Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

Lack of industry concern cited at cyber security training launch

October 27th 2017
At the launch event for a new cyber security training programme developed by Videotel in partnership with BIMCO, members of a panel cited a general lack of concern across the wider shipping industry as a key obstacle to improving cyber security.

Moore Stephens cyber security partner Steve Williams said “It’s the same with every industry. Nobody cares until there’s a problem. It’s not a criticism of the [shipping] industry, it’s just a fact.”

Mr Williams said cyber attacks were pervasive across all business, government and NGO sectors.

“50-90% of organisations will get hit by a cyber attack. Why should [shipping] think that we’re any different?”

The programme offered by Videotel, ‘Cyber Security at Sea’, covers various cyber security threats, risk assessment for ship systems, risk reduction practices for individuals and ship systems and best practice for responding in the event of a cyber security breach or attack. The programme consists of an indepth video as well as a manual and took two years to develop.

KVH Videotel producer James Cleave said that his group created the programme as a practical guide to help seafarers better recognise the threats they can pose to onboard systems and be better prepared to respond to cyber security attacks.

In a statement, KVH senior vice president Mark Woodhead said “A cyber-attack can severely impact and impair vessel performance. Many cyber incidents on board are triggered accidentally by seafarers opening phishing email attachments or hyperlinks, or using infected removable media, so this training programme explores how to minimise these risks by making personnel more aware of the types of malware.”

Members of the panel – which, in addition to Moore Stephens’ Steve Williams, included the director of the training video Keith Purkis, Cribb cyber security technical director Patrick Carolan, and BIMCO manager Lars Gullackson – discussed the importance of ‘cyber hygiene’ on board, the importance of further cyber security regulation and the need for shipowners and managers to invest more in cyber security. 

Speaking to Maritime Electronics and Communications after the event, Mr Williams praised IMO for moving quickly to enact cyber security regulations by setting a deadline for shipowners and managers to incorporate cyber risk management into the ISM Code by 2021.

A recent survey by satellite communications provider NSSLGlobal pointed to a widespread lack of cyber security training in the shipping industry. The online survey showed that more than two-thirds of crew may not have received any cyber security training from their employers.

People, as opposed to systems, are widely considered to be prime targets for initiating cyber attacks. The panel of speakers at the jointly-held International Maritime Contractors Association and Oil Companies International Marine Forum Cyber Security Seminar 2017 said that the so-called “carbon-based threat” is the biggest the shipping industry faces.

In 2016, BIMCO published The Guidelines on Cyber Security Onboard Ships, and released an update to the guidelines in July in the wake of the shipping industry’s largest cyber attack to date.

Until recently, shipping had escaped most of the headline-grabbing cyber attacks. In late June, however, the NotPetya virus took down the operations of container shipping giant Maersk, costing the company an estimated US$300M.

And it was revealed in mid-October that tanker company BW Group was hit by a cyber security breach in July that allowed hackers to gain access to its computer systems.