The shipping industry must get better at sharing information to face fast-moving modern safety and security risks Tanya Blake, editor, Safety at Sea
Safety and transparency go hand in hand. Without masters being clear and open in their communications to crew accidents are more liable to happen, without seafarers sharing near-misses the same mistakes will continue to be made and serious safety issues not resolved. Furthermore, accident reports being shared via organisations such as the UK’s Marine Accident Investigation Branch AIB and similar global agencies allows us to collectively learn as an industry and serve as a way to raise standards and develop best practice.
However, there remains a reticence in the industry to open up about some of the biggest safety and security issues it faces today. It recently came to light that in February 2017 a container vessel was hacked and lost control of its navigation system for 10 hours (read more on p6). This kind of cyber-attack brings home the reality that ships have vulnerabilities that hackers can exploit, yet it fell to an industry source who wanted to remain anonymous to make the event known to the wider shipping community. The very fact they did not want their identity shared reveals fears of retribution for sharing such information. Yet without them we would be none the wiser about the attack and less alert to the risks it revealed.
Part of the reticence undoubtedly comes from company’s fears over reputational damage and loss of earnings. These fears must be put away as other industries including the aerospace and utilities sector have been sharing cyber attack information inwardly for years without such damage occurring. Instead it helps to build up an awareness and resilience to what is previously an unknown threat. Revealing information about an attack can alert others to specific dangers and prompt them to fix similar gaps in their cyber security.
This approach should run right through the chain, from crew reporting if they accidentally opened up a dangerous file, or got drawn into a salacious digital ransom situation, to masters telling the ship owners about a potential problem in the fleet, to ship owners sharing that information with its entire fleet, onshore staff, and with other ship owners. This should all be done without fear of retribution – being open and honest should be met with reward not punishment as it will help to create a stronger, safer, more resilient shipping industry. However, anonymous reporting services such as the CSO Alliance’s Maritime Cyber Crime reporting portal offers a safe space to do so in the meantime.
Change is coming whether we like it or not and burying our heads in the sand is not an option. Ships will continue to become more digitally connected as the operational benefits of smart shipping outweigh the risks. Shipping must decide, however, whether it wants to be the strongest or weakest link in the global supply chain when it comes to cyber security – and it may not be a choice for long.
Norma Krayem senior policy advisor & co chair of cybersecurity and privacy team at international maritime law firm Holland & Knight told SAS that if ships decide to not comply with the recently strengthened Cybersecurity Information Sharing and Coordination in Our Ports Act bill and disclose cyber-attacks to the USCG or Homeland security then in a year's’ time spot checks in US ports could begin to ensure compliance.
Whether we like it or not, it is about time the maritime industry started following the example of other sectors and be open to discussing, in detail, the modern safety and security threats they are facing. Dragging our heels will only expose companies and crew to more risk.
Seafarer’s have their say
Each month SAS is running a survey to get crew’s views on key issues affecting seafarers. See the results of this month’s survey on p16. If you want to sign up to take part in the SAS monthly survey please email firstname.lastname@example.org with the subject line ‘survey’.