Shipping is in the firing line from online threats, from hackers and malware, but there are moves to counter its exposure. Over the last two years, parts of Maersk Line, COSCO, BW Group and shipbroker Clarksons have been hit.
As the world marks Cyber Monday with electronics sales and security discussions, shipping has introduced elements to enhance cyber security.
IMO has already introduced cyber security into the International Safety Management (ISM) Code that comes into effect from 2021.
The latest drive to improve cyber security across the shipping industry was introduced by the international shipowners’ association BIMCO. It is including a cyber security liability clause into its standard charter party agreements and other contracts, which are used widely by the industry.
This cyber liability clause is still at the draft stage, but it is expected to be included in BIMCO contracts from May 2019. This will precede IMO’s ISM cyber security measures and provides a mechanism to improve security for those unwilling to wait for the regulators to implement change.
Both BIMCO’s cyber clause and IMO’s ISM Code update are likely to enhance protection of both IT and operations technology (OT)-based systems on board ships, said cyber security platform provider Naval Dome.
This clause and ISM changes mean shipping companies who have not yet embraced cyber security solutions will need to do so to remain compliant and trading. They will need to consider protection for both IT and OT through firewalls, antivirus and physical barriers.
Investment in maritime cyber solutions, however, should be made after careful evaluation of the available technologies, said Naval Dome chief technology officer Asaf Shefi.
“Most cyber security systems just protect IT,” he said. “While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of OT means shipowners realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” he said.
Naval Dome Endpoint protects both IT and OT systems, which could be inter-connected around the ship.
Naval Dome chief executive Itai Sela expects the BIMCO clause will protect PC-based systems against cyber attack, while liability claims could be limited to US$100,000.
“This could mean the end result of a cyber attack may not necessarily be put down to technical failure or human error,” said Mr Sela. “It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer.”
He also expects a cyber clause will “ensure parties are required to notify one another so that they can take the necessary precautions.”
It should also ensure contracted parties have procedures and systems in place to help minimise the cyber threat.
Satellite communications providers have implemented cyber security measures to protect ship systems from infection by malware. In November, Inmarsat introduced digital security technology and multi-layered endpoint security for onboard computers to its Fleet Secure service.
This enables shipowners to secure onboard computers using a system powered by Port-IT technology. Fleet Secure Endpoint was developed to remove viruses and prevent hackers from entering computers before damage occurs to onboard endpoints and connected systems.
One of the largest shipmanagement and shipowner associations, the Cyprus Shipping Chamber, highlighted the importance of improving cyber security in a presentation in October. It identified how shipping companies can manage cyber vulnerability and security and provided improved guidance to its members.
Cyprus Shipping Chamber chairman of the ICT committee Adonis Violaris presented cyber security case studies that investigated the need for protection and security enforcement, mitigating online threats, developing guidelines to support secure cyber operations, contingency planning and assigning security responsibilities.
Riviera Maritime Media runs an annual cyber security conference – the European Maritime Cyber Risk Management Summit, in London each year.