Cyber Security in Maritime Industry
Why cyber security is so important in maritime?
- In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should consider cyber risk management in accordance with the objectives and functional requirements of the ISM Code
- New technological tools, increased automation and vessel digitalization are enabling maritime companies to be more efficient. On the other side, companies must develop a security framework in order to ensure safety of the crew and vessels.
- New threats came along including unauthorized access, malicious attacks to ship’s systems, loss of hire due to malware contamination, invoice fraud in the port, etc.
Recent studies have shown that even now the issue of cybersecurity is not a priority for companies.
- 96% of respondents plan to modify the cybersecurity strategy due to COVID-19,
- 50% say that they are more likely to take cybersecurity into account in every business decision, compared with 25% in 2019.
- 51% of CEOs say that they are more likely to have frequent interactions with the Chief Information Security Officer (CISO).
- 51% of executives said they plan to hire full-time cybersecurity staff
Where should you start to improve your cyber security? Prepare an Action Plan.
The risks and vulnerabilities associated with today’s technologies and information flows go well beyond conventional IT thinking. A cyber-attack can affect the ability of a shipping company to fulfill its goals and objectives. Security breaches are a costly distraction from core business activities; at worst, they can lead to catastrophic failure. Success needs a holistic solution. Our team of experts may support you by performing the following necessary steps to security:
- Develop Cyber Security Strategy
- Clearly define stakeholder responsibilities and risk ownership
- Determine Cyber risk management framework:
- identify the roles and responsibilities both ashore and on board
- identify systems, assets, data, and capabilities, which if disrupted, could pose risks to the ship’s operations and safety
- implement technical and procedural measures to protect against a cyber incident and ensure continuity of operations
- implement activities to prepare for and respond to cyber incidents.
- identify threats and vulnerabilities
- adopt a comprehensive and consistent approach to assess risk exposure
- Increase Employee awareness & cybersecurity training plans for onboard and onshore employees
- Review and update policies and procedures
- Understand the technical elements of incident response and breach documentation
- Create integrated business continuity and disaster recovery processes
- Prepare a Gap Analysis to determine possible vulnerabilities
- Perform a cyber vulnerability assessment/penetration test
Mazars can offer guidance to shipowners and operators to maintain the security of cyber systems in the company and onboard the ships. We have developed a well-defined cybersecurity solution that is customized to meet your requirements for a thorough and highly analytical cybersecurity assessment.
Valentini Konsta
Senior Manager, Consulting Services, Mazars