Cyber security should be a part of the ship design and construction process, a panel of maritime cyber security experts told attendees at Riviera’s ‘Cyber security: readying for the ISM Code’s 1 January 2021 requirements’ webinar
Although shipowners have until 1 January 2020 to retrofit cyber risk management into their ship safety management systems to meet IMO’s updated requirements within the International Ship Management (ISM) Code,
But owners should work with shipyards to adopt cyber-secure operational technology (OT) during ship construction, panellists said during Riviera’s ‘Cyber security: readying for the ISM Code’s 1 January 2021 requirements’ webinar.
This was held on 5 August in association with premier partner ClassNK and sponsor F-Secure as part of Riviera’s Maritime Cyber Security Webinar Week.
Panellists included ClassNK cyber security team deputy manager Makiko Tani, TÜV Rheinland director for consulting services in Asia Pacific for cyber security and functional safety Rajeev Sukumaran, Moran Cyber managing director Captain Alex Soukhanov and Beazley senior risk manager Kelly Malynn.
During the webinar, they discussed how shipping companies can incorporate cyber security into their safety management systems no later than the first annual verification of the company’s document of compliance following 1 January 2021.
The panellists clarified IMO’s requirements, confirmed what owners and operators need to do now, and underlined the help and advice available.
Ms Tani said cyber security “should not just be about compliance” but could open “new opportunities for business and new innovations”. She said owners with existing fleets need to understand the OT on ships and required cyber risk controls. “Aim high, but start small,” Ms Tani said. “Start from knowing the vessels and being aware of the onboard OT and IT, and where these meet.”
This is easier if owners engage with shipyards and classification societies during the newbuilding phase.
“Ships can be designed to be cyber-secure,” said Ms Tani. “Ships can be constructed with cyber security capacity” and with class society cyber secure notations.
Mr Sukumaran agreed cyber security should start with ship design. “Builders, designers, owners, etc all need to be taking in cyber security,” he said.
Cyber security was not just about onboard IT and OT, said Mr Sukumaran, as ships were part of a much wider ecosystem involving ports and supply chains. “It is not just about technology, owners need supporting processes and procedures,” he said.
Capt Soukhanov brought a seafarer’s perspective to cyber risk management in his presentation. He agreed cyber security should be incorporated in the build stage. “We are currently retrofitting cyber security” into existing ships, he said.
Which is why all of the supply chain needs to be included in the process. “Our number one priority is the business strategy, as digitalisation needs to be protected,” Capt Soukhanov said, adding that ship operators and vendors “should collaborate and work together to protect onboard systems”.
Ms Malynn said vessel owners should use these requirements to incorporate cyber risk management under the ISM Code “as an opportunity to get to know vessels”. It is also an opportunity to review insurance cover for cyber risk.
She recommended owners conduct risk assessments and gain a better understanding of the cyber threats and vulnerabilities on ships. “Risk assessment quality is important. Owners need to invest in this,” Ms Malynn said.
You can view the webinar, in full, along with the rest of our Cyber Security Week webinars in our webinar library.
And you can sign up to attend our upcoming webinars on our events page.
Results from the webinar polls are below.
Webinar panellists (l-r): Beazley senior risk manager Kelly Malynn, ClassNK cyber security team deputy manager Makiko Tani, Moran Cyber managing director Captain Alex Soukhanov and TÜV Rheinland director for consulting services in Asia Pacific for cyber security and functional safety Rajeev Sukumaran
Webinar attendees poll results
How would you rate the capability of third-party cyber security service companies with both sufficient maritime and cyber security expertise to help your organisation and fleet?
Limited maritime experience and cyber security expertise: 6%
Limited maritime but extensive cyber security expertise: 47%
Extensive maritime experience but limited cyber security expertise: 19%
Extensive maritime experience and cyber security expertise: 28%
Rank in order, what is your biggest challenge to managing cyber security for both your organisation and your vessels?
Limited resources; funding; other priorities: 44%
Funding; other priorities; limited resources: 35%
Other priorities; limited resources; funding: 21%
How concerned are you about physical damage to a vessel from a cyber event?
1: Not on my radar: 8%
5: Regular sleepless nights: 6%
Do you think your employees are fully aware of the cyber risks?
1: not at all: 6%
5: Top priority and backed by action and investment: 6%
How ready are you for ISM Code 2021?
1: No preparation: 5%
2: Just coming on to our radar: 3%
3: Some initial steps: 50%
4: Well underway but work to do: 37%
5: Up to date: 5%
How complete are your organisation’s follow up mitigations?
1: non existent: zero
5: Absolute, complete, watertight: 7%