A paper issued last month by Future Directions International highlighted that the maritime industry remains unprepared for future cyber security threats.
According to the author, Professor Vivian Louis Forbes, the industry is heavily reliant on electronic commerce (e-business) in many aspects of its daily business, such as recordkeeping, human resources data, the loading and discharging of cargo and the location of containers on the docks, on land transportation and on ships, which makes shipping cyber vulnerable.
Companies are increasingly using cutting-edge techniques to stop cyber criminals from breaching their networks, but many are still not effectively protected. While governments have enacted legislation to counter such attacks, the implementation of legislation and international conventions does not, at present, appear to be entirely effective.
- The volume, impact and sophistication of cyber attacks have grown at an alarming rate. Worldwide, nearly 17 million attacks reportedly occur each week.
- With around 50,000 ships at sea or in port at any one time, the maritime transport industry is highly exposed to cyberattacks.
- Vessels do not need to be attacked directly. An attack can arrive via a company’s shore-based Information Technology systems and very easily penetrate a ship’s critical onboard Operational Technology systems.
- IMO reacted quickly in introducing guidelines in response to terrorist attacks on shipping, but has arguably been slower in formulating appropriate cyber security regulations.
- The maritime industry appears still to be ill-equipped to deal with such future challenges as the cybersecurity of fully autonomous vessels.
Moving further, Dr. Forbes cites key issues that make cyber security for the maritime industry particularly complex:
- There are many different classes of ships, tugs and boats, all of which operate in very different environments. These vessels tend to have different computer systems built into them.
- Many ships operate outdated operating systems, which are the ones most prone to cyber attacks. The users of these maritime computer systems are in constant change.
- Ship crews are highly dynamic, often changing at short notice or more regularly over periods of three to six weeks. As a result, crews are often using systems that they are unfamiliar with, increasing the potential for cybersecurity incidents relating to human error.
- The maintenance of shipboard systems, including navigational systems, is often contracted out to a variety of third parties. Much the same situation exists in land-based small enterprises.
- It is perfectly possible that a ship’s crew may have little understanding of how different onboard systems interact with each other. The linkage between onboard and terrestrial systems adds to the complexity. Many maritime companies stay in constant communication with the Masters of their ships.
Professor Forbes proceeds to explain that cyber security is not just about preventing hackers from gaining access to systems, but also about protecting digital assets and information, ensuring business continuity and making sure that the maritime industry is resilient to outside threats.
Historically, the sea has been one of the most important conduits of economic prosperity. Due to the inherent dangers of the maritime environment – maritime terrorism, triggerhappy hijackers and sea pirates, negligent mariners and, now, cyber-criminals – the shipping industry must be more vigilant than ever if the global economy is to be sustained.
Explore more herebelow: