The Necessity of Effective Cyber Risk Management
by Mr. Mario Eisenhut, October 2023
Cybersecurity is becoming increasingly critical in the maritime industry, an essential part of the logistics chain. Cyberattacks on electronic navigation systems or the main propulsion systems on board ships could potentially lead to the total loss of vessels and yachts.
The International Maritime Organization (IMO) has recognized the importance of cybersecurity and urges shipping companies to protect themselves against cyber risks (IMO Resolution MSC.428(98)). Ship operators must develop effective measures to safeguard against cyberattacks and integrate them into their existing ISM systems.
Shipping companies and yachts equipped with an ISM system on board must demonstrate to their flag state administration, no later than the first ISM office audit after January 1, 2021, that they have assessed cyber risks and implemented appropriate security measures.
The goal of this cyber risk management is to make ship operations more resilient and comprehensively protect against cyberattacks so how can shipping companies and vessel owners effectively protect themselves against cyberattacks?
The first steps are the identification, analyse, and assessment of potential cyber risks followed by the implementation of concrete measures to mitigate these risks on board and onshore.
In practice, the four-stage model for cyber risk management has proven effective for shipping companies:
Assess:
What cyber risks are associated with the ship's operations?
Evaluate:
Are the current measures sufficient, or are additional actions necessary?
Implement:
Define and execute suitable additional technical, organizational, and personnel measures.
Analyze:
Regularly review the effectiveness of measures to reduce and prevent cyber risks
Despite the maritime industry collecting a vast amount of data for purposes such as safety management, productivity, and decarbonization, there are numerous challenges associated with implementing big data in the shipping industry:
Data Transmission: Ships typically have a large number of onboard sensors, each requiring specific communication bandwidth. Therefore, having appropriate data communication for each sensor to transmit information to the database is crucial. A cyberattack on the sensor network could disrupt the entire system and lead to significant business losses.
Data Quality: Low-quality data could result in misinterpretations and incomplete data entry in the database, so high-quality data is ideal.
Data Integration: The current data collection systems in the shipping industry are often inconsistent and unreliable. Data from various sources must be integrated for analysis.
Data Ownership: Data ownership is crucial for the shipping industry, and dividing data ownership and permissions will become more challenging for ship operators in the future.
Data Protection: Sensitive data will likely need to be shared externally due to various interests, making security and data privacy a priority for data protection and maintaining data quality.
Adoption and Standard Management: The industry must embrace big data analytics to understand the hidden features and benefits of available data fully. Creating an environment and awareness among all stakeholders to adopt new technologies, tools, processes, and regulate standards is essential.
Human Factors and Practices: Improving connectivity between ship crews and land personnel in shipping companies will become increasingly important. Data transfer between ship and land and vice versa will increase to achieve optimal operational efficiency and safety.
Business Model: The shipping industry is undergoing profound technological changes, leading to a shift in the industry's business model. This new model will enable the development of a transparent industry combined with knowledge transfer and data-driven systems
Why Cybersecurity Is Essential for Your Business
Cybersecurity has become an increasingly important issue for the maritime and offshore industry due to rapid digital transformation, new threats, and regulatory requirements.
Optimizing operations remains a critical focus, and those who can leverage new technologies and digital solutions will gain a competitive advantage.
Cybersecurity is a critical area of risk because ship operations largely depend on the effectiveness of software-based systems.
Cyber systems for ships and mobile units are classified as either IT (Information Technology) or OT (Operational Technology).
IT systems are generally more mature in terms of cybersecurity, with established procedures, technologies, and training combined with an Information Security Management System (ISMS) – at least onshore. A breach of IT systems can have significant impacts on reputation and finances but typically does not affect the safe operation of your ships and units.
In contrast, OT systems are less mature in terms of cybersecurity, and an attack on OT systems on board can jeopardize the safety of the ship and crew.
The author of the text
Mr. Eisenhut is an experienced professional in the field of risk management and business intelligence, always striving to provide the clients with the best possible solutions for their needs. With his expertise in the areas of security situation reports, and crisis early warning, he helps companies minimize risks and optimize their business processes.
Mr. Eisenhut strengths lie in analyzing complex data and developing strategies to improve business operations. He works closely with his clients to understand their individual needs and develop tailored solutions.
Pictures:
Front picture was provided by the author of the text, Mr. Eisenhut
“Question everything” street art from former Don Side Project in Aberdeen, UK. Picture credit to Ms. Ramona Popa
Detail of the cover page of the Vodafone’s white paper “Near Shore Connectivity”.
Thank you very much Vodafone Roaming for allowing Futureoftheocean initiative to use this picture.
Picture of a stickers on a light post from the Aberdeen Beach Boulevard, UK. Picture credit to Ms. Ramona Popa
Street art in Athens, Greece, Picture credit to Ms. Ramona Popa
Ms. Popa works could be found on FaceBook, Instagram and Etsy – nickname Mony Wee Bonnie.
Support this initiative
Your support and contributions will enable us to meet our goals and improve conditions. Your generous donation will fund our mission.
