Due January 2021.
Developments in connectivity and the transfer of data in greater volumes between ship and shore continue to bring significant gains for fleet management efficiency and crew welfare, but they also increase the vulnerability of critical systems onboard vessels to cyber attacks.
A 2019 IHS Markit/BIMCO report recorded 58% of respondents to a survey of stakeholders as confirming that cybersecurity guidelines had been incorporated into their company or fleet by 2018. The increase over the 37% giving this answer in 2017 explained a sharp drop in the number of maritime companies reporting themselves as victims of cyber-attacks according to authors – 22% compared to 34%.
However, the enduring feature of cyber threats is their ability to adapt and evolve, with new lines of attack developed as barriers are put in place, and strategies to expose vulnerabilities constantly emerging. A June 2020 White Paper from the British Ports Association and cyber risk management specialists Astaara suggests that reliance on remote working during the COVID-19 crisis coincided with a fourfold increase in maritime cyber attacks from February onwards, for example.
In fact, cybersecurity was ranked as the second-highest risk for shipping in 2019, behind natural disasters, according to a survey of over 2,500 risk managers conducted by Allianz.
Given that, according to IBM, companies take on average about 197 days to identify and 69 days to contain a cyber breach, it is clear that an attack on a vessel’s critical systems could threaten the safety of a ship as well as the business of shipping.
The fact that a 2019 Data Breach Investigations Report from Verizon indicates that nearly one-third of all data breaches involve phishing provides one indicator that, where cyber vulnerabilities exist, the ‘human element’ can badly expose them.
The U.S. Coast Guard has already advised ship owners that basic cybersecurity precautions
should include: segmenting networks so that infections cannot spread easily; checking external hardware such as USB memory devices for viruses before connection to sensitive systems; and ensuring that each user on a network is properly defined, with individual passwords and permissions.
From 2021, the Convention for the Safety of Life at Sea that covers 99% of the world’s commercial shipping will formalise the approach to cybersecurity permissible for ships at sea.
By International Maritime Organization (IMO) resolution, no later than a ship’s first annual Document of Compliance audit after 1 January 2021, every Safety Management System must be documented as having included cyber risk management, in line with the International Safety Management Code.
The following report offers ship owners and managers guidance covering their responsibilities under the new IMO regime. Source – Maritime Cyprus.
To access the paper please click here