Shipping Organizations Launch Own Cyber Security Guidelines

File Photo: Creative Commons
File Photo: Creative Commons

By Nadeem

Every business connected to Internet is worried about cyber threats, which are growing day-by-day. Shipping companies seem to be taking cyber security seriously.

To help ship-owners improve cyber security for their ships, international shipping associations, including BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO, have recently released a set of cyber security guidelines for ships.

The Guidelines on Cyber Security Onboard Ships will help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident onboard a ship, according to BIMCO, the world’s largest international shipping association with 2,200 members in around 130 countries.

“BIMCO has led the way to identify potential cyber vulnerabilities for ships – and their implications – based on the latest expert research,” BIMCO Secretary General Angus Frew stated. “The aim is to provide the shipping industry with clear and comprehensive information on cyber security risks to ships enabling shipowners to take measures to protect against attacks and to deal with the eventuality of cyber incidents.”

According to experts, cyberattacks, which may affect companies and ships, can be divided into two main categories, untargeted attacks and targeted attacks. In untargeted attacks, a company or a ship’s systems and data are one of many potential targets, and in targeted attacks, a company or a ship’s systems and data can intentionally be targeted. Experts believe that targeted attacks may be more sophisticated and use tools and techniques specifically created for targeting a particular company or ship.

Shipping companies are recommended to initially perform an assessment of the potential threats that may realistically be faced. This should be followed by an assessment of the systems and procedures on board, in order to map their robustness to handle the current level of threat. These vulnerability assessments will serve as the foundation for a senior management level discussion/workshop. It may be facilitated by internal experts or supported by external experts with knowledge of the maritime industry and its key processes.

The growing complexity of ships, and their connectivity with services provided from shore side networks via the internet, makes onboard systems increasingly exposed to cyberattacks. In this respect, these systems may be vulnerable either as a way to deliver a cyberattack, or as a system affected because of a successful cyberattack. According to experts, stand-alone systems will be less vulnerable to cyberattacks compared to those attached to uncontrolled networks or directly to the internet.

It is recommended that companies should develop, and ships should have access to, appropriate contingency plans in order to effectively respond to cyber incidents. Without a contingency plan, decisions and actions may be made that inadvertently make recovery work more difficult and compromise evidence.

The guidelines, first for the shipping industry, are free, and will be updated regularly by the industry associations because cyber threats are changing all the time. BIMCO said that they will make sure that the shipping companies have the latest information available.

“The guidelines launched today should help companies take a risk-based approach to cyber security that is specific to their business and the ships they operate,” Frew added.

The guidelines can be downloaded here.