By Alexander Whiteman
In response to the growing threat of cybercrime to the shipping sector, the UK government has launched a new code of practice to help shipowners improve security. There are also concerns that vessels with insufficient protection against cyber-attacks could be arrested.
Parliamentary undersecretary for aviation, international and security at the Department for Transport Martin Callanan unveiled Cyber Security Code of Practice for Ships during London International Shipping Week.
Mr. Callanan said cyber security was becoming an increasing concern for industries across the economy, with cyber threats having many parameters. “Shipowners and operators need to understand cyber security as industry dependence on IT systems grows amid the development of autonomous vessels,” said Mr. Callanan. “These developments will make the industry more vulnerable, even on the small scale – consider the threats posed by compromised ships.”
The code was developed in collaboration with other government departments and will provide guidance on cyber security and promote good practice for shipowners. Its launch follows publication of a study by Futurenautics, on behalf of maritime satellite operator Inmarsat, into the risk of cyberattacks in shipping. It found not only was there concern among shipowners about attacks, but also that 44 per cent of those polled believed their IT infrastructure was incapable of protecting them. And 39 per cent of operators said they had experienced attacks in the last 12 months, with the remaining 61 per cent not prepared to comment, suggesting that figure could be much higher.
Senior VP for Safety and Security at Inmarsat Maritime, Peter Broadhurst, said the problem was not only due to poor infrastructure, but also insufficient crew training: “95 per cent of cyber problems are the result of individual crew members using insecure devices that are full of malware.” He added: “Crew may come aboard with a hard drive full of videos downloaded from a site plagued by malware; they access the ship’s wi-fi network and the malware penetrates the whole vessel.”
This could take an engineer upwards of 24 hours to fix, he said. While technology can help, once the problem is detected, Mr. Broadhurst said more needed to be done to make those at sea properly aware. This chimed with the study, which cited concern from 39 per cent of shipowners over the lack of training and awareness among their crews.
Mr. Broadhurst said shipowners needed to face up to not only the reality of the threat, but also accept that IT was not merely an optional extra, but critical infrastructure. “Ships need to prove their cybersecurity by 2021,” he said. “Failure to do this could lead to ships being impounded.”
Reprinted courtesy of The Loadstar (www.theloadstar.co.uk)