Taking charge of cyber security for connected assets
Jun. 29 2020
The vast majority of today’s ships and offshore units are connected, with digitally integrated and remotely accessible onboard and onshore systems. While increased digitalization offers ship owners and operators key benefits for asset operations, management and monitoring, interconnected systems are also attractive targets for cybercrime.
Data theft and operations sabotage are the primary risks for connected and interconnected assets. Common attacks include hacking, ransomware and malware attacks, phishing and denial-of-service.
Critical navigation and maintenance systems, such as GPS, AIS, EDCIS, DP and PMS, can be hijacked, disrupting vessel activity, damaging assets and endangering personnel. Hackers can also access and expose sensitive data, and exploit system and software flaws to compromise asset safety and functionality.
Beyond operational disruptions, recovery from cyber attacks can cost owners and operators dearly, both financially and in terms of lost trust from charterers and clients. As the maritime industry has seen on several occasions, the need to protect onboard and onshore systems for all types of assets is increasingly non-negotiable.
Moving toward industry-wide regulation
In June 2017, IMO adopted Resolution MSC.428 to ensure asset owners are properly addressing cyber risks. The resolution states that safety management systems (SMS) must include cyber risk management in accordance with the ISM Code. Ship owners and managers have until January 1, 2021 to integrate cyber risk into their SMS, developing key onboard procedures and providing relevant crew training.
To achieve compliance, owners need to identify at-risk cyber systems, implement comprehensive and asset-specific security procedures, detect and respond to non-compliance, and recover from irregularities. However, while IMO offers high-level recommendations for maritime cyber risk management, it does not provide a detailed methodology or practical template for owners to follow.
Head of Cyber Security and Safety
Bureau Veritas M&O
The rise of smart shipping and increased connectivity presents asset owners with both distinct advantages and challenges. Combating cyber risk will involve the entire industry, from regulatory bodies and classification societies, to asset owners and operators, to equipment manufacturers and cyber-solution providers.
What compliance means for asset owners
Many asset owners still have a long way to go to meet IMO’s cyber security standards, and the path to compliance is uncertain. Several major questions are on owners’ minds as they begin preparing their assets for the 2021 deadline.
The future of cyber safety and security
Cyber resilience concerns stakeholders throughout the maritime industry: asset owners, operators, managers, shipyards, charterers, insurers, classification societies, consultants and more. From design and construction to operation, stakeholders at every phase of the asset lifecycle are implicated in cyber security and safety.
Protecting connected assets to the greatest possible extent will require the development of a complete ecosystem of maritime actors. Moving forward, our ability to limit cyber risk will depend on the clear division of responsibilities, adherence to consistently applied guidelines and strong cooperation among maritime actors.