Seatrade Maritime is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cyber attacks - coping with new threats to the maritime world

Cyber attacks - coping with new threats to the maritime world
“From rock and tempest, fire and foe, protect them where so ever they go” is an all-encompassing list of maritime hazards which is usefully encapsulated in the seafarers’ favourite hymn –“Eternal Father”. A very 21st century addition to these timeless risks of maritime commerce might now be that of cyber attack, which conceivably could be as serious and damaging as any of those on this list.

Ships are no different to any other facet of modern life and have become, in recent years, horribly vulnerable to malicious or criminal external interference, with all the sophisticated electronics that keeps them operating efficiently. The fact that nothing really terrible has happened (at least that which has been made public) probably owes more to the general ignorance of marine technology and the plethora of other tempting targets, than the efficacy of shipping’s own defences.

We have seen at least some of the writing on the wall. We know, because experiments have confirmed the fears, that even the most rudimentary electronic jamming equipment can make mincemeat out of a ship’s navigation, communication, engine management and other systems dependent on satellite signals. We have learned about a number of cyber attacks that have been made public, such as the near capsize of a semi-submersible oil rig, after external interference with its ballasting system, or a determined effort by drug smugglers to insinuate themselves into a major port’s cargo control systems.

But we have also been warned by experts that, perhaps because shipping has hitherto been “over the horizon”, that the industry’s defences are lagging far behind that which they would recommend, in view of the reality of risks. There is, we are told, a degree of complacency that is really very worrying, due in part to the false alarm of the Millennium Bug which has tended to lodge itself in maritime consciousness.

Nevertheless, cyber experts who manage to get afloat report worrying signs of general defencelessness. At a recent conference, an expert noted that after every visit, he would routinely destroy his laptop, such was the level of “contamination” by viruses and the like in the systems he saw afloat. Pirated software is routinely reported in ships’ navigational systems and devices brought aboard by crew or contractors are often badly contaminated.

So there will be some enthusiasm in the industry surrounding the launch this month of “The Guidelines on Cyber Security Onboard Ships”, produced by Bimco, CLIA, ICS, Intercargo and Intertanko, with expert external assistance from other knowledgeable stakeholders. This primarily tells people who have limited experience in this field what they are up against, who the enemy might be among the activists, criminals, opportunists, the state-sponsored and terrorists, and what they can practically do to harden their defences.

It is produced in a seamanlike fashion, showing people how to understand the cyber threat, how to assess vulnerabilities and the reality of risk, implement its reasonable reduction and develop contingency plans, along with a lot else besides. It shows what measures can be taken, and how company and ship-specific risk-based systems can be developed.

Will it work, if the enemy starts to target the maritime world in a serious fashion? That depends, firstly upon the threats being taken more seriously by those at the top of senior management and by what they are willing to invest in defence. It is worrying, however, when the vulnerability of maritime systems is considered alongside the lack of what we might describe as old-fashioned manual systems and procedures that can swing into use, in the event of a cyber attack. That, and the difficulty of maintaining adequate defences on the average merchant ship, where there is no electronic or IT specialist routinely carried as a crew member. Maybe this needs to change.