Written by Steven Jones, Maritime Director, Security Association for the Maritime Industry (SAMI).
As the global focal point for maritime security matters, the Security Association for the Maritime Industry (SAMI) is constantly monitoring any potential security threats over the horizon for shipping. As part of this remit, the Association has turned its attention to the potential cyber threats hidden within the industry.
SAMI recently held a seminar on maritime cyber security (MCS), which saw experts discuss just how soon shipping’s soft cyber underbelly will be exploited by criminals, pirates and terrorists.
At the moment the number of known shipping cyber cases is actually low, as attacks often remain invisible, but these numbers are likely to grow in number and impact.
Ships need to embark on a simple “cyber-hygiene” routine to ensure that many of the more obvious vulnerabilities are dealt with. Thinking about this in plain security terms, locking a door isn’t going to stop the determined criminal but it will prevent opportunist thieves, and may also guard against stupidity of those who may compromise security by accident.
The speakers warned against any feeling of a false sense of security, stating that as ships grow in complexity we can no longer afford to ignore the problem. Indeed there were calls for cyber management and security to be aligned with the traditional notions of managing safety and security.
It was also stressed that shipowners and operators must start by thinking defensively and building in resilience from day one, with IT security policies that are explicit and carry tough penalties for infractions.
The problem of cyber-security might be couched in technological terms, but the solutions are likely to be both technological and cultural. It was also stressed that cyber failings will result in operational and safety issues, there are also potentially significant legal, insurance and liability issues to consider.
Following the conference it was decided that action was needed to further raise awareness on cyber security needs and the potential challenges in the maritime sector.
It was also clear that efforts were required to both understand the problems facing the maritime industry, and to begin to address the development of solutions.
As part of this ongoing work, SAMI is seeking to work with partners on a strategic approach to MCS, while developing processes, plans and procedures which can assist the industry in mitigating risks and managing ongoing threats.
The goal is to raise awareness, to enhance understanding and to work across the maritime industry to drive improvements in the cyber security of people, vessels, cargoes, ports and trade.
Amongst the aims of this approach are the following:
• Develop an accepted definition of “maritime cyber security” and its elements
• Map stakeholders
• Explore and foster coordination, dialogue and cooperation
• Develop strategic aims and objectives
• Raise awareness of MCS needs and challenges
• Develop good practices for the management of MCS
• Align MCS concepts with the challenges of merging physical security and maintaining onboard safety
• Develop a risk-management -based approach for MCS
• Develop an industry wide scheme to identify critical assets which would be affected by MCS
• Understand what the cause, impact and consequences on the assets of MCS issues could be
• Explore the alignment and harmonising of flag State policies
• Specify the shipping, offshore oil and gas, logistics and port roles to manage MCS issues
In addressing the matters of definitions, threats, assets, best management and responsibilities, it is hoped that the shipping industry can work together to begin the process of mitigating the risks posed by cyber security.