Leading shipping organizations have come together to tackle cybercrime by publishing the first set of guidelines designed to help their industry deal with this growing threat.
BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO, as well as other partners, have developed the document in response to new risks that have emerged with technological innovation.
Now that ships are more connected to one another and the web than ever before, the industry has come to appreciate that this also makes their vessels and operational infrastructure a prime target for cyberattacks.
“The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant,” the authors of the paper noted.
“Approaches to cybersecurity will be company and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations.”
“Approaches to cybersecurity will be company and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations.”
The main focus of the paper, therefore, is to ensure key stakeholders in the industry – such as ship owners and operators – are not only able to assess how secure they are, but to implement processes and systems that will protect them from attacks.
A risk-based approach should be initiated “at the senior management level of a company”, the coalition of shipping organizations advises, as opposed to the head of the IT department or a ship security officer taking up this responsibility.
Understanding the unique features of this type of threat is not easy, the authors admit, as there is a decided lack of historical evidence, as well as the reporting of cyber-incidents experienced by the shipping industry.
Nevertheless, there is enough information out there that offers insight into, for example, the motives and techniques of certain attackers (such as criminals spurred by financial gain or activists inspired by causing reputational damage).
As such, the shipping industry will not be immune to common aspects of cybercrime like social engineering, ransomware, botnets and phishing.