Cyber Security in Maritime Industry

In the last years Cybersecurity has become a crucial topic for the maritime due to increased cyber threats, changes in regulatory requirements, and the development of information technologies that seriously affect data protection, systems, safety of the crew, vessel, cargo and even ports. Cybersecurity is especially a critical risk area, as operations of the vessels are highly dependent on the effectiveness of IT systems.

Why cyber security is so important in maritime?

  • In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should consider cyber risk management in accordance with the objectives and functional requirements of the ISM Code
  • New technological tools, increased automation and vessel digitalization are enabling maritime companies to be more efficient. On the other side, companies must develop a security framework in order to ensure safety of the crew and vessels.
  • New threats came along including unauthorized access, malicious attacks to ship’s systems, loss of hire due to malware contamination, invoice fraud in the port, etc.

Recent studies have shown that even now the issue of cybersecurity is not a priority for companies.

  • 96% of respondents plan to modify the cybersecurity strategy due to COVID-19,
  • 50% say that they are more likely to take cybersecurity into account in every business decision, compared with 25% in 2019.
  • 51% of CEOs say that they are more likely to have frequent interactions with the Chief Information Security Officer (CISO). 
  • 51% of executives said they plan to hire full-time cybersecurity staff
photo_middle_maritime

Where should you start to improve your cyber security? Prepare an Action Plan.

The risks and vulnerabilities associated with today’s technologies and information flows go well beyond conventional IT thinking. A cyber-attack can affect the ability of a shipping company to fulfill its goals and objectives. Security breaches are a costly distraction from core business activities; at worst, they can lead to catastrophic failure. Success needs a holistic solution. Our team of experts may support you by performing the following necessary steps to security: 

 

  1. Develop Cyber Security Strategy
  2. Clearly define stakeholder responsibilities and risk ownership
  3. Determine Cyber risk management framework:
    1. identify the roles and responsibilities both ashore and on board
    2. identify systems, assets, data, and capabilities, which if disrupted, could pose risks to the ship’s operations and safety
    3. implement technical and procedural measures to protect against a cyber incident and ensure continuity of operations
    4. implement activities to prepare for and respond to cyber incidents.
    5. identify threats and vulnerabilities
    6. adopt a comprehensive and consistent approach to assess risk exposure
  4. Increase Employee awareness & cybersecurity training plans for onboard and onshore employees
  5. Review and update policies and procedures
  6. Understand the technical elements of incident response and breach documentation
  7. Create integrated business continuity and disaster recovery processes
  8. Prepare a Gap Analysis to determine possible vulnerabilities
  9. Perform a cyber vulnerability assessment/penetration test

 

Mazars can offer guidance to shipowners and operators to maintain the security of cyber systems in the company and onboard the ships. We have developed a well-defined cybersecurity solution that is customized to meet your requirements for a thorough and highly analytical cybersecurity assessment.

 

Valentini Konsta

Senior Manager, Consulting Services, Mazars

Want to know more?