently advises the Organization of American States’ Inter-American Committee on Ports on matters of maritime cyber risk management, is the co-founder and Vice-Chair of the Maritime Technology Society’s Maritime Cybersecurity and Infrastructure Committee, and serves on the Delaware Bay Area Maritime Security Committee’s Sub-Committee on Cybersecurity.

Managing cyber risk in the smart eraManaging cyber risk in the smart era
Managing cyber risk in the smart eraManaging cyber risk in the smart era
Tags: best practicescyber securityfuture of shipping
Previous Post

Arctic Environment Ministers to explore solutions for the Arctic environment

Next Post

Tackling the threat of shipborne legionella: What you should know

Max J. Bobys

Max J. Bobys

Max J. Bobys draws on 24 years of experience with technology startups, enterprise risk management, and new product development, spanning such disciplines as cybersecurity and integrated physical/electronic security systems in the maritime security space.  As Vice President of Global Strategies for HudsonAnalytix, Inc., a global maritime risk management firm, he currently leads the company’s cyber risk management practice: HudsonAnalytix Cyber (“HA-Cyber”), which specializes in bringing to market best-in-class cyber risk management, assessment and cyber threat information sharing solutions tailored specifically to the global maritime industry.  In this capacity, he led the design and is currently leading the delivery of HA-Cyber’s first-to-market, award-winning maritime cybersecurity assessment and management platform, HACyberLogix (www.hacyberlogix.com).  In addition, he works closely with HudsonTrident, the company’s security arm, in supporting maritime clients with converged and evolving cyber-physical security requirements.  Mr. Bobys previously served in a variety of executive positions at such companies as Civitas Strategy Group, providing specialized advisory support to companies in the Homeland Security, Defense and Intelligence markets; as well as BAE Systems, Stanley, and Ciber, among others.

SUGGESTED FOR YOU

GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility
Opinions

GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

July 7, 2025
Year in Review: How the Russian invasion of Ukraine affected shipping in 2022
Regulation

LR: New requirements for lifting appliances and anchor winches

July 3, 2025
nuclear power
Green Shipping

Nuclear shipping inches closer to reality: Latest developments

July 3, 2025
accidents regulations
Videos

Watch: Key equipment that can aid in MOB recovery

July 2, 2025
speaking up culture
Maritime Knowledge

Addressing crew shortage: Zero tolerance and clear consequences for unacceptable behaviour

June 30, 2025
IMPA: 85% of non-compliance not reported to port State authorities
Safety

IMPA: 85% of non-compliance not reported to port State authorities

June 30, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA