The world economy is heavily dependent on maritime transport, as most of the international trade is carried out by sea. Delay in shipping can result in severe financial loss, especially for the management team in the distribution channel. This heavy dependency makes the shipping industry an attractive target for cyber criminals.
The COVID-19 pandemic accelerated the digitization of the world, which was already taking place, due to guidelines that made it mandatory for people to work from home via the internet. Therefore, the maritime industry was more dependent than ever on the Internet. You may not think of ships and fleets closely related to technology, but ships are constantly connected to the internet.
Here lies the real problem: some of the systems and computers on these ships often use incredibly complicated or old systems. This makes it much more difficult to protect them from cyber-attacks. The systems these ships use are so complicatedly intertwined that there are many blind spots that are virtually undetectable.
Since ships are increasingly dependent on digitization, integration and automation systems today, cyber risk management onboard has top priority. As technology advances, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates a larger target that needs to be addressed.
A Cyber-attack is likely to compromise the safety of crew, ship, cargo, and even ports.
Cyber security should be in place to address the security issues and risks posed by new technologies. And to ensure that ship operation, as well as crew and passengers, are safe.
Cyber security deals with the protection of IT systems, onboard hardware, and sensors as well as data leaks from unauthorized access, manipulation, and disruption.
Cyber security policies and plans cover various types of risks such as information integrity, system, and hardware availability onboard and in the shipping company’s office.
The IMO has identified the systems onboard ships that are particularly vulnerable
- Bridge systems
- Cargo handling and management systems
- Propulsion, machinery management, power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
In its guidelines on cyber security onboard ships, BIMCO identifies cyber safety incidents that arise as a result of:
- a cyber security incident which can affect the availability and integrity of OT, for example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS)
- failure occurring during software maintenance and patching
- loss of or manipulation of external sensor data which is critical for the operation of a ship and includes but is not limited to Global Navigation Satellite Systems (GNSS).
Whilst the causes of a cyber safety incident may be different from a cyber security incident, the effective response to both is based upon training and awareness.
Cyber security is becoming increasingly important in the shipping industry
Regulations and laws are introduced that oblige owners, operators and managers to consider cyber risks. With the aim to support safe and secure shipping, which is operationally resilient to cyber risks, IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management. The guidelines contain high- level recommendations on maritime cyber risk management to protect shipping from current and emerging cyber threats and vulnerabilities and contain functional elements that support effective cyber risk management. The Maritime Safety Committee, on its 98th session in June 2017, also adopted Resolution MSC.428(98) – Maritime Cyber Risk Management in Safety Management Systems.
Different Cyber security Risks
The frequency and severity of cybercrime are on the rise and there is a significant need for improved cyber security risk management as part of every organization’s enterprise risk profile.
Management Plan
A comprehensive cyber risk management plan should include the following elements:
Source: https://varunamarine.eu/wp-content/uploads/2023/03/Maritime-Cyber-Security-Infographic-01.pdf