By Giles Noakes, Chief Maritime Security Officer of the Baltic and International Marine Council (BIMCO)
Cyber security is increasingly being addressed in all sectors of society and BIMCO is embracing the issue to ensure its shipping industry members' operations remain safe and secure. For companies, business continuity is essential, as is the protection of commercially sensitive information and management of reputation.
The three key areas where shipping is vulnerable to cyber attack are on-board ships, in the commercial operations of shipowners and operators and in port infrastructures. The Round Table of
International Shipping Associations (RT) comprising BIMCO, ICS, Intercargo and INTERTANKO, is developing standards and guidelines to address the major cyber security issues faced by the shipping industry. The guidelines, however, will only focus on on-board safety and security.
Protection against malicious attacks on computer-based systems on-board ships is now hitting the top of the agenda for shipping organisations in all corners of the world. The International Maritime
Organisation (IMO) has already heard calls for action and the insurance industry repeatedly lists the issue as one for concern. The Round Table has made a submission to the IMO on this vital issue outlining the steps currently being taken by the industry to address any vulnerabilities.
The vulnerabilities are numerous and the threats imminent – the question of protection is a complex set of issues and not just about operating a firewall on a ship or installing virus scanning software on the on-board computers. All of the major systems on a modern ship are controlled and monitored by software; these include the main engine, steering and navigation systems, and the ballast water and cargo handling equipment.
To address this problem and help the industry to protect itself against these risks, the RT is already working with industry partners on a number of complementary projects to develop standards and guidelines to address the cyber security issues.
The purpose of the guidelines on cyber safety and security on-board ships is to establish guidance on cyber security measures for ships, shipowners and operators based on the following high level principles:
- Establishment of awareness of the safety, security and commercial risks that present themselves due to a lack of cyber security measures;
- Protection of shipboard IT infrastructure and connected equipment and the protection of data that is used in the ship environment, ensuring it has adequate protection based on the sensitivity of the information;
- Systems for authentication and authorisation of users, to ensure appropriate access to necessary information, including the management of IT users to make sure they only have access and rights to the information for which they are authorised;
- Management of communication between the ship and the shore side, and the development and implementation of a cyber incident response plan based on a risk assessment.
Download The Link newsletter
For more information, contact Sean Woollerson, Partner in the Marine Division on +44 (0)20 7558 3864
Find out more about our Marine capabilities