Cyber security at sea


Aside from the big cyber stories of 2015, where traditional hacking saw criminals make off with millions upon millions of sensitive customer records, we also saw coverage of a new breed of cyber threat. Cars were cyber-jacked, aircraft were shown to be susceptible to remote takeover and children’s’ toy manufacturers were shown to have vulnerable toys that could expose them to cyber hacking and stalking. Across a multitude of these market sectors and industry verticals, security professionals are seeing a trend whereby industry bodies and regulators are waking up to the fact that cyber-attack is a real problem, especially in markets where this has never been a problem before. Regulators are now publishing guidelines for these industries, with the intention of helping their charges understand these risks, in a world where cyber has never even entered their daily lexicon.

The shipping industry is the latest market to jump on board (no pun intended), which is why in January 2016, BIMCO released, “The Guidelines on Cyber Security Onboard Ships.” This publication is aimed at ship owners, operators, managers, brokers and agents, and offers some excellent advice on assessing the cybersecurity risks related to shipping.

“The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organisations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies in developing resilient approaches to cyber security onboard ships.”- BIMCO: The Guidelines on Cyber Security Onboard Ships

BIMCO has coauthored a set of cybersecurity guidelines to help the global shipping industry prevent major safety, environmental and commercial issues that can result from cyber security incidents on board a ship. The focus of the report is that of risk management, which, naturally, the best approach is for anyone wanting to start the processing of maturing in response to cyber security. What’s great about this report is that it focuses not only on the standard information technology aspects of shipping, but it also pays attention to the often underserviced aspects of operational technology (OT) that also affect many large-scale heavy industries, such as resources, utilities and construction.

BIMCO’s approach fully aligns with the steps taken by the majority of organisations that already have an established process for information security management. The report suggests that shipping companies should introduce a fundamental programme of security awareness training that underpins the introduction of the full risk management lifecycle. The process offered up by BIMCO aligns perfectly with international standards, whereby shipping companies begin by identifying threats that may affect their systems and information, identify the vulnerabilities they may be subject to, then move into a process of risk assessment and risk management. Companies are shown the means by which they can include security controls within their security architecture as well as being offered help on establishing the contingency and remediation plans for dealing with an attack, should one occur…Click HERE to find out more about this article