Digital fog ahead – seeing through the complexity of maritime cybersecurity
Where digitisation appears then cybersecurity is never far behind.
Early on, banks and retailers discovered that their websites, systems and databases made tempting targets for criminals to steal personal data or even money. Later digital adopters in the utilities and energy sector found that cyberattacks can even have physical consequences like water pollution or the widespread power disruption suffered by the Ukraine in 2015.
Now the wave is reaching the maritime industry. Ships, ports and maritime support activities continue to adopt digital systems to handle commercial, cargo and personal information, and even control the ships or port facilities themselves. The more we digitise the more interesting the systems become to cyber attackers and the more significant the potential impact could be when they do attack.
Of course, not all things are the same. Older vessels usually have much less digital technology than those currently leaving the shipyards. The degree of digitisation also differs where some just have navigation and communications whilst others support remote digital monitoring of cargoes, highly-sophisticated engine rooms or significant communication demands. The message here is that cybersecurity investment needs to be appropriate to the risk, as nobody has the luxury of bottomless digital budgets.
Clearing the fog
It is good that the growing importance of cybersecurity in maritime has been recognised, but with this urgent enthusiasm a fog has now started to appear. Interest is leading to action and a wide range of groups are producing their own cybersecurity guidelines and the Classification Societies is now also working on a draft set of recommendations. It is better to have guidance than have none at all, but some in the industry can see the risk of every association, nation, region or even ports starting to set different expectations.
The good news is that the fog is showing signs of clearing. The industry has formed a joint working group under the Chairmanship of George Reilly of ABS to pick up on the direction set by IMO cybersecurity guidelines and establish a common way to describe marine cybersecurity risk. The Classification Societies and key associations are keen to be part of this. I am delighted to have been retained by Inmarsat to be the facilitator for this group and bring my financial services and energy sector experience to bear.
Through this blog I will provide occasional updates on our approach towards a consistent view, especially where one maritime system connects to another. We don’t expect, or desire identical standards to be developed everywhere, but consistency of approach to risk management would help a lot. If you are active in maritime cybersecurity risk management and the development of new standards and guidelines, we would encourage you to be part of this thinking.
Professor Paul Dorey will be presenting at the ‘Dispelling the myth – the reality of cyber security in the shipping industry’ event as part of London International Shipping Week 2017 on Wednesday 13 September 2017.
Source: Professor Paul Dorey Ph.D. CISM F.Inst.ISP