Be Cyber Aware At Sea campaign issued its monthly Phish&Ships newsletter, exploring the development of best practices when it comes to cyber security in shipping industry and their impact on safety of navigation.
The most recent example of a major cyber attack affecting the industry is Danish shipping giant Maersk, last June. Soren Skou, the CEO of AP Moller – Maersk, has, for the first time approximated the hit in revenues they suffered in the wake of Not Petya at $300m.
As explained, the maritime industry appears to be specifically vulnerable to cyber attacks due to several factors, including:
- The fact that IT systems onboard were designed with the concept ‘the system must work under all conditions’, instead of ‘the system must work securely’ mind set.
- The wide chain of people involved in day-to-day operations. Several parties – crew, managers, service personnel, pilots, auditors, inspectors, charterers – cooperate in operating the vessel.
In order to overcome the challenges posed, the industry needs to go through a change of mindset to one where technology is used more consciously, and where technology purchasing decisions take cyber security into consideration.
However, it is noted that, in shipping, there is always a human element to consider, even with something so technical as cyber security. Crew training, therefore, is essential in implementing good cyber hygiene.
“We can have the best technical solutions, policies and procedures in the world but if people aren’t trained properly and don’t understand what the threat is, then all the above are not wise investments at all”, Be Cyber Aware At Sea’s Jordan Wylie warned. “Training needs to cover prevention, detection and cure.”
Cyber risk awareness, he notes, needs to be raised at all levels in the organisation:
- drilling into people the risks of opening suspicious email attachments,
- teaching how to determine what is suspicious, and
- how to recognise when there might have been a security breach.
In addition, he suggested discipline in backing up data and cyber drill to practice the regime to kick in during the event of an attack.
Tackling cyber threats from a standing start can be intimidating for many reasons. Security systems can seem daunting and confusing, while the costs can appear overwhelming and operation technology data heavy and vulnerable. However, it is imperative that a robust cyber security system is built sooner rather than later. First four steps could be:
- Assess your current cyber state
- Review your policies and procedures
- Create a data map of the network and how your data interacts
- Review the systems to help identify priorities – are they outdated/unsupported and configured correctly?
Explore more by reading the official newsletter herebelow:
MANILA 2010 was a LARGE PRESENT FOR OWNERS N INSURANCES FURTHER THE BILL HAD BEEN PAYED BY SEAFARERS ONLY! IMO SHOLD REVERSE THIS CONDITIONS AT LEAST FIFTY/FIFTY BETWEEN PARTIES INVOLVED.