In recent years there has been a great deal of talk, and what some may have felt was doom saying, about the possibility of major cyber-attacks in shipping. However, since the world’s largest container ship operator, Maersk, was struck with multiple attacks on 27 June the sector has had a very loud wake-up call.
The incident looks set to have a far-reaching impact, not just for Maersk and its profits but for the industry as a whole. John Gallagher, senior editor at Fairplay, wrote that this event could speed up the development of US cyber policy in light of larger concerns around national security and wider economic impacts.
Meanwhile, it could also spur on the shipping sector to take stronger action. As Jordan Wylie writes, “being unprepared is not an excuse” anymore. There are likely hundreds of cyber-attacks in the shipping sector that go unreported and brushed under the carpet, most likely to protect company reputations; this is not sustainable and is more damaging in the long run. Simple policies and staff training can help to strengthen defences.
Shipping should also take a leaf out of the aerospace sector’s book, which has a much more proactive and open approach. The UK’s Aerospace Technology Institute released a statement in March this year which said that “cyber security cannot be dealt with in isolation, it’s a shared responsibility” that requires global collaboration and sharing of intelligence. The government-backed organisation has organised consultations with cyber security specialists from the aerospace sector and is formulating an industry-wide technology strategy.
The CSO Alliance is currently working on an anonymous cyber-security reporting platform in collaboration with P&I Clubs and a major European aeronautics and cyber-industrial company. Mark Sutcliffe, director of CSO Alliance, told Safety at Sea, “Humans can report and share incidents faster than worms move through computers , so once we see breaking issues, within our world we can analyse share and help to protect.”
Christopher Henny, contracted project manager for the Airbus Defence and Space Maritime Cyber incident reporting system, told Safety at Sea that the Maersk cyber-attack proved that even governments can no longer work in isolation. “This must be a collective solution between all the actors, States, commercial, and industrial as it is a global phenomenon that knows no borders,” said Henny. “The maritime market is also global and many of the Flag states do not have their own cyber incident reporting centres so regional solutions will only solve a minority of the problems.”
Ports and maritime assets will need to take an increased level of precaution, and boards must now take the threat seriously and put cyber security high on the agenda.
Henny added, “While this wave of attacks focused on shore-based servers, as companies move toward cloud computing the potential for ships' systems to be compromised is growing.”
As we take steps to become more resilient to future cyber-attacks it is clearer than ever that speed, stronger regulations, information sharing and training will be key to tackle this ever evolving threat.