David Thompson, Investigator at UKP&I Club’s Signum Services consultancy arm at UK P&I Club, highlights the importance of cyber security at sea.
While the use of computerized systems for everything from navigation to container inspection has enhanced the safety and security of vessels at sea, it has also created a new type of threat to the shipping industry – cybercrime.
The risks around cyber security and insurers’ exposure to these risks are a concern for the industry and regulators alike. We are continually monitoring both the operational and insurance cover ramifications of exposure to cyber risk.
Cyber disruption and hostile attacks are immediate, unforeseen and have potentially global consequences. A technological breach will leave a company exposed, risk operational downtime, and potentially scrutiny by regulators over compliance policies.
Cyberspace is a rapidly changing environment and all organizations work differently, as such guidance to reduce or mitigate risk must be broad. Companies and individuals should take a holistic approach to security that can respond to evolving risks.
Information technology and operational technology onboard ships are being networked together – and more frequently, connected to the worldwide web. This brings the greater risk of unauthorised access or malicious attacks to the ship’s systems and networks.
Additional risks occur from personal communication devices having access to the systems onboard, for example, by introducing viruses via smartphones. The culture of cyber security will be company (and ship) specific, but should be guided by appropriate standards and the requirements of relevant national regulations.
In many ways, the safeguards required for effective maritime cyber risk management are no different to those that should be followed in all instances. Up to date IT security is essential, but in reality, it’s people who are the problem.
The UK Government Information Security Breach survey indicated that in 2015, 75% of large organisations suffered staff related security breaches, and that 50% of the worst breaches were human error. Therefore, encouraging a culture of awareness and understanding throughout all organizations is essential.
Be vigilant and avoid complacency. Don’t be paranoid, but always be suspicious, and have the potential for fraud at the forefront of your mind. Make sure you check out new customers or suppliers. If someone contradicts an instruction about payment, then ask questions.
Ensure computer software and security is up-to-date. Don’t give out personal details, and definitely don’t give personal financial information over the telephone. Be candid on social media. Always ensure passwords are strong and changed on a regular basis.
Organized crime has moved ‘on line’ and criminals know that there are huge profits to be made with very little chance of being caught.
In the cyber world, the mantra is definitely ‘Prevention is better than cure.’