The maritime industry has been hit with a couple of major wake-up calls in recent months, regarding cyber security and its impact on global shipping. In the very near future, effective cyber security programs will be as essential and important to safe operations in shipping as fire or evacuation drills.
Here is what you need to know.
Global Cyber Attacks
Chances are you heard about the WannaCry and Petya viruses or at least experienced their effects. Nearly every nation found some aspect or facet of operations impacted by these cyber attacks, which utilized weaknesses in Windows servers and operating systems to hijack computers. With nearly 90% of all international trade occurring by sea, when a juggernaut like Maersk gets hit, the wake is wide. That one company alone saw disruptions in the US, India, Spain, and the Netherlands.
Most operations either occur digitally or have a computerized/automated component when it comes to shipping. Outdated systems were not prepared for viruses of that scale. The security flaws utilized in those attacks had been patched by Microsoft, but many systems had not been updated or used software that was too outdated to even be supported.
So many people around the globe, not just within the maritime sector, but also in hospitals, in the skies (like FedEx) and others, did not realize the real importance of those software updates. That is, until they saw their systems overtaken by ransomware. Hackers are like digital pirates: some of them feel they hack for good (“hacktivists”), others for personal profit, and others just to create chaos. They may even be nation-actors, as is suspected in these viruses.
Whoever is behind it, it is terror on the high seas.
Another aspect of cyber security that many in the maritime industry may not have seen coming has to do with shipper responsibility. In the United States, President Trump issued an Executive Order that essentially made each industry and the heads of departments responsible for their own cyber security. In response, the US Coast Guard issued a Navigational and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities. A request for public comment is in effect until September 11 of this year.
There are some important points to consider, internally, which may be worthy of comment, based on inspection of these points in relation to one’s organizational operations:
- The extent of the digital infrastructure, all of which may be vulnerable: ports, port operators, vessel operations, shipping containers, etc.—anything with a computerized component.
- The possibility of injury, harm or damage to the maritime, shipping and port infrastructure, and supply chains.
- The fact that any such loss could be exempt from long-standing statutory and legal liability limitation if the delay or damage occurs as a result of failure to follow industry best practices for cyber security.
- The common misconception that cyber security is the responsibility of IT or technology departments or providers.
- The likelihood that the US and other nations will continue to double-down on accountability, wanting the maritime sector to solve their own cyber security needs.
Unfortunately, cyber security attacks will continue, and most likely escalate. Copycat actors abound, and when vulnerabilities are exposed, other criminals jump on the bandwagon.
Effective cyber security monitoring, in conjunction with an actionable preparation plan, will be the only defense. Think of it as installing fire safety mechanism for the 21st century (at some point sprinkler systems, fire doors, and other fire safety features were also new). Cyber security is just as vital and necessary to the protection of personnel and assets: it is time to get cyber safe.