The pace of overall technology development has been unprecedentedly fast in the past few years and more developments are looming in the forthcoming years to make the smart shipping concept a reality. However, the 'smart era' escalates cyber security risks; last year shipping industry reported the first significant cyber incidents which rang the bell for this new kind of threats. Certainly, with the sheer amount of data getting generated globally across the shipping industry, cyber security is one the major issues that needs to be addressed.
The event, organized by SAFETY4SEA, brought together global experts who focused on the recent and future cyber challenges that shipping faces amid digital transformation. The presentations, which were given in two sessions, provided a comprehensive review of current cyber threats and outlook for effective ‘cyber hygiene’, examining both the theoretical framework and lessons learned from response to cyber-attacks that have been recorded.
Session # 1 – The Theoretical Framework
Mr. Max J.Bobys, VP Global Strategies, HudsonAnalytix, gave a presentation with the aim to initially characterize the rapidly evolving cyber threat landscape and place it in maritime industry context. The IMO’s current cyber risk management framework was presented and reviewed, including the identification and overview of associated standards, models and frameworks that provide its core foundation. Mr. Bobys also referred to common questions and key insights into the challenges today’s shipping companies are faced with, and discussed about the forthcoming trends. Concluding his presentation, he highlighted that an assessment approach for initiating organizational cyber risk management and sustaining risk reduction activities that’s consistent with the IMO’s guidelines, is essential to any organization.
Mr. Colin Gillespie, Deputy Director (Loss Prevention), The North of England P&I Club, highlighted that the risk of cyber-attacks is ever present across all industries and sectors. The IMO has recognized the threat of cyberattacks in the marine industry and will require ship operators to consider cyber risk management as a part of their safety management system. Mr. Gillespie briefly presented both the H&M and the P&I position towards cyber risks and preparedness. Also he gave the owner’s picture towards cyber seaworthiness and suggested available useful tools that can help to create awareness over the issue such the ‘Be Cyber Aware At Sea’ initiative and CSO Alliance. Finally, Mr. Gillespie highlighted that there is need to keep up momentum and dialogue to counter cyber security threats.
Mr. Nick Taylor, Consultant, Shoreline, provided feedback on the topic of Cyber or IT Security from the insurer’s perspective, noting that shipowners are facing a number of calls to address them across all aspects of their operations. The pressure is not yet as severe as that imposed by the Oil Pollution Act 1990, where attitudes to preventing environmental pollution had materially to change, and successfully so. In response to evident client demand to address the situation, the insurance industry has been led by Shoreline into offering to indemnify the financial costs of the disruption caused by a CyberCrime attack in respect of the whole business, at sea or ashore. Mr. Taylor further said that the insurance will take its place in accepting the transfer of those risks that are either too costly to prevent or where the threat remains as yet unrecognised, as an integral part of a well-developed risk management programme.
Mr. Chronis Kapalidis, Academy Stavros Niarchos Foundation Fellow, International Security Department, Chatham House, focused on the EU GDPR, an important legislation for the data protection, effective from May 25th2018, which is undoubtedly a great challenge for cyber security that cannot be ignored. In this regard, Mr. Kapalidis shared five best practices in order organizations to successfully comply with the regulation and at the same time effectively safeguard and secure personal data amid possible cyber threats. Therefore, it is important all organizations to invest in cyber security; decide to take up cyber insurance; report breaches responsibly within 72 hours as per regulation; understand the risks and not leave it to the IT team only; and finally regularly review procedures and not be complacent.
Session # 2 – The Practical Aspects
Mr. Demetres Armanes, PhD, Senior Research Engineer, Engineering and Technology, Global Ships Systems Center, American Bureau of Shipping, argued that cybersecurity is a wide-ranging, cross-platform issue for which ABS brings together information technology (IT) and operational technologies (OT) in a unique approach. This approach moves clients from a traditional set of basic procedures covering corporate organization and governance to a digitally informed, detailed capability and task-assessment cycle. In particular, it aims to identify and address Operational Technology (OT) cyber-risk vulnerabilities for marine and offshore assets and fleets with a view to compile an industry standard with actionable tasks to improve cyber intelligence and security implementation.
Mrs. Cynthia Hudson, CEO, HudsonAnalytix, delivered a presentation of the practical approach a ship operator must undertake in order to address the important risk of cyber security. The methods provided put the ship operator in control of this critical risk element and enables him to assess his exposure; identify and measure his present level of cyber readiness; and give him the tools to implement a robust enterprise wide sustainable cyber maturity program which is continuously indicating and documenting progress and achievements in the protection of the assets of the company.
Mrs. Eftihia Benaki, IT Manager, Minerva Marine Inc, referred to the three principal risks an organization could face in an event of cyber breach: Business Operational Risk, Reputational Risk and Legal or Compliance Risk. When it comes to shipping, she said, the risk may affect Safety and Environment, which makes it even more serious. Although IT Teams have been working on security for years, shipping industry is lately being forced with regulations to include cyber risk in its safety management system. Mrs. Benaki further explained that Minerva Marine is working on three pillars to address cyber security. The first one is to raise awareness, on shore and onboard, either with formal training courses or by alternative means. The second one covers the procedural part, with the help of a risk assessment platform and vulnerability assessments and the third one is investing on new technology to protect information and operational assets.
Mr. Apostolos Belokas, Managing Editor, SAFETY4SEA, provided lessons learned from recent cyber incidents and addressed future challenges. Mr. Belokas started his presentation highlighting that according to a recent survey by Allianz, cyber-crime is considered one of the top five risks in shipping. Considering all incidents so far, from attacks recorded in the maritime industry (Saudi Aramco, IRISL, Maersk, Clarkson) until the recent data security breach of Facebook, we certainly need to better prepare for the unknown challenges ahead by applying lessons learned, he commented. However, non-reporting of this kind of incidents and not testing of cyber capabilities do not help in tackling the issue. Concluding his presentation, Mr. Belokas further noted that mindset seems to be the biggest obstacle towards cyber hygiene; overall the resistance to change is of human nature.
All sessions ended with a round table discussion in which the audience exchanged ideas with high level experts of international repute on technological developments. Finally, Apostolos Belokas as the Event Facilitator thanked the delegates for their participation and the speakers for their excellent presentations and also the organizing team of the event for their contribution towards forum objectives. Explore more about the event at https://events.safety4sea.com/safety4sea-cyber-masterclass/