Training is vital in keeping operational technology, especially ECDIS, safe from cyber attacks
If crew are trained to be wary of cyber threats and taught not to use their own mobile devices on ship bridges, this would go some way to protect vital navigational systems. Shore managers should also be trained to watch for potential malware and viruses to prevent them being sent to ships.
Cyber awareness training was one of the main themes discussed in depth at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, held in association with Norton Rose Fulbright in London on 15 June.
At that event, Norton Rose Fulbright partner Philip Roche highlighted that classification societies and some proactive port state control authorities offer support for cyber security training, whether it is approving courses or helping to produce e-learning packages.
Classification societies provided their perspective on cyber security training at the summit. Lloyd’s Register cyber security product manager Elisa Cassi said shipping companies should employ specialists to train their onshore and onboard people in being cyber aware, to prevent them sharing data or compromising procedures.
Seafarers should at least know the basics to prevent infection of bridge systems and onboard computers from malware on USBs. They could also be taught to identify phishing messages and not to open attachments in emails from sources they cannot easily verify.
One IT manager of a shipping company affiliated with a national energy group provided his own personal perspective at the summit. He said there should be drills in shipping company offices and on board ships that include testing the reactions to cyber attacks. He said companies would be better prepared for a real cyber attack if they practiced their response.
He said human resources should be not viewed as the main source of cyber-related problems. They should be seen as a key element of the solution. He asked delegates how many cyber attacks are prevented by humans, not just those that occurred because of them.
“Cyber security systems are managed and produced by humans, so there is a human element and this is quite important,” he said. “Training is important to improving people’s awareness.”
Training should include everyone involved in shipping including vendors, engineers, seafarers, charterers and inspectors, as each could impact a ship’s cyber security. Shipowners should also conduct risk assessments of these people and manage these risks.
Silverbox secures ECDIS
Securing onboard ECDIS can be difficult if it is kept open to seafarers and engineers plugging in USB memory sticks or mobile devices. There is also a risk when uploading chart updates from online providers.
However, UK-based MarineMTS has launched Silverbox, a product it said will improve cyber security and voyage planning on ships by providing secure chart and data updates to ECDIS in a seamless and automatic process.
MarineMTS founder and managing director Wynne Edwards said this technology “will revolutionise maritime operations” as it can be bolted onto any brand of ECDIS to increase its functionality and security.
“Silverbox means that shipowners and operators will, for the first time, be able to unlock the full potential of their navigational systems through our innovative bolt-on technology,” he said. “What we have developed is a plug-in that allows real-time maritime charting to be easily accessed.”
Silverbox comes with anti-virus capabilities. It compresses and encrypts data for transmission, offering a secure, cost-effective and fully integrated solution for ship operators.