Cyber security has been a major challenge for shipping in the past years. Growing connectivity networks and digitalization efforts modernize shipping but also pose a serious threat to its integrity when targeted by malicious attacks.
Safety and Shipping Review 2023 highlights its vital that investment in cyber risk education and security is not neglected at this time, despite economic and decarbonization pressures, as this risk has the potential to have catastrophic consequences, given the right confluence of events.ajor recently released industry studies have analyzed the subject. For instance, Allianz in its
In its latest Risk Barometer report, Allianz reported that cyber risks, such as IT outages, ransomware attacks or data breaches, rank as the most important risk globally (34% of responses).
In Safety and Shipping Review 2023, Allianz notes that to date, most cyber incidents in the shipping industry have been shore-based, such as ransomware and malware attacks against shipping companies’ and ports’ database systems.
For instance, the Port of London Authority as well as Port of Los Angeles reported incidents of cyber attacks last year while the Port of Halifax and the ports of Montreal and Quebec were all hit by cyber attacks in April.
In addition, last July, the Tokyo MOU PSC database, APCIS, suffered an outage likely due to a cyber attack. This resulted in the unavailability of the whole system for a couple of weeks and the restoration of full data for several months.
All four of the largest shipping companies, Maersk, COSCO, MSC, and CMA CGM have been victims of cyber-attacks in recent years, according to Allianz. Furthermore, earlier this year DNV suffered a major ransomware attack, affecting around 1,000 vessels that rely on its technology.
Prevention measures and how to handle a cyber attack
According to DNV’s Maritime Cyber Priority 2023, achieving a more cyber-secure supply chain is far from easy. For this to happen, operators need to thoroughly audit their vendors’ cybersecurity requirements during procurement, installation and operation of equipment, systems, and software.
Shipowners also need to implement risk control processes and contingency planning, developing and implementing activities necessary to quickly detect a cyber event. Identifying measures to back up and restore cyber systems impacted by a cyber event is obviously crucial.
… said aptain Rahul Khanna, Global Head of Marine Risk Consulting at Allianz Global Corporate & Specialty (AGCS).
Fortunately, Allianz claims that there are also a growing number of resources available to help mariners learn about common vulnerabilities. Just one example is the internationally-recognized United States Maritime Resource Center, which assists the industry in cyber awareness, safety and security through evidence-based research.
U.S. Coast Guard also proposed mitigation recommendations in their recent Cyber Trends and Insights in the Marine Environment 2022:
- Password policies
- Multi-factor authentication
- Filter network traffic
- Privileged account management
- Software updates
- User training
- Account use policies
Then there are an increasing number of cyber security guidelines which can be followed, such as those from the International Maritime Organization, but also from other important organizations such as the Baltic and International Maritime Council (BIMCO), Intercargo and Intertanko.
There are also standard practices that can be implemented to reduce cyber risk, such as defining personnel roles and responsibilities for cyber risk management and identifying the systems, assets and data that, when disrupted, pose risks to ship operations
… said Captain Rahul Khanna, Global Head of Marine Risk Consulting at Allianz Global Corporate & Specialty (AGCS).