Except the pandemic and the risks arising, the shipping industry has to deal with a rise in cyber-attacks against superyachts and the forthcoming IMO requirements on the sector’s cyber security systems from January.
To remind, by January 1st, 2020, cyber security will come under the remit of the International Safety Management System (ISM) Code, supported by the IMO Resolution MSC.428(98), requiring shipowners and managers to assess cyber risk and implement relevant measures. Following new technology, more autonomy and greater connectivity, all contributing to greater cyber risk, experts at Lloyd’s Register (LR) and Nettitude address the need for superyacht owners and managers to take a proactive approach during interactive webinar last month.
Now, Lloyd’s Register explains that even prior to the pandemic, there was an increase and frequency observed in cyber attacks in the maritime sector.
In both information technology (IT) and operational technology (OT), the risk curve is rising as criminals see more opportunities for attack, Engel-Jan de Boer, LR Yacht Segment Manager, warned. This poses a growing threat to owners and managers, superyacht crews, guests and shoreside facilities including harbours and service providers.
Yet, according to de Boer more information exchange – perhaps on a confidential platform – would be helpful both in tackling the incidence and severity of superyacht cyber-crime. The cost of inaction is high, he warned, with risks including espionage, reputation damage, invasion of privacy, vessel and personnel safety, hijacking, ransom and, in the very worst case, assassination.
However, he commented that the IMO’s new regulations are not the only ones of which those involved in the sector need to be aware. Other authorities, including the US Coast Guard, are also stepping up requirements.
In order to explain what can be done better, Nettitude specialists Joe Donohue, Senior Information Security Expert, and Lukasz Michalski, Senior Security Expert, explained what owners and managers should do to prepare for the new requirements. They highlighted that it would be helpful to provide the basis for a cyber risk plan “in weeks”.
Concluding, LR issues a wake-up call for those hoping to sail under the radar, particularly owners and operators of vessels under 500 gross tons, exempt from the January regulations. They should examine their vessel insurance policies closely.
