The world economy is heavily dependent on maritime transport, as most of the international trade is carried out by sea. Delay in shipping can result in severe financial loss, especially for the management team in the distribution channel. This heavy dependency makes the shipping industry an attractive target for cyber criminals.
The COVID-19 pandemic accelerated the digitization of the world, which was already taking place, due to guidelines that made it mandatory for people to work from home via the internet. Therefore, the maritime industry was more dependent than ever on the Internet. You may not think of ships and fleets closely related to technology, but ships are constantly connected to the internet.
Here lies the real problem: some of the systems and computers on these ships often use incredibly complicated and old systems. This makes it much more difficult to protect them from cyberattacks. The systems these ships use are so complicatedly intertwined that there are many blind spots that are virtually undetectable.
Since ships are increasingly dependent on digitization, integration and automation systems today, cyber risk management onboard has top priority. As technology advances, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates a larger target that needs to be addressed.
A Cyber-attack is likely to compromise the safety of crew, ship, cargo, and even ports.
Cybersecurity should be in place to address the security issues and risks posed by new technologies. And to ensure that ship operation, as well as crew and passengers, are safe. Cybersecurity deals with the protection of IT systems, onboard hardware, and sensors as well as data leaks from unauthorized access, manipulation, and disruption. Cybersecurity policies and plans cover various types of risks such as information integrity, system, and hardware availability onboard and in the shipping company’s office.
The IMO has identified below systems onboard ships as particularly vulnerable:
- Bridge systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
In its guidelines on cyber security onboard ships, BIMCO identifies cyber safety incidents that arise as a result of:
- a cyber security incident which can affect the availability and integrity of OT, for example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS)
- failure occurring during software maintenance and patching
- loss of or manipulation of external sensor data which is critical for the operation of a ship and includes but is not limited to Global Navigation Satellite Systems (GNSS)
Whilst, the causes of a cyber safety incident may be different from a cyber security incident, the effective response to both is based upon training and awareness.
Cybersecurity is becoming increasingly important in the shipping industry.
Regulations and laws are introduced that oblige owners, operators and managers to consider cyber risks. With the aim to support safe and secure shipping, which is operationally resilient to cyber risks, IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management. The guidelines contain high-level recommendations on maritime cyber risk management to protect shipping from current and emerging cyber threats and vulnerabilities and contain functional elements that support effective cyber risk management. The Maritime Safety Committee, on its 98th session in June 2017, also adopted Resolution MSC.428(98) – Maritime Cyber Risk Management in Safety Management Systems.
WE AT VARUNA MARINE CAN HELP!
Our fully managed cybersecurity solution comes with owner’s dashboard as shown here. The dashboard captures all cyber security related KPIs and always ensures compliance. Our team of Cyber Security experts will carry out an annual and biannual soft and hard audit to ensure a full test of readiness against any external cyber-attack.
Our approach to Cyber Security Compliance in line with MSC.428 (98) and consist of the below modular solution:
- Onboard vessel and Shore office Network mapping
- IT and OT Inventory
- Drafting Cyber Security Policy
- Staff Training module
- Loading the inventory, network map, training module, and all policy in our Dashboard
- Active Network Monitoring
- 24/7 Cyber Security call-in line and ticketing-based system available to avail