The trend towards an increasingly software-intensive world – in which there is more code in a new car than there is in a commercial aircraft – is impacting the marine and offshore business. However, in our industry, not all users of new technology understand the way the software they are using was built, how it operates, what happens when it fails, and what strategies they have to mitigate potential cyber security threats.
Shipping industry systems from 20-30 years ago were akin to a closed loop, in which IT was to some extent separate from vessel operations. Now, our ships and assets employ a ‘system of systems’ approach that combines operational and information technology.
This creates a need to understand the compound integration risk of overlapping, integrated software and systems on our assets and those of others. To do so means taking the first steps to understanding and embracing a software-intensive future.
Changes to the role of class societies make this a very exciting time to be a chief technology officer. With the expansion of the regulatory environment, class is widening its remit to include verification of compliance with regulations and new topics such as cyber security. At the same time, advances in sensor and inspection technologies such as remote monitoring are making our job more complex. .
The traditional approach to business is also changing. Previously, classification, asset health and asset performance were viewed as three different silos but we no longer operate simply in an environment of structures or machinery and equipment. Looking at the future we can see that cyber and software risk are overlapping and converging and as a result class and industry have to adapt.
We work in an environment of increasing automation and we love the benefits and reach this brings us but we must also understand and act on the threats that derive from our software-enabled businesses.
Our conversations with shipowners who are just starting on this journey tell us several things.
We hear a lot of talk about investment in corporate firewalls and this is important, but we would argue that operational software needs a lot more attention. It is not unusual to hear companies say they are yet to lose a dollar on cyber intrusion, but they have lost millions of dollars on software management issues which affected their operations.
Others recognise they are not yet organised enough to address the problem. They have a CIO, an operations department and a technical domain, but getting the three sides together can be a challenge. Recent statistics from Sea Asia also showed that an estimate 55 per cent of industry leaders claim there are no established protocols to effectively deal with cyber threats in their respective organisations.
The International Maritime Organization (IMO), U.S. Coast Guard, Bimco and International Association of Classification Societies (IACS) are all mobilised and in this last example, it is critical that IACS as a trusted technical advisor, makes its position known so that formulation of future rules and guidance reflects practical actionable advice.
A key part of understanding the shared or compound risk profile is not to limit ourselves to the idea that if our house is in order, the job is done. Ships are part of a connected, integrated collaborative network and we must understand how all the pieces and parts work together.
As our assets get smarter, we can be certain that the future is going to be data-centric. A critical part of this process, given the changes in class services, is also managing data integrity and being prepared for potential data risks.
The importance of managing integrity and data security will be one of the key highlights at this year’s Sea Asia conference. Thought leaders from both the maritime and technology sectors will come together on the common Sea Asia platform to not only explore the implications of smart shipping and how our industry can better embrace new technological solutions but also how it can tackle cybersecurity threats that come along with these new solutions.
On ABS’ end to tackle this massive subject of data and cyber risks, we have developed a tailored, modular and measurable process which can evolve over time as threats and technologies emerge. Our ABS CyberSafety® approach is stepwise and notation-based, and moves from a set of basic procedures covering corporate organisation and governance to a detailed capability and task-assessment cycle. This approach enables us to understand assets, gaps and vulnerabilities, develop a risk profile and execute a project plan with asset owners.
It brings together traditional IT and Operational Technology. These worlds have traditionally been separate but now, there is need for them to work together to develop an appreciation of shared risk. This is because despite the many unknowns of our current business environment we can be sure that these risks – as well as our ability to meet them – will continue to evolve.
ABS is a sponsor of Sea Asia 2017, which will return for its sixth edition in Singapore from 25-27 April 2017.
Copyright © 2024. All rights reserved. Seatrade, a trading name of Informa Markets (UK) Limited. Add Seatrade Maritime News to your Google News feed.
