After several virus attacks on Norwegian companies, including maritime companies, the Norwegian Maritime Authority (NMA) warns against the various digital threats, and reminds the importance of being well prepared when an attack takes place.
Recently, one or more ransomware virus types have attacked several companies and municipalities. The attacks are a reminder to focus on digital security, also in the maritime industry.
The virus attacks on maritime companies, municipalities and others show how vulnerable we can be, but also how important it is to have good training, competence and routines. It is important to be well prepared, both to prevent attacks and to handle them if they come
states acting Director General of Navigation and Shipping, Lars Alvestad.
Safety management
As of 1 January this year, digital safety will be a part of the safety management in ships and shipping companies covered by the ISM Code. Companies themselves are responsible for handling the risk connected to digital incidents.
An increase in the use of digital systems and connections for ships and shipping companies mean increased vulnerability to digital incidents. When such incidents are not handled the right way, they may, in the worst-case scenario, jeopardise the safety of the crew and passengers, notes Senior Surveyor in the Norwegian Maritime Authority, Nils Haktor Bua.
Focus on digital security
The NMA will focus on digital security in the time ahead. At the beginning of the year, the NMA and the Norwegian Environment Agency presented a proposal for a strategy for maritime digital security in response to a request from the Ministry of Trade, Industry and Fisheries and the Ministry of Transport and Communications.
The strategy points to a number of measures for increased digital security in the maritime industry. The shipping companies also hold much of the responsibility for the security in their digital systems. Many are doing a good job, but there are companies that need to focus more on this.
Procedures and training
The fact that companies in different sectors are attacked, and that the attacks hit important digital infrastructure, shows how serious this is and the importance of having good procedures and training, both in the shipping companies and on the vessels.
We would like to remind all companies and vessels to be aware that attacks may hit them, and to keep an overview of their digital systems, lines of communication, dependencies and system vulnerabilities. Make sure that crew and personnel have the necessary training to detect and avoid attacks
says Johan Stensen, ISM Coordinator in the Norwegian Maritime Authority.
He also added that procedures must be in place and known so that they can be used if a digital attack comes. Companies should train for digital incidents the same way they train for other security incidents.
The risk scenario shows a steady increase in ransomware attacks on Norwegian companies. In 2020, The Norwegian National Security Authority (NSM) warned against an increase in these attacks.
