Facing the cyber threat

Shipping begins to take cyber crime seriously.

International Maritime Cyber Crime Conference: Analysis

By Malcolm Warr

Last week, the maritime community came together for the International Maritime Cyber Crime Conference in London, expertly organized by Caroline Fuller. As shipping becomes increasingly aware of the risk of cyber attack in its many vectors, the industry is finally facing up to the dangers it faces.

The central questions discussed were how the industry as a whole can learn from other the approach taken by other industries and the lessons that can be learned, including the need for accurate feedback on cyber attacks at sea, in ports and harbours and the wider maritime community. Understanding those and appreciating the level of risk involved will ensure that the community as a whole can develop policies and tactics to mitigate any possible threat or vulnerability.

In summing up the conference, a list of top tips was created to assist the industry.

Top tips to improve Maritime eResilience

• The UN, Governments and Flag States should undertake a fundamental look at its methods of maritime cyber regulation as well as what types of regulations are needed and where.

• Shipping entities must retain an offline option for all the main services which interact with other trading parties

• There is an urgent and progressive need to consolidate the existing awareness raising campaigns around maritime cyber security into one coherent set of messages along an international campaign.

• The effectiveness of the reporting channels for victims of cybercrime at sea need to be improved and made transparent.

• Larger maritime businesses need to be encouraged to support the smaller maritime businesses in their supply chains in order to adopt effective holistic and integrated cyber resilience practices.

• Law enforcement should have a central place in the UN’s Maritime Cyber Security Strategy and in particular law enforcement aimed at protecting the maritime business community. It should include a UN commitment to better survey and record the scale of cyber crime against the maritime community as part of the official international crime statistics.

• Governments need to commit more resources to enforcement against cybercriminals and take the cybercriminal threat at sea more seriously.

• Larger economic infrastructure providers such as financial intermediaries should be liable for losses as a result of maritime cybercrimes.

• On a general point and internationally, cyber resilience needs to be taught in schools alongside the other aspects of ICT. Basic digital skills – including how to stay safe and secure online, should be embedded in the curriculum as a core part of the functional skills that every young person should acquire during their education.

Additionally, in the UK, small business members of the maritime community should be able to use the information security provisions and advice offered by the new UK National Cyber Security Centre.

There was much talk of ‘sea blindness’ and the apparent lack of knowledge and awareness shared by much of the population in terms of information security and cyber crime. As a result, many are unaware of the potential risks posed to the maritime industry.

Many reiterated the Seafarers UK theme that, “The maritime industry is one of the oldest in the world and today remains the number one means of bringing vital food into the UK, as well as most other household items from phones to fridges, iPads to irons. Yet most people don’t understand how much seafarers do for us. Not just importing food and other goods but also exporting UK-made produce, keeping shipping lanes open and protecting the UK’s interests at home and abroad.”

The chairman restated the point that a single 20-foot container can hold approximately 48,000 bananas – so in theory the average container vessel can carry approximately 746 million bananas in a single voyage, which would be enough to give everyone in Europe and North America a banana for breakfast. The loss of just one ship through (say) a malware attack on its control systems or its ship/shore communications would have a serious and disproportionate effect.

The conference also discussed the technology/human factors balance with many delegates from all parts of the maritime community concerned about over reliance on automated systems at sea and:

CYBER TRAINING, EDUCATION, AWARENESS emerged as the issue that worries seafarers most

As one delegate pointed out.

“It makes sense from all viewpoints to practice resilience and cyber awareness. This might include, in certain countries, complex and multifaceted CNI exercises which embed the maritime infrastructure.”