Imagine you are an Information Security Manager for a shipping company and while docked in port, a service technician boards your ship to perform a software update of the Voyage Data Recorder system and unknowingly introduces a virus.
As a result the ship’s ECDIS system becomes infected resulting in a denial of service once you’ve set sail. The ship is now sailing without ECDIS and the last course direction was towards North Korean waters. What do you do next?
That exact scenario was played out with 60 delegates from the Greek shipping community and five UK companies at the Athens residence of British Ambassador.
The wargame scenario was created and overseen by Professor Siraj Shaikh of Coventry University, author of “Future of the Sea: Cyber Security” for the UK Government Office of Science.
Five UK organisations with specialist cyber security interest hosted the Greek event and promoted discussions on the tables. CyberOwl, ESID Consulting, Inmarsat, Lloyd’s Register and the University of Plymouth all took part.
Daniel Ng, CyberOwl told delegates: “The cyber war game format facilitated some fantastic, and sometimes passionate, discussions. It is clear the Greek shipping community is concerned about cyber risks and are struggling to understand where and how best to start managing them. Events like this are so important to engage in such important dialogue and showcase the best British capabilities that can be brought to the table.”
Gary Peace of ESID Consulting described the event as “truly ground breaking”. He said it provoked intense discussion and exchanges showing just how complex the response to a cyber-attack can be. “Importantly the scenario posed showed what actions and decisions need to be considered and taken when managing an organisational response to a cyber breach and to stop it turning into a crisis.”
LR’s Elisa Cassi said: “As cyber threats continue to increase in the marine industry, it is our mission to ensure clients never make the headlines for the wrong reasons. Whilst it’s impossible to eliminate cyber threats, implementing the right strategy, education and services covering both information and operational assets will dramatically reduce the risk of a breach, and the associated operational and safety risk as well as reputational and financial impacts.
“No business can make itself impregnable. What it can do, however, is seek to temper any attack on its critical business drivers by creating a scalable security posture,” said Cassi.
Wayne Perks of Inmarsat said it is great to see the enthusiasm and proactive responses from Greek ship operators and owners towards the increasing cyber security threat. “Inmarsat has been responsible for safety at sea for over 40 years, the cyber war-game scenario gave a clear demonstration of why treating a cyber security event as critical as you would a distress situation is so important,” said Perks.
The Society of Maritime Industries Tom Chant said that with the growth of the digital sector the society has created a Digital Technology Group to support this type of activity for the sector.