The maritime sector has recorded a 400% increase in cyber incidents in the last 12 months, bringing into sharp focus the vulnerability of the shipping industry to cyber criminals.
That was the sobering statistic provided by Julian Clark, global senior partner at Ince, during a recent cybersecurity roundup hosted by the International Chamber of Shipping (ICS).
And it’s this rise in maritime risks that motivated the introduction by the International Maritime Organization (IMO) on January 1 of Resolution MSC 428(98), which identifies cyber security as a risk to be addressed in safety management systems and to be verified in audits.
“The maritime sector is seen as a soft target in relation to cyber exposure,” said Clark. “The aviation sector is well ahead of us and the statistics speak for themselves.”
ICS chairman, Esben Poullson, pointed out that cyber security was more than just an insurance policy. “It is potentially all about business survival. A breach of cyber security might not just damage a business; it could bring it to a standstill, causing losses of tens if not hundreds of millions of dollars.”
The Maersk cyber security attack in 2017 is a case in point and is said to have cost the company as much as $300 million.
And while it’s important for the shipping world to capitalise on the benefits of becoming more digitally connected, ship to ship and ship to shore to optimise operations, as digital systems become more interconnected and complex, so too does identifying and managing the cyber risks, says Paivi Brunou, head of cyber security at Wartsila Voyage.
“A cyber incident is not always like a massive fire; it is not always easy to see something going on with the system. The 4th industrial revolution has changed how we work, where we work, and the skills we need.
“In the next decade it will be even more difficult to identify and manage cyber risks due to the growing complexity, greater connectivity and an expansion of the attack surface.”
Which is why the shipping needs to step up its game as cyber-criminals demonstrate increasing ingenuity.
In a recent case involving a shipping company that was experiencing multiple pirate boardings in the Gulf of Aden, it was found that the pirates were paying hackers to gain access to voyage plans to optimise their attacks.
“We need to be prepared to change. What protected us one week may not work the next,” said Phillip Morgan, Professor of human factors and cognitive science, Cardiff University & Airbus.
“We need to be aware and appreciate how great we are as human beings at being adaptive, and there is no reason we shouldn’t be adaptive for cyber security. It is the only way we can win.”
