North P&I Club has set out the growing range of cyber risks now facing shipowners in a new loss prevention briefing. Entitled Cyber Risks and Shipping, the briefing outlines the increasing sophistication of cyber criminals and raises the need for mitigation measures to be taken by shipowners.
According to North’s loss prevention director Tony Baker,
‘When we talk of cyber risks we mean any accident, incident, financial loss, business disruption or reputational damage which arises through the failure of electronic systems or through their manipulation. The risks of on-board electronic equipment failure are generally well known in the shipping industry, but unauthorised access or malicious attacks are relatively new threats.’
Baker says P&I policies cover liabilities arising from cyber risks in the same way as those arising from traditional risks, subject to P&I club rules.
‘The rules generally require members to show they have taken all reasonable measures to prevent losses and liabilities arising. Given the increasing use of technology on board and the potential impact of cyber risks on vessel operations, a proper cyber security policy should now be a key feature of an owner’s risk management programme.’
Deputy loss prevention director Colin Gillespie says,
‘Our new loss prevention briefing therefore focuses on raising awareness of the cyber threats of unauthorised access and malicious attack. It includes a summary of the shipping industry’s Guidelines on Cyber Security onboard Ships, which was published by BIMCO in February this year. This recommends a six-step cyber-security process: identify threats, identify vulnerabilities, assess risk exposure, develop protection and detection measures, establish contingency plans and respond to cyber security incidents.’
Gillespie points out that cyber threats can come from activists, hackers, criminals, terrorists and governments as well as disgruntled employees.
‘Common to all however is that they will target unwitting employees as the easiest way to gain access to company and shipboard systems. It is therefore essential that all staff, both ashore and afloat, understand the potential threat and the need for proper security procedures.’
North’s new briefing also includes examples showing that GPS, ECDIS and AIS are all vulnerable to hacking, meaning that ship and cargo operations can be disrupted without their owners, operators and even crew members being aware until it is too late.
‘Though the risk of catastrophic incidents cannot be ruled out, it is far more likely that companies will be at risk from criminal activity such as small-scale fraud, drug, weapons, contraband and people trafficking, and cargo theft. As more and more potential cyber risks are identified, shipowners will be expected to operate sensible and properly managed cyber risk procedures and systems in their offices and on ships.’says Gillespie
He adds that such procedures and systems could also be a focus for the authorities in Europe and the USA.
‘If they have not already done so, shipowners should start reviewing their cyber security now.’
Please click below to read loss prevention briefing ‘Cyber Risks in Shipping’ published by the North P&I Club
Source: North P&I Club
