28 nov 2019
The maritime industry has done much to embrace digitization in recent years. Cost savings and efficiencies are always welcome but, as with every benefit, there are potential pitfalls to overcome.
Cyber security in the maritime domain has become a hot topic in the last two years. While many felt immune to the threats posed by cyber criminals – be they organized criminal gangs or malicious hackers – the NotPetya ransomware incident which affected Maersk in 2017 and a number of similar incidents involving major ports have underlined the risks to businesses in the maritime domain. No-one is safe, given attacks can be directly targeted or simply part of a cascade effect at a supplier or third party company.
Shipping companies are uniquely exposed in this regard. Not only do they face the same risks at head office as any other shore-based industry, they also have fleets to protect from malicious attack and supply chains which can all be impacted directly or indirectly by a cyber incident. Flag states, industry bodies and the commercial sector have generally been quick to offer guidance, services and products to mitigate the risk, but actual, practical advice has often been rather scarce. Thankfully, that is no longer the case.
Witherby Publishing, in association with BIMCO and the International Chamber of Shipping, has produced the Cyber Security Workbook for On Board Ship Use, and I have to say I’m extremely impressed.
Aimed initially at Masters and senior officers, the Workbook will hopefully become an industry standard and makes useful reading for anyone in shipping. It is aligned with the guidelines produced by the IMO Resolution MSC.428 (98) and other IMO guidelines and is essentially a thoroughly practical guide for cyber security on board a vessel.
Beginning with risk identification and the most common threats and attack vectors, from malware to crew USB sticks and social engineering, the Workbook breaks down each topic into easily read sections before delving deeper into protection and prevention. High on this list is crew training, something which is essential but often not followed up on or repeated. As the threats posed by cyber attack and the methodology itself evolves, so too should the training offered.
What really does impress are the checklists (and Masters should note that the Workbook comes in ring binder format, which will allow the various checklists to be photocopied for ongoing use). These checklists are incredibly thorough, from crew training to detecting a cyber incident to the incident response. The section on detecting, responding and recovering ship’s business systems, for example, is over 40 pages long and contains checklists and guidance aimed at ensuring operational continuity after an incident on board.
Virtually no ship system is left uncovered, and it’s hoped that this Workbook becomes the standard for on board use. It’s concise and extremely relevant and will definitely impress any maritime CISO with the depth it goes in to. An absolute must have for any Captain or Master who wants to protect their vessel from potential cyber intrusion.
The company has produced a short video introduction to the book:
For more information or to purchase the Workbook, please visit:
David Rider is a consultant who has worked with leading maritime security firms since 2009 as an intelligence analyst, working in both the maritime and cyber sectors. He maintains the blog maritimesecurity.news.blog in his spare time.