To mitigate disruption from cyber attacks, ship operators need to invest in updating IT and operational technology (OT) and crew training, a panel of experts told attendees at Riviera’s ‘Minimising cost and disruption after a cyber event’ webinar
With vessels increasingly vulnerable to cyber security breaches as owners invest in digitalisation and more onboard systems are linked to the internet, owners and operators face a pressing need to improve cyber security the panel said.
The panel of experts included Norton Rose Fulbright partner Philip Roche, Neptune Cyber chief executive Gwilym Lewis and Willis Towers Watson executive director and cyber insurance specialist Andrew Hill.
All three agreed shipowners should start planning now for their response to future cyber attacks to reduce their impact on business and revenues.
“There are many threats out there,” said Mr Roche, and shipowners “need to consider risk management and cyber attack recovery”.
High-profile risks from cyber threats include those to ship OT, such as navigation and steering, but attacks on company servers and onboard computer systems are more likely, the panel said.
These attacks could lead to loss of data, disruption to operations, “loss of hire, reputation and business” as Mr Roche explained.
Mr Hill said the maritime sector was not immune from these threats and would do well not to ignore them.
“Do not be a victim of ignorance,” he said. “You should take preventative steps for risk mitigation.”
Risk mitigation steps include understanding vulnerabilities on vessels, having greater knowledge of cyber attack impacts in shipping as a whole and having adequate insurance cover for maritime cyber risks.
Mr Lewis said owners need to focus on preparing responses to potential security breaches and consequences, providing a cyber event example where hackers accessed a vessel through the onboard refrigerators that were linked to the internet for temperature monitoring.
Mr Lewis said the malware tampered with the fridge controls and the food stored within was spoiled, forcing the master to make an unscheduled stop for resupply. He said it highlightd a need for owners to produce quality risk assessments.
“Owners need to know what to do, this is not just a tick-box exercise,” said Mr Lewis. “Response plans need to assume that what can go wrong will happen and then cover these. It needs to be a living and breathing document and has to evolve,” he said, noting that owners need “to educate crew and implement cultural change, such as preventing seafarers plugging in things into the ship systems”.
In a series of polls, around 55% of those who responded said they think it is possible for a cyber risk event to impact the world economy to the same magnitude seen with Covid-19. A third did not agree and 11% were uncertain.
The vast majority (96%) of attendees agreed they were concerned about the inadequacy of their supply chain’s cyber security and the impact this could have on their company, while 4% were uncertain.
In another poll, 43% of respondents said they were uncertain whether their organisation has adequate insurance in place for cyber risk, another 40% did not think so and only 17% said they were happy with the adequacy of insurance cover for cyber events.
Attendees involved in managing or operating ships were asked three questions around cyber security readiness; only 38% said they would know if a cyber attack had been attempted against any of the OT systems on board one of their ships, 15% admitted they would not be aware and 46% were uncertain.
Some 42% said their ship safety management system already contains provisions on cyber security and response to cyber attacks. Another 42% were uncertain and 17% did not think their safety management offered the provisions.
In the third question to this subsection of the attendees, 42% did not think their fleet was adequately prepared for cyber risks, another 42% were uncertain and 16% thought their ships were adequately prepared for cyber risks.
You can view this webinar and all of the webinars from Riviera’s Maritime Cyber Security Webinar Week, in full, in our webinar library.
And you can sign up to attend our upcoming webinars on our events page
Webinar panel of experts (left to right): Willis Towers Watson executive director and cyber cover specialist Andrew Hill, Neptune Cyber chief executive Gwilym Lewis and Norton Rose Fulbright partner Philip Roche.