Each month starting 2nd May 2016, Intermanager in co-operation with Cybersail.org will provide a new Cyber Security tip of the month on our website. Each month will focus on a different topic and allow you insight into both the threats and how to protect yourselves and your company from them.
For this introduction we have raised the general topics below;
Maritime Cyber Threats : Fact or Fiction?
In recent months it’s been almost impossible to pick up a Maritime magazine or visit a website without reading an article on Cyber Threats to our industry. While ships are not yet under targeted attack, it is clear that the industry is worried, leading to guidelines being released by BIMCO, Lloyds Register and others.
Are vessels at risk?
At a recent NI Cyprus event held on Cyber security, sponsored by InterManager, Markus Schmitz of Cybersail.org addressed the question. Mr Schmitz confirmed that indeed many on-board systems have vulnerabilities including GPS, AIS, ECDIS and Satellite communications.
During the presentation it was discussed with Masters and members of the audience that the failure of one system for example GPS being jammed or spoofed might not be a disaster for seafarers, but merely an inconvenience. However it was also discussed that attackers generally would target several systems at a the same time such as spoofing GPS or changing charts or weather information on ECDIS in order to lure ships to pirate infested waters as well as shutting down Satcoms at a critical time like in confined waters.
How come we haven’t experienced this yet?
In closer review of existing attacks and media articles Markus surmised that attacks, at least today are focused on land based infrastructure in offices and ports, while attacks on vessels have mostly been for academic purposes so far. However there is also evidence that cyber attackers are gaining knowledge of the shipping industry and future threats to vessel systems should be addressed now.
Industry working together
InterManager will work with other associations, equipment vendors as well as experts like Cybersail.org to come up with pragmatic IT security guidelines. We will work towards securer standards for AIS, ECDIS & Satcoms. The industry should work to become Cyber threat aware including training for all levels of staff both onshore and vessel based. We also propose to make Cyber Security an inherent part of the on-board Security manuals as well as HSQE working towards an IT security culture analogue to the safety culture on board.