The International Maritime Organization (IMO) has launched a new cyber security toolkit that will help the global maritime industry respond better to ever-evolving ‘insider threats’.
Insider threat refers to the risk that arises from a maritime employee carrying out or enabling a security incident, either through a lack of awareness, complacency or maliciousness. According to IMO, for terrorists and organized crime groups who are constantly looking to exploit vulnerabilities in security controls of ports and ships, insiders can offer a tactical advantage, as they hold privileged access to secured locations, items or sensitive information.
As stated in the DNV Maritime Cyber Priority 2023, barely 3 in 10 (31%) maritime professionals believe that organizations within their sector are effective at sharing information and lessons learned about cyber security risks, threats and incidents.
In its Risk Watch publication, Britannia P&I Club explains that the cost of cyber attacks worldwide is startling, with global costs from cyber crime predicted to exceed USD 10 trillion by 2025. Although shipping remains a small part of this total, cyber attacks in the maritime industry are becoming increasingly costly. Recent data shows that a cyber attack now costs the targeted organisation an average of USD 550,000.
Security culture
As noted in the Toolkit, a strong and effective security culture means: Establishing a positive security culture throughout the maritime sector is essential to mitigating insider threats and delivering effective and robust security outcomes. Employees can be:
- motivated and informed about insider risks through regular briefings on threats and wider security issues;
- trained to identify and report anomalous or suspicious behaviours; and
- be a valuable source of information on vulnerabilities and how to address them.
To address the issue, IMO partnered with the International Civil Aviation Organization (ICAO) to develop the new Insider Threat Toolkit. The toolkit outlines various good practice security measures, including background checks and vetting, access control measures, patrolling, surveillance and monitoring, advance technologies and the use of artificial intelligence.
We currently face an extremely diverse and challenging set of maritime security threats and risks globally. A ‘One-UN’ approach involving all partner UN organizations and agencies is critical, and we are grateful to ICAO for their strong support in producing this new Toolkit to address the threat of insiders in the maritime sector.
… said Andrew Clarke, Technical Officer, Maritime Security Section at IMO
The toolkit can be used by any organization operating in the maritime environment, including Maritime Administrations, Designated Authorities, shipping companies, port operators and other maritime stakeholders.