Companies are becoming increasingly alive to the importance of cyber-security and the need to protect themselves against the risk of cyber-attacks; the marine sector is no exception, says Clyde & Co’s Shipping Newsletter.
Earlier this year, BIMCO published guidelines to assist the shipping industry identify, prevent and mitigate the risk of such attacks on board ships.
The guidelines, which are the first to address this issue specifically, were jointly produced by BIMCO, Cruise Lines International Association, the International Chamber of Shipping, INTERCARGO and INTERTANKO with support from the International Union of Maritime Insurance, ship managers, security and cyber-security companies, and ship owners and operators.
Shipowners and operators rely increasingly on on-board IT and Operational Transformation (OT) systems to gather data about their operations, oversee a ship's functions, and monitor on-board security.
A cyber-attack could impair a ship's operation, interfering with controls on the bridge or in the engine room, by targeting navigation systems, propulsion or steering.
Ships that have electronic "personnel-on-board" systems, water ingress alarms, or power management systems could also be affected by such attacks.
Ship computer systems can contain sensitive and highly confidential commercial data about the company's operations, its personnel or cargo, which could be accessed by hackers and used to damage a company's operations, profits or reputation.
Cargo management systems could be manipulated to facilitate the fraudulent transport of illegal cargo.
It is important, say the guidelines, for a ship owner to maintain a system for backing up and recovering important data, so that the potential effect of the data being corrupted or destroyed can be minimised.
The guidelines are a helpful contribution to the work being done to safeguard the shipping industry from the growing threat of cyber-attacks.
For ship owners and operators who have already developed plans and infrastructure to deal with such incidents, these guidelines could serve as a useful basic framework to assess whether more could be done.
For those who are considering how to improve their cyber-security, the guidelines are a timely reminder of the myriad ways in which today's ships can be targeted, and will hopefully assist them in remaining vigilant about the risk whilst working to ensure that their on-board operations remain secure.
