Cyber attacks can seriously dent, or even destroy, a company’s finances and reputation. And the only real cure is prevention.
But what are the likeliest sources of cyber attacks and what would those attacks be characterised by?
The Danish Maritime Authority (DMA) has some answers in its Cyber and Information Security Strategy for the Maritime Sector 2019-2022 report. This was published following a threat assessment from Denmark's Centre for Cyber Security (CFCS).
DMA's report analysed threats to the maritime sector and discovered that the greatest threats came from ransomware rather than from cyber terrorism, which it considers an unlikely possibility.
In other words, shipping companies are more susceptible to criminal gangs wanting to make a quick bitcoin buck, to being sideswiped by a virus or to being directly targeted in state-backed espionage attempts than to horror movie scenarios involving terrorists using ships as weapons.
An analysis in the Danish report concluded that increased IT connectivity on vessels had increased the risk of cyber attacks onboard ships due to a slow response time in fixing technical vulnerabilities and a lack of procedures for ensuring software upgrades are performed regularly.
The consequences of these attacks are terror-inducing for companies and include data loss, data integrity loss, reputational damage and a pronounced risk of financial loss.
To combat all of these threats, Denmark has enacted a framework of short-, medium- and long-term measures designed to enhance its maritime sector's cyber resilience, the first of which was to establish the Danish Maritime Cybersecurity Unit in June 2018.
It may not be a coincidence that Denmark undertook such in-depth research into maritime cyber security. The most notable cyber attack in the maritime sector hit a Danish shipping company.
In 2017, a cyber attack on shipping giant AP Moller-Maersk, caused by a nasty piece of ransomware called the NotPetya virus, crashed the company's computers, shut container terminals, disrupted container and tanker shipping and sent traders rushing around for pencil and paper to perform crucial logistics tasks.
The June 2017 attack on Maersk is estimated to have cost the Danish group more than US$200M, its effects lasted months and no doubt did damage to Maersk's reputation for secure trading during that time.
Maersk is widely thought to have been a hapless victim of a state-sponsored virus gone rogue, but recent attacks show that online attackers are often specifially targeting a business' data.
Clarksons shipbrokers suffered a data leak and ransomware attack following a cyber incursion in early 2018, and COSCO’s operations in California, US, were hit later in 2018 by a cyber breach at its customer service centre at Long Beach.
Ultimately, Denmark's cyber security strategy is a positive step for its own maritime industry, but is there help for shipowners elsewhere?
To assist owners, several shipping organisations have published best practices for cyber security. Guidelines include the third edition of OCIMF’s Tanker Management and Self Assessment guide and BIMCO’s best practice guidelines, in which Intertanko, Intercargo, OCIMF, the World Shipping Council and others collaborated.
Classification societies have also introduced class notations and guidelines to encourage owners and managers to adopt cyber security practices prior to IMO enforcement.
The reality for owners is they have less than two years to include cyber risk mitigation in their ship safety and security management under the ISM Code.
IMO’s mandatory code comes into force on 1 January 2021 and requires shipowners to invest in secure software, threat mitigation, crew training and IT upgrades.
With a clear and present danger to business interests, easily-accessible guidance, and looming regulation, there is really no reason for shipowners to put off cyber security.
And the incentive of working towards compliance ahead of the IMO-mandated deadline is clear: owners who act early could wind up preventing serious disruption to their businesses along with the financial and reputational losses that can accompany a successful cyber attack.