Understanding Cyber Incidents
The immensely popular saying ‘every issue has its plus(es) and minus(es)’ is applicable to the field of modern connectivity and electronics. Just as the new gadgets and devices bring convenience, productivity, and more efficiency, they also bring a whole range of new vulnerabilities. The topmost problem in this range is the Cyber-crime in all its various manifestations. This is now a recognized risk and the shipping sector, like shore side industry, has to address this.
As an initial step towards prevention, the first for the shipping industry, The Guidelines on Cyber Security Onboard Ships, was launched last week. This provides clear and comprehensive information on cyber security risks to ships.
This is developed by BIMCO and colleagues from CLIA, ICS, INTERCARGO and INTERTANKO, with expert support from a wide range of stakeholders. The guidelines will enable shipowners to take the right decisions to defend their vessels and organizations against attacks which could have serious consequences.
Features of the guidelines
- Identification of the “enemy” represented by the activists, criminals, opportunists, terrorists and various state-sponsored elements who could mount a cyber attack on the industry, both afloat and ashore.
- Provision of an understanding of the nature of the potential threat and offers advice on how risks and vulnerabilities can be assessed, both in terms of individual companies, ships and third parties.
- Demonstration of how these risks might be reduced, how practical contingency plans can be developed and a lot else besides in hardening the security of cyber systems afloat and ashore.
It is remarkable to note the significance of the growth of vulnerabilities in recent years. We now have a greater dependence upon sophisticated electronic systems, computers, timing and the transmission of data. Initially, one may be led to think of bridge equipment like satellite navigation systems, AIS, and radar. However, in terms of cargo management, propulsion and machinery controls, administration and communication systems, crew welfare and access control, these too are all to a greater or lesser degree vulnerable. The increasing dependence on data handling systems for everything from machinery maintenance to electronic documentation indicates the importance of this issue for the whole industry.
This vulnerability has been proved time and again by various tests.
- Even quite primitive jamming equipment can cause real problems to those aboard a modern ship.
- Research has shown that it is technically possible to externally interfere with control equipment.
- Incidents have been reported where ballast handling systems have been hacked into on an offshore craft and cargo data has been penetrated by criminals.
It is extremely essential that these vulnerabilities are properly understood and the guidelines point to the need for these issues to be high in the priorities of senior management. Only this will facilitate the right decisions are taken and adequate resources allocated.
The guidelines have been written in clear and unambiguous language so that people who are not IT specialists are able to understand the issues that are explored. The terminology is explained and the processes that need to be followed in hardening the defences are detailed in a practical fashion.
BIMCO and its partners recognise that this is a fast-changing scene and all will stay engaged so that where necessary, the information will be regularly updated. The guidelines are available to download from the website.
Did you subscribe for our daily newsletter?
It’s Free! Click here to Subscribe!
Source: BIMCO