The International Maritime Bureau (IMB) is asking shipping and maritime companies to be vigilant to the potential commercial impact that cyber-attacks can cause.
IMB says that cyber security is not only about trying to identify and to prevent systems on board ships from getting hacked or ‘taken over’.
“There is also a very real danger that emails being sent to and from ships are monitored or altered. This could have huge commercial effect on vessels,” an IMB spokesman said.
The recommendations are aimed at enabling stakeholders to take necessary steps to safeguard shipping from current and emerging threats and vulnerabilities related to digitisation, integration and automation of processes and systems in shipping.
IMO says the interim guidelines seek to provide high-level recommendations for maritime cyber risk management.
This refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures due to information or systems being corrupted, lost or compromised.
A new study led by Plymouth University’s Maritime Cyber Threats Research Group established that vessels are under significant threat of cyber-attack because many are carrying outdated software and were not designed with cyber security in mind.
It said traditionally, attacks on ships have included piracy, boarding and theft, and while these attacks have often been successful and continue, they are well understood.
In contrast, the research says cyber-attacks are stealthier, and have a range of potential implications including business disruption, financial loss, damage to reputation, damage to goods and environment, incident response cost, and fines and/or legal issues.
The paper’s lead author, Professor Kevin Jones, Executive Dean of Science and Engineering at the University, said,
“In an increasingly connected and technologically dependent world, new areas of vulnerability are emerging. However, this dependency increases the vessel’s presence in the cyber domain, increasing its chances of being targeted and offering new vectors for such attacks.
“Longer term, there needs to be a fundamentally different approach to security of the entire maritime infrastructure meaning there is great need for specific cyber security research programmes focused on the maritime sector,” he said.
The research suggests maritime cyber-attacks would most likely target systems responsible for navigation, propulsion, and cargo-related functions, with many incentives for attackers, given that over 90 percent of world trade occurs via the oceans.
It however says that operators could easily mitigate against such dangers by updating security systems, improving ship design and providing better training for crews.
Source: IMB