In the era of digitalization, the world has witnessed an array of developments. Industries have put this digital transformation to infinite use. However, with the growing usage of internet technologies, new threats like data safety and information security have become enormously significant. In turn, cybersecurity is seen as a growing concern.

The mounting cybercrimes, affect both small and large organizations equally. Even the shipping world is no different. The future autonomous vessels and smart ports will bring advancements leading to improvement in operational efficiency by managing or controlling data remotely. Due to the ongoing pandemic, many shipping companies and institutes have resorted to online training. Everything seems to be happening online. This brings in the risk of being hacked or even attacked by fake websites. The operation and management of numerous systems and processes onboard ships can be affected just like the safety and security of the ship, the crew, the cargo, and the marine environment.

What is Cyber Security after all?

Cyber security is a process or technology designed to protect computers, networks, programs and data from unauthorized access. In the context of computing, the term security implies cyber security.

The major factors driving maritime cyber security are:

  • Systems being connected to the internet.
  • Automation – software based machinery is put to use increasingly.
  • Integration – multiple shipboard systems are connected together.
  • Remote Monitoring – corporate land-based offices use ship-to-shore communication to continuously monitor shipboard equipment.
  • External sources like pirates and hackers.

Cyber risks act as a grave obstacle to the shipping industry. It can cause major disruptions to operations, therefore identifying such cyber-related risks becomes crucial.

The International Maritime Organization (IMO) defines Maritime cyber risk as: ‘A measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.’

Implementing technical and procedural measures to protect against cyber incidents is essential to ensure business continuity. The process of assessing and communicating cyber risks, in order to avoid or mitigate them to an acceptable level is called cyber risk management. This is done by considering the time lost to resolve operations and costs and benefits of actions for the companies’ stakeholders.

Effects on Marine Industry.

Shipping develops parallel with technology. Autonomous shipping, the forthcoming style of shipping, relieves crew members of unsafe and monotonous tasks and operates completely on automatic technology, some onboard systems receive updates while sailing. However, this growing reliance on automation makes shipping a large target of cyber-attack.

Examples of cyber-attacks –

  • Incorrect transfer of charts from the shipping company to the vessel causes a delay in the voyage or even the possibility to reset all charts already installed on the system.
  • Difficulties with operational equipment and hardware installed onboard equipment can largely affect the vessel’s functioning including ship navigation.
  • The hacking of systems, thereby instigates loss or manipulation of external sensor data, critical for the operation of a ship.

A great example of that is when Denmark’s Maersk Line, the shipping unit of A.P. Moller-Maersk A/S, was hit by the global NotPetya ransomware attack in 2017. That crippled the carrier’s operations for a time and costed the carrier $300 million to repair the damage.

IMO has brought in a series of guidelines to help the industry cope with cyber challenges and boost its cyber risk management. Maritime Safety Committee is set to safeguard shipping from current and emerging vulnerabilities.

In some cases, companies tend to hide or don’t disclose if they suffer from cyber-attacks. They do so due to the fear of reputation. This hinders the development of cyber risk management. To make sure all cyber risks are appropriately addressed in existing safety management systems, IMO has now issued a mandate for all the shipping companies to verify their Document of Compliance annually. This indicates that IMO has a focus on reporting cyber risks. Furthermore, it is important to carry out activities to prepare for and respond to cyber incidents by defining the roles and responsibilities of users, key personnel and management both ashore and aboard.