Seatrade Maritime is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Shipowners financially liable for a cyber-attack: legal expert

Shipowners financially liable for a cyber-attack: legal expert
Shipping companies leaving themselves vulnerable to cyber-attack also risk massive financial liability for damage to other businesses, warns executive director of the Institute for Cyber Security Innovation Robert Carolina.

A technology and intellectual property lawyer, Carolina, speaking at the 8th London Chemical & Tanker Conference, said the risks to shipping include potential for loss of ship, loss of cargo, loss of crew, third party property damage, third party loss of life and a hazard to third party navigation.

Carolina’s precedents for cyber-attacks were many. He quoted the recent case of hackers stealing information from bills of lading; and the Aurora generator test, where technicians at an Idaho laboratory were able to remotely hack a 2.25 mw diesel generator - “It’s fascinating to watch a many-tonne generator vibrate itself to death”.

“The test for being tagged for liability in a negligence claim case is doing what is ‘reasonable’ [to prevent an incident]. Throughout the history of reasonableness, the main thing people have done around is to ask ‘what do other experienced operators do? What is industry best practice? Must be reasonable.’”

But from a legal standpoint, companies would not be able to take refuge merely in matching preventative measures of their peers.

“Common practice is not the same as reasonable practice,” said Carolina, quoting Judge Learned Hand in the landmark T.J. Hooper maritime case of 1932. “If the cost [of prevention] is less than the benefit to be achieved, then the failure to adopt that is ‘unreasonable’, and therefore negligent. In other words, best practice is not necessarily reasonable practice.

“When you’re talking about cyber security, where the cost of [prevention] solutions drops at an exponential rate, then the shift into behaving negligently can happen very quickly – in a matter of a couple of years, or a couple of quarters,” Carolina stated.