Developments in connectivity and the transfer of data in greater volumes between ship and shore continue to bring significant gains for fleet management efficiency and crew welfare, but they also increase the vulnerability of critical systems onboard vessels to cyber attacks.
A 2019 IHS Markit/BIMCO report* recorded 58% of respondents to a survey of stakeholders as confirming that cyber security guidelines had been incorporated into their company or fleet by 2018. The increase over the 37% giving this answer in 2017 explained a sharp drop in the number of maritime companies reporting themselves as victims of cyber attacks according to authors – 22% compared to 34%. However, the enduring feature of cyber threats is their ability to adapt and evolve, with new lines of attack developed as barriers are put in place, and strategies to expose vulnerabilities constantly emerging. A June 2020 White Paper** from the British Ports Association and cyber risk management specialists Astaara suggests that reliance on remote working during the COVID-19 crisis coincided with a fourfold increase in maritime cyber attacks from February onwards, for example.
In fact, cyber security was ranked as the second- highest risk for shipping in 2019, behind natural disasters, according to a survey of over 2,500 risk managers conducted by Allianz.
Given that, according to IBM, companies take on average about 197 days to identify and 69 days to contain a cyber breach, it is clear that an attack on a vessel’s critical systems could threaten the safety of a ship as well as the business of shipping. The fact that a 2019 Data Breach Investigations Report from Verizon indicates that nearly one-third of all data breaches involve phishing provides one indicator that, where cyber vulnerabilities exist, the ‘human element’ can badly expose them.
The U.S. Coast Guard has already advised ship owners that basic cyber security precautions should include: segmenting networks so that infections cannot spread easily; checking external hardware such as USB memory devices for viruses before connection to sensitive systems; and ensuring that each user on a network is properly defined, with individual passwords and permissions.
From 2021, the Convention for the Safety of Life at Sea that covers 99% of the world’s commercial shipping will formalise the approach to cyber security permissible for ships at sea.
By International Maritime Organization (IMO) resolution, no later than a ship’s first annual Document of Compliance audit after 1 January 2021, every Safety Management System must be documented as having included cyber risk management, in line with the International Safety Management Code.
As the leading supplier of ship-to-shore connectivity in commercial shipping, Inmarsat is also a stakeholder where the development of industry best practices are concerned, both as a service provider and as custodian of a global network that is secure across all touchpoints. In fact, its secure, encrypted network uses military- grade satellites is fully approved by the highest standards of the IMO and is fully audited by the stringent standards of International Mobile Satellite Organization (IMSO).
Based on our experience of offering a secure communication platform from the onshore office to the maritime terminals onboard ship, we have designed our Fleet Secure security services to uphold cyber resilience at sea.