KVH Industries hosted maritime industry leaders for a frank discussion about cyber security prior to the start of the CMA Shipping 2016 conference in Stamford, Connecticut. During the roundtable, a range of concerns about the current level of vulnerability emerged. Among the key issues identified were complacency by ship operators, lack of training for crew, non-existent contingency plans for dealing with a cyber attack, and the need for a set of best practices for minimizing risks.
“We need to bring the same best practices that we expect on shore and in our corporate networks to ships,” said Rick Driscoll, KVH vice president of satellite products and services. “Ship operators need to make sure there’s a process that is consistent throughout their organization, especially as ships are increasing their data usage. For example, a vessel’s digital systems must be configured to ensure personal devices brought onboard by the crew use a network separate from ship operations, and that individual passwords are utilized when logging onto the ship’s computer systems, rather than relying on one password common to the ship. Those practices would be standard procedure anywhere else.”
Several panelists mentioned that the issue is only beginning to be understood by the industry. “I think currently ships are relatively low-tech, and there is a high degree of complacency,” said Peter Hinchliffe, secretary general, ICS. “As ships get more high tech, which is happening rapidly, we very much need guidelines and contingency plans.”
To instill safe cyber behavior among onboard personnel, panelists mentioned the importance of training. “With increased emphasis on minimizing cyber risks, education and training of the seafarers is vital, but it must be supported from the top,” says Nigel Cleave, CEO of Videotel, a KVH company. “Crew need to be aware of the risks, for example, of bringing unlicensed material onboard, which could introduce a virus or other problem.”
One particularly challenging aspect discussed by the panel is the fact that maritime regulations may never be able to keep up with the fast pace of cyber crimes, which are continually evolving. Regulations must be accompanied by a shift in mindset, panelists noted, so that awareness is raised on every level, whether it is about the personal devices brought onboard or a malicious attack that could compromise a ship’s navigation system.
Industry guidelines, it was felt, should ensure that vessels have cyber attack contingency plans in place and are doing drills just as they do for other types of safety risks onboard. “Regulations can set minimum levels of security practices, and industry guidelines can build on that,” said KVH’s Rick Driscoll. “Just as on land, it is impossible to be 100% protected against cyber risks. However, establishing contingency plans and following cyber safety measures will give vessels a much higher level of protection.”