Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

Cyber attacks emerge

October 11th 2017
Although the maritime industry has long been understood as a traditional industry, it is being transformed by digitalisation and connectivity. This has created opportunities for growth as maritime operations can be improved by sharing information and involving all parties in the transport chain.

However, digitalisation comes at a cost as everyone is exposed to the threat of a cyber attack. The shipping industry has emerged as an easy target because such attacks can affect navigation systems of vessels, cargo loading operations, services, ports and terminals, having far-reaching and damaging consequences.

World Maritime News spoke with Julian Clark, global head of shipping at Hill Dickinson, a commercial international law firm headquartered in Liverpool, UK, in the wake of the cyber attack that shut down IT systems of Danish shipping giant Maersk, costing the company up to $US300 million ($F614m).

We wanted to find out whether the recent attack is being seen as a wake-up call for shipping companies, and whether they are aware of the existing threat.

"If a company as sophisticated as Maersk could be affected in such a dramatic way, requiring them to take two weeks to get all their systems back online, anyone and everyone is exposed. One of the largest issues that we have faced is the underreporting of cyber attacks. This has to change," Mr Clark said.

WMN: As vessels have started to increasingly depend on information technology, do you think that shipping companies take cyber-security seriously? Are they ready to invest in counter strategies? About 91 per cent of ships' security officers said they didn't have knowledge to deal with cyber threats

Mr Clark: I am sure if you asked them they would say yes, especially following the recent high profile case involving Maersk, but the reality paints a different picture. A recent survey showed that 67 per cent of cyber-security officers said that cyber-security was not a serious threat to them or their vessels, 91 per cent of ships' security officers said that they did not have the training, knowledge or skills to deal with cyber threats and 100 per cent of IT heads of leading companies said that they provided no cyber training for their crews. Cost is a significant factor but the time has come where there needs to be a significant investment.

WMN: How does the maritime sector compare with other sectors in terms of cyber-security? Is there any market segment (container shipping, LNG, offshore) particularly vulnerable to cyber attacks?

Mr Clark: Other industry sectors are certainly further down the line and the maritime industry generally is behind the curve, although that is changing.

I think sometimes there has been an attitude of, "it can't happen to us" not least because of a false belief that it was hard to infiltrate vessel systems and that access points were limited.

However, the list of access points is pretty endless with exposure to communication systems, bridge systems, AIS, ECDIS, proportion and machinery management, emissions and ballast controls, smart containers and crew welfare systems. There is no particular sector of the industry that is more exposed than any other. It's the systems and access points that create the issues.

WMN: Who should play a key role in recognising and combating cyber threats in the sector, industry bodies or?

Mr Clark: It is a risk faced by the whole sector universally and a strategic and coordinated response is what is required.

This risk is a real game changer and neither standard insurance coverage nor legal precedent has developed to assess and deal with the risks involved.

Sooner or later there will be an incident which will eclipse the Maersk case.

I only hope that far in advance of that, all of those involved in the sector will have actively co-operated to be ready for and know how to address both the risk and consequences.

WMN: How do you comment on the IMO's recently adopted Resolution on Maritime Cyber Risk Management in Safety Management Systems as well as Guidelines on Maritime Cyber Risk Management?

Mr Clark: Both this and the recent BIMCO guidelines are welcome developments. It is essential that we develop systems and drills to attend to the risk.

Companies need to buy in at board level and top management leadership while at the same time ensuring that the entire personnel chain is aware of the issues.