Cyber Security at Sea
While the use of computerised systems for everything from navigation to container inspection has enhanced the safety and security of vessels at sea it has also created a new type of threat to the shipping industry – cyber crime.
The risks around cyber security and insurers’ exposure to these risks are a concern for the industry and regulators alike. Both the UK Club and the International Group are continually monitoring both the operational and insurance cover ramifications of cyber risk exposure.
Cyber disruption and hostile attacks are immediate, unforeseen and have potentially global consequences. A technological breach will leave a company exposed, risk operational downtime and potentially scrutiny by regulators over compliance policies. To help shipowners navigate the wealth of information available, the Club has compiled a number of resources on the topic.
Protection in cyberspace?
Cyberspace is a rapidly changing environment and all organisations work differently, hence, guidance to reduce or mitigate risk must be broad. Companies
and individuals should take a holistic approach to security that can respond to evolving risks.
Information technology and operational technology onboard ships are being networked together – and more frequently, connected to the worldwide web.This brings the greater risk of unauthorised access or malicious attacks to the ship’s systems and networks.
Additional risks occur from personal communication devices having access to the systems onboard, for example, by introducing viruses via smartphones,
etc.The culture of cyber security will be company (and ship) specific, but should be guided by appropriate standards and the requirements of relevant national regulations.
In many ways, the safeguards required for effective maritime cyber risk management are no different to those that should be followed in all instances. Up-to-date IT security is essential, but in reality, it’s people who are the problem.
The UK Government Information Security Breach survey indicated that in 2015, 75% of large organisations suffered staff related security breaches, and that 50% of the worst breaches were human error. Therefore, encouraging a culture of awareness throughout all organisations is essential.
Tell staff about fraud and how it can occur.
Be vigilant and avoid complacency. Don’t be paranoid, but always be suspicious, and have the potential for fraud at the forefront of your mind.
Make sure you check out new customers or suppliers. If someone contradicts an instruction about payment, then ask questions.
Ensure computer software and security is up-to-date. Don’t give out personal details, and definitely don’t give personal financial information over the telephone. Be candid on social media. Always ensure passwords are strong and changed on a regular basis.
Organised crime has moved ‘on line’ and criminals know that there are huge profits to be made with very little chance of being caught.
In the cyber world, the mantra is definitely ‘Prevention Is Better Than Cure’.
From the UK Club
Loss Prevention bulletin - Cyber Fraud
Signum Services are the in-house investigation department at Thomas Miller & Co and operate as part of the UK P&I Club. Signum offers a unique and bespoke investigation service for the benefit of the Members. Its prime task is to ensure an immediate, conﬁdential and professional response when undertaking investigations concerning maritime related crime matters. Find out more about this unique service.
Thomas Miller managed businesses
Cyber crime impacts all areas of the maritime and transport industry. Many of Thomas Miller managed marine business have also been active in reporting on the topic. For your information, links to the relevant content on other club websites is collated here.
Loss Prevention advice from the TT Club -Mandate Fraud
Article: Who stole my container?
Don’t take amendments at face value - article from the ICS Shipping Network magazine ITIC’s Andrew Jamieson and Melanie Thomas explain why a little knowledge can help prevent fraud. Read the article here.
Virtual Robbery - article by Robert Hodge in latest edition of Ship Management International
Thomas Miller Specialty
Useful Links & resources
Guidance from the UK Government on Crime and fraud prevention for businesses in international trade https://www.gov.uk/guidance/crime-and-fraud-prevention-for-businesses-in-international-trade
The cyber guidelines launched in 2016 and developed by international shipping associations, comprising BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO - and with support from a wide range of stakeholders. The aim of these Guidelines is to promote knowledge within the industry of the cyber security risks to enable operators to put measures in place to guard against such attacks.
Cyber Security Aspects in the Maritime Sector From the European Union Agency for network and information security. This report is the first EU report ever on cyber security challenges in the Maritime Sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cyber security. https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1