There was panic all around, as authorities tried to figure out what was happening. It was just a click on a seemingly harmless, email received that might have brought the whole system to a standstill.

With brazen hacking schemes in past years, including the debilitating 2021 ransomware hack of the Colonial Pipeline in the US, cyberattacks today are part of modern warfare. In Russia's war against Ukraine, these tactics are being used to demoralize and spread misinformation. Thus, the need for a safe and secure cyberspace has become more important than ever, especially as we all grow increasingly dependent on ‘digital lifelines’.

In the global supply chain, the shipping industry has also become an attractive target for cyber criminals, and politically motivated attacks. Many have been targeted over the years, be it liners, ports or 3PL’s.

Cyberattacks can be in the form of changes in ship data, including its position, course, cargo information, speed and name. Creation of ‘ghost ships’, recognized by other ships as a real ship, in any location in the world, sending false weather information to specific vessels to force them to change course to avoid a non-existent storm. The possibility of carrying out a Denial of Service (DoS) attack on the entire system by initiating an increase in the frequency of transmission of Automatic Identification System (AIS) messages and more.

As quoted by Yvan Byeajee “Risk and opportunity are two sides of the same coin”, with new technology, more automation and digitalization - we grow more digitally bound, connected and efficient, making cyber security increasingly important in our space.

Various regulations and laws are being introduced that require stakeholders to consider cyber risks, such as the International Maritime Organisation (IMO) guidelines on maritime cyber risk management. The guidelines provide high-level recommendations on maritime cyber risk management, to safeguard shipping from current and emerging cyber threats and vulnerabilities, and include functional elements that support effective cyber risk management. These recommendations can be incorporated into a company’s existing risk management processes and are complementary to the safety and security management practices already established by IMO.

There are also others such as the guidelines on cybersecurity onboard ships issued by International Chamber of Shipping (ICS), International Union of Marine Insurance (IUMI), Baltic and International Maritime Council (BIMCO), Oil Companies International April - June 2022 Newsletter Issue XXXVII13 Marine Forum (OCIMF), International Association of Independent Tanker Owners (INTERTANKO), International Association of Dry Cargo Shipowners (INTERCARGO), World Shipping Council (WSC) and Superyacht Builders Association (SYBAss), Consolidated International Association of Classification Societies (IACS), recommendation on cyber resilience (Rec. 166), International Association of Ports and Harbors (IAPH), Port Community Cyber Security Report, ISO/IEC 27001 standard on Information technology – Security techniques – Information security management systems – requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework).

  • Nothing great comes without risk, so we can only manage it better - Cyber Risk Management

Companies must conduct a proper assessment of any potential maritime cybersecurity risks across people, processes and technologies. Post that, a cybersecurity policy must be incorporated across all levels of the organization, onboard and ashore. Companies must also develop a continuous process of reviews, inspections, internal cybersecurity audits and feedback mechanisms.

In cybersecurity, the more systems we secure, the more secure we are. So, be aware, beware and smarter with all the software.

  • 6 steps of cyber risk management
Assess risk exposure
Develop protection and detection measures
Identify threats
Respond
Security incidents
Establish contingency plans

  • Did you know?

Around more than half of the world’s countries now have a Computer Incident Response Team (CIRT) and almost two-thirds have some form of a national cybersecurity strategy guiding their overall cybersecurity posture.

There also is GCI, the Global Cybersecurity Index (GCI) - an initiative of the International Telecommunication Union (ITU), the UN specialized agency for ICTs, shaped and improved by the work of a diverse range of experts and contributors within countries and other international organizations.

Global scores and ranking of countries
Country Name Score Rank
United States of America 100 1
United Kingdom 99.54 2
Saudi Arabia 99.54 2
Estonia 99.48 3
Korea (Rep. of) 98.52 4
Singapore 98.52 4
Spain 98.52 4
Russian Federation 98.06 5
United Arab Emirates 98.06 5
Malaysia 98.06 5