Owners urged to verify bridge system security

December is a crucial month for shipping as the industry prepares for the implementation of IMO’s cyber security regulations at a time when cyber threats are heightened.

IMO regulation (MSC-FAL. 1/Circ.3) comes into force from 1 January 2021 when ships need to incorporate cyber risk management in SMSs.

DaGama Maritime warned shipping companies to double check all their vessels with electronic navigation aids have cyber security in place. Owners should also verify their crew have been trained in cyber security and are aware of risks from cyber threats, including those within email.

“All vessels should have now reviewed and implemented the necessary procedures with greater crew awareness,” DaGama Maritime said in a notice. “The deadline for greater implementation and awareness of cyber management in SMS is about to pass,” it said.

Owners are required to ensure there is sufficient cyber security on bridges where mission-critical navigation aids have internet connectivity. “This includes a review of the risk assessment for vessels which have direct connectivity between their ECDIS and ashore server for downloading permits, charts and updates,” said DaGama Maritime.

These verifications are required to prevent ships from being impacted by malware and cyber breaches and to reduce the risk of vessels being detained by port state control checks.

If bridge systems are infected by malware, they could stop working or become open to navigation spoofing which could lead to ship groundings and collisions if navigators are unaware of the incorrect data.

In addition, ships could be detained from January 2021 if port state control inspectors find cyber risk management is not incorporated with SMSs, panellists during Riviera’s Maritime Cyber Risk Management virtual conference agreed in November 2020.

It is increasingly important to ensure ships are cyber secure as the level of threats increases. There is evidence that December is the busiest month for cyber attacks as cyber criminals could use holiday greetings emails to hide malware to infect or gain access to corporate networks.

If shipping company staff accidentally click on these greetings links, they could open their networks to malware programmes or hackers looking to steal data or encrypt information with ransomware.

Email on ships could lead to malware infecting vessel IT networks and navigation systems if these are not segregated from bridge equipment.

Warnings and reminders come as shipping companies such as CMA CGM, MSC and Carnival and even IMO have been victims of cyber attacks in 2020.

The presentations and discussions from Riviera’s Maritime Cyber Risk Management virtual conference, held 3 November 2020, can be access using this link