The maritime industry is exposed to a greater risk of a cyber attack than the world economy itself. Experts in maritime security warn that a large cyber attack in the shipping and the maritime industry is approaching.
In June 2017, the NotPetya attack cost AP Moller-Maersk at least USD 300M and shook the entire industry. This is only the material losses, in a pessimistic scenario a cascade effect of an intrusion could be presented, which can affect ships that transport dangerous or polluting materials. On the other hand, it could compromise the navigation instruments of the ships generating possible stranding, collisions, and subsidence that compromise human life and marine ecosystems.
Although the hacker attack by the Russian state was not routed to Maersk, it is an unintended consequence generated by inadequate monitoring and the flexibility of cyber defense.
Although the type of attack is basically the denial of the distribution of the service, the deconfiguration of websites and ransomware, likewise, an intrusion with a cascade effect that could harm ports around the world could occur. Likewise, the attack can also be aimed at this link in the logistics chain. This year attacks were detected at the Port of Barcelona on September 20; five days later to the information systems of the port of San Diego and in July a ransomware attack to the COSCO terminal in the Port of Long Beach.
Currently, few countries and companies are concerned about training their human resources to detect possible attacks and take the necessary measures to avoid them. However, the maritime industry, being the most globalized of the industries, must approach the issue in a much more global way. That is why, the IMO, the EU, and the United States Coast Guard are already preparing regulation on the subject. For its part, the IMO maritime security committee has already added to the code list of security management requirements, cyber security management with strict recommendations that must be adopted from January 2021.
In January 2021, the rules for risk management also come into force. For its part, each of the member countries must endorse, obligate and permeate these guidelines in their national laws and processes. Consequently, if the ships do not adhere to the guidelines, they can be stopped by the authorities of the countries.
