INMARSAT: CYBER SECURITY REQUIREMENTS FOR IMO 2021, WHITE PAPER
Developments in connectivity and the transfer of data in greater volumes between ship and shore continue to bring significant gains for fleet management efficiency and crew welfare, but they also increase the vulnerability of critical systems onboard vessels to cyber attacks.
A 2019 IHS Markit/BIMCO report* recorded 58% of respondents to a survey of stakeholders as
confirming that cyber security guidelines had been incorporated into their company or fleet by
2018.
The increase over the 37% giving this answer in 2017 explained a sharp drop in the number of
maritime companies reporting themselves as victims of cyber attacks according to authors – 22%compared to 34%.
However, the enduring feature of cyber threats is their ability to adapt and evolve, with new lines of attack developed as barriers are put in place, and strategies to expose vulnerabilities constantly emerging. A June 2020 White Paper** from the British Ports Association and cyber risk management specialists Astaara suggests that reliance on remote working during the COVID-19 crisis coincided with a fourfold increase in maritime cyber attacks from February onwards, for example.
In fact, cyber security was ranked as the secondhighest risk for shipping in 2019, behind natural disasters, according to a survey of over 2,500 risk managers conducted by Allianz. Given that, according to IBM, companies take on average about 197 days to identify and 69 days to contain a cyber breach, it is clear that an attack on a vessel’s critical systems could threaten the safety of a ship as well as the business of shipping.
The fact that a 2019 Data Breach Investigations Report from Verizon indicates that nearly one-third of all data breaches involve phishing provides one indicator that, where cyber vulnerabilities exist, the ‘human element’ can badly expose them.
The U.S. Coast Guard has already advised ship owners that basic cyber security precautions
should include: segmenting networks so that infections cannot spread easily; checking external
hardware such as USB memory devices for viruses before connection to sensitive systems;
and ensuring that each user on a network is properly defined, with individual passwords and
permissions.
From 2021, the Convention for the Safety of Life at Sea that covers 99% of the world’s commercial shipping will formalise the approach to cyber security permissible for ships at sea. By Internationa Maritime Organization (IMO) resolution, no later than a ship’s first annual Document of Compliance audit after 1 January 2021, every Safety Management System must be documented as having included cyber risk management, in line with the International Safety Management Code.
The following report offers ship owners and managers guidance covering their responsibilities under the new IMO regime and explains how the cyber security solution Fleet Secure Endpoint provides a comprehensive tool to support them towards compliance.
By Inmarsat.
