The recent news that the Port of San Diego had been hit by a cyber extortion scheme is further proof that the maritime sector continues to be a target for cyber criminals. Vessel owners and operators must not only harden themselves against attack but also create contingency and recovery plans setting out what to do in the (inevitable?) event that an incident or attack occurs.
The recently updated BIMCO “Guidance on Cyber Security Onboard Ships” should be on everyone’s reading list. This is the third edition of these guidelines in as many years, as good an illustration as could be given of the need to remain up to date and flexible in the face of our ever-increasing dependence on technology and the closer integration between shipboard operational technology (OT) and information technology (IT).
Whilst cyber risk management is not a formal requirement of the ISM Code until 2021, owners and operators should already be preparing now. Use tools such as the BIMCO guidelines to work towards its incorporation into vessels’ safety management systems sooner rather than later. Not only will it take time to properly assess what needs to be done and how to do it, as the six anonymised examples given in the BIMCO guidelines show, cyber issues and attacks are already affecting vessels and operators.
Have you considered the issues raised in the six examples? Are your systems and procedures robust enough to deal with such incidents?
Now more than ever, the saying “hope for the best, plan for the worst, but prepare to be surprised” holds true.
The BIMCO guidance can be read here.
Author: Adrian Durkin