Cyber
Cyber-attacks potentially pose a serious risk to the overall operability of a ship because of the increasing use of onboard IT
Print Friendly, PDF & Email

London P&I Club says the physical risk[ds_preview] to ships from cyber-attack may not be as well understood by shipowners as those threats posed to traditional back-office functions such as accounting, payments and banking.

Philip Roche, a partner with Norton Rose Fulbright, notes that good cyber hygiene, up-to-date firewalls, penetration testing and staff training are routinely deployed in the shipping industry to counter the back-office threat. But he warns that the physical risk to ships themselves is less well-understood by owners.

»Although it might be said that the risk is currently low«, says Roche, »cyber-attacks potentially pose a serious risk to the overall operability of a ship because of the increasing use of onboard IT, even where there is no single network controlling numerous systems and where internet connectivity is low. Examples of such technologies in common use are the Automated Identification System (AIS), Electronic Chart Display & Information System (ECDIS), Global Navigation Satellite System (GNSS) and E-Navigation Systems (E-Nav).«

Roche acknowledges that cyber-attacks causing physical damage are still rare, not least because of the comparative invisibility of shipping to the general public, and the existence of a number of far easier targets for cyber criminals. But he warns that, because ships‘ systems are centrally controlled, because connectivity with the shore is continuous, and because maintenance and diagnostics are increasingly carried out via USB ports in equipment, the risk will only increase.

»It is time for shipping to consider these issues proactively. It is a matter of applying tried and trusted risk assessment methodology. Consider the risks, weigh the consequences and put proportionate steps in place to reduce that risk. IT and cyber-attacks are outside most marine professionals‘ experience, and so help has to be sought from experienced IT consultants,« Roche concludes.