A new code of practice has been launched by the UK government aimed at helping ship owners improve and tighten security. This decision came as a result of the growing threat that cybercrime poses as it continues to spread and this time around to a much more bewildering place, the shipping sector.
The term ‘cybercrime’ to most people, just gives a mental story of data theft, hacking of firms, database, networks, accounts amongst many others. But the level of which cybercrime has reached, the possibility of hackers trying to hack or take control of huge machines in our physical world shouldn’t be overlooked.
Transportation assets such as cars, planes, ships at sea, as well as, trains are all likely targets of cybercrime.
Numerous studies and incidents have proved that the shipping industry is subjected to major cybersecurity risk. Over the years, ships have been used as a mode of transport for goods all over the world. However, this industry is dependent on computer systems alongside people and technology.
They are monitored and controlled remotely from shore-based facilities to ensure efficiency and this creates a possibility for hackers to conduct targeted cyber-attacks on ships.
A 2016 Safety and Shipping review in the UK pointed to the potential risk of hackers relying on cybercrime to target ships and other vessels and also warned that, the shipping agency needed to protect itself against the threats that cybercrime poses.
It elaborated on cybersecurity incidents which involved hackers infiltrating cyber systems in ports to locate a specific container of which some were loaded with illegal drugs, while others with weapons.
“There are … indications pirates may be abusing holes in cybersecurity to target specific targets,” it stated.
It, however, mentioned another form of cyber-risk information paper which stated that “the risk of a loss to a ship as a result of cyber disruption is foreseeable, but is not yet a reality.”
The Cyber Security Code of Practice for Ships was launched at the London International Shipping Week by Martin Callanan, the Parliamentary under secretary for aviation, international and security at the Department for Transport.
He stated that cyber security was gradually increasing which has become a concern for many industries in the economy and that cyber threats have no limits.
“Ship owners and operators need to understand cybersecurity as industry dependence on IT systems grows amongst the development of autonomous vessels,” he said.
“These developments will make the industry more vulnerable, even on the small scale – consider the threats posed by compromised ships.”
This Cyber Security Code of Practice was developed by a joint operation with other government departments. It was launched after a publication was made on a study of Futurenautics, in the interest Inmarsat, a maritime satellite operator into the risk of shipping cyber-attacks.
This will provide guidance on cybersecurity and also promote good practice and habits for ship owners.
According to the publication, ship owners were concerned about attacks with 44% of those questioned believing that, their IT system was powerless when it came to protecting them.
In addition, 39% of operators also stated that they had experienced attacks in the last 12 months. The remaining 61% was however not ready to make any form of comment, insinuating that the figure could be higher.
Peter Broadhurst, the Senior VP for safety and security at Inmarsat Maritime stated that the problem couldn’t be solely attributed to poor infrastructure, but also insufficient crew training.
“95% of cyber problems are the result of individual crew members using insecure devices that are full of malware,” he said.
“Crew may come aboard with a hard drive full of videos downloaded from a site plagued by malware; they access the ship’s Wi-Fi network and the malware penetrates the whole vessel,” he added.
He continued to say that, an engineer could need at most 24 hours to fix the problem and that even though technology can help, once the problem comes to light, there is more needed to be done to fully inform those at sea.
Mr. Broadhurst signed out by saying ship owners accept the fact that threats are a reality and also accept the fact that IT was just not an optional ‘plan B’ but a very vital infrastructure.
“Ships need to improve their cybersecurity by 2021,” he stated.
“Failure to do this could lead to ships being impounded.”