Cyber Security; The Unknown Threat at Sea?
Having recently finished my Master’s Degree (MA) in Maritime Security I thought I would write my first blog on the JWC International website on the same subject as my thesis, Maritime Cyber Security.
Maritime & Offshore Cyber Risk is quite a broad term and can be interpreted in many ways but for the purpose of this blog it will be defined as:
‘Cyber Risk means any risk of accidents, incidents, financial loss, business disruption, or damage to the reputation of an organisation through failure or compromise of its electronic systems or the people using them’
‘Maritime is defined as relating to the sea or ocean and is often associated with seaborne trade’
‘Offshore is defined as a geographical area at sea located away from land’
Background & Context:
Until only a few years ago, most of the cyber related attacks worldwide were driven by an attempt to obtain personal or financially sensitive information. Today, the nature of the increasing threat is very much changing, and organisations across all sectors have begun to see highly sophisticated and complex cyber-attacks that attempt to cause damage to property and operations by seeking to take control of industrial control systems.
The UK government have profiled cyber-attacks as a top tier threat to the national security of the nation and our current reliability on the internet which has connected the world intrinsically and played a huge part in globalisation and increasing the threat.
Industrial control systems are used across the shipping and offshore sectors worldwide. These types of systems use data received from remote stations and terminals to control processes and procedures either automatically or via an operator’s input, and are designed to be closed to the outside world. Highly skilled cyber criminals and hackers have demonstrated the ability to penetrate the systems used by the maritime and offshore industries, including port facilities, offshore platforms and shipping vessels, which all come with ‘potentially’ disastrous consequences if breached.
Vessel navigation, propulsion systems, cargo handling, crew manifests, container tracking systems at ports and on board ships, shipyard inventories, all information and communication automated processes (the list is endless) are all controlled using software that is fundamental to smooth-running operations in both the maritime and offshore domain.
Concerns from Industry
Through my studies at Coventry University where I often discussed Cyber Security issues with my course tutor Dr Ioannis Chapsos & Dr James Malcom. It was very clear from the outset that security and risk managers across the maritime and offshore industries understood that Cyber Risks were a huge concern and posed significant threats, but the majority of people including Company Security Officers (CSO), Ship Security Officers (SSO), Port Facility Security Officer (PFSO) did not have the knowledge, understanding or training to be able to mitigate and minimise the cyber risks to their operations, which also meant they could not advise their crews. Many security managers I spoke to didn’t believe cyber threats were a security issue and directed me to their respective I.T. department.
The maritime environment continues change and evolve, and over the years so has the technology that supports successful operations. The maritime sector today still continues to be one of the biggest industries in the world and more than 90% of world trade is still conducted by sea logistics.
Technology is of huge importance to the industry as it is often used to reduce costs (for example as a navigation aid or for speed and efficiency at a container port terminal). As we move forward technology will be relied upon more and more and as technology advances evolve so will the risks and threats to them. Maritime security professionals operating in the maritime sector along with ships crews, offshore workers, port staff and anyone else who plays a key role in maritime and offshore operations needs to understand the basics of cyber security and employers should be doing their best to protect their organisation, assets and people. Good cyber security awareness is about being ‘proactive’ not ‘reactive’ before it’s too late!
JWC International has been delivering on board basic maritime cyber security awareness training to ship’s crew members of all ranks and continues to run workshops worldwide to raise awareness of this unknown and often misunderstood threat at sea.
‘JWC International provided ‘Maritime Cyber Security Awareness (MSCA)’ training on board for our fleet of vessels and the feedback from ratings and officers was excellent’
Capt. Huseyin, Rigel Ship Management
Liverpool ,United Kingdom
For further information about crew cyber security training, please download our latest brochure here.
Office: +44 (0) 1264 847 817
24/7 Support: +44 (0) 7834 991 918