A force to be reckoned with

Anna Marie-Antoniou examines the cyber security threats facing the industry in 2018

Throughout 2017, the shipping industry experienced a number of cyberattacks. Most notably, A.P. Moller-Maersk in June, BW Group in July and, more recently, Clarkson’s PLC who reported in late November 2017 that they were subject to a cybersecurity incident. It is almost certain that the frequency of these incidents shall increase. It is worthwhile noting, however, that being proactive towards these potential threats is the most effective approach. This can be achieved by anticipating such events and being better equipped to deal with them.

Technology is reshaping the shipping industry, but it is ironic that the opportunity for cyberattacks has also greatly increased with advances in satellite communication, connectivity, and more digitisation. There are simply too many moving parts to control, monitor, and protect.

Autonomous and unmanned vessels

There is concern that autonomous and unmanned vessels are more susceptible to cyberattacks, specifically being targeted for cyberterrorism. The fear is real because if the system is hacked, and there is no on-board crew, complete control of the vessel is turned over to the hackers. That could mean unloading valuable cargo or deliberately causing a collision. Cyber liability for these vessels is also a concern; international shipping law, such as the IMO’s Convention for the Safety of Life at Sea (SOLAS) and the Regulations for Preventing Collisions at Sea (COLREGs) state that vessels must be properly manned otherwise they cannot enter international waters. The IMO is looking at updating this law, but a key issue will be how the liability of vessel owners is impacted when an autonomous vessel suffers a cyberattack and causes damage when under the attackers’ control. Such vessels will have the most sophisticated protection systems in place, but more advanced and complex technology can also be more sensitive and vulnerable.

Piracy

Pirates can target high value cargo if they have access to the vessel’s itinerary and manifests. Cyberattacks could become a useful tool for pirates, in more ways than one. Data could include information on the vessel’s counter-piracy measures, which would allow them to know what and where to target and, crucially, how to target.

Insurance Contracts

There is a plethora of legal fields that cybersecurity affects but, when one considers cover for the risk associated with an attack, it is insurance that comes to the forefront. Standard insurance contracts generally exclude cyber risk but are also not an appropriate or adequate form of cover for damage resulting from an attack. Development of a comprehensive cyber policy is required, and no doubt all maritime contracts and shipping law will have to be drafted with the co-operation and input of the IT and AI sectors.

IMO Guidelines

Recognising the need to raise awareness of cyber risks and to expedite the work the maritime industry is doing to safeguard shipping from such threats, the IMO issued guidelines on the issue and adopted the Resolution on Maritime Cyber Risk Management in Safety Management Systems. By 1 January 2021 vessel owners must include cyber security into their ship safety measures as part of the ISM Code. A group of prominent industry associations including BIMCO, INTERTANKO, IUMI and others have also issued Guidelines on Cyber Security Onboard Ships which the IMO supports, so that an international effort is being made to combat the problem.

2018 will see the development and implementation of new technologies, but it will also see the continuation and increase of cyberattacks. Maersk is an industry leader, and yet in June 2017 it shut down IT systems across multiple sites and units with the attack costing USD 300 million. The industry needs to think about a co-ordinated international approach that is proactive rather than reactive. At minimum, an international legal framework must be established that requires participants in the industry to follow agreed standards on cybersecurity systems and practices as well as attack response.

This article was originally published in the Marine Trader, IMPA’s official journal for maritime procurement and supply chain management, in issue 01 of 2018. Head over to www.impa.net to find out more or simply read new issues on the go with the MT Journal app.