It’s well known to anyone who followed the “Captain Phillips” saga (or saw the Tom Hanks film about the Somali pirate takeover of a container ship) that real-life pirates still hijack vessels, take hostages and seize precious cargo at sea.
But perhaps less widely realised is the fact that “pirates” can attack vessels in other ways, namely through their IT systems.
Like all industries, maritime faces a rising threat of cyberattacks. Increased digitisation and connectivity, as well as the growing use of sensors and the Internet of Things, have led to the explosion.
- Bridge systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
That’s a lot of potential for attacks!
And the risk is very real, especially for more specialised or technically advanced ships, experts say. Even more alarming to me, cyber attacks can work hand-in-hand with the more traditional form of piracy, to great success for the perpetrators:
“Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.”
That scary rundown was published in a 2014 Reuters article, and the threat situation has only grown.
The maritime industry needs to be connected, no doubt. Vessels need to improve efficiency, streamline operations, better coordinate with staff on shore, gather data and improve decision-making to stay afloat in today’s market.
And that requires connected IT and operational technology systems. Unfortunately, that also requires preparing for the threats those systems invite.
The IMO recommends the following steps to stay on the safe side:
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
- Protect: Implement risk control processes and measures, and contingency planning to protect against a cyberevent and ensure continuity of shipping operations.
- Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyberevent.
- Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyberevent.
Of course, these are the types of best practices that other industries have been investigating for years (and we’ve been helping clients in healthcare, retail, life sciences and many other fields achieve them).
It’s clear as the maritime industry – and, apparently, the pirate industry – moves into the digital age, the challenge of cybersecurity will be an important one to tackle.
Over the next few months, I’ll be discussing the process of IT modernisation in the maritime industry and hopefully bring to light some new ways of thinking about this industry. Join me on the journey, and please add your thoughts here on the blog space or by connecting with me on social media (LinkedIn). I look forward to interacting!
Anna Cebaseva, a CSC client relationship executive supporting global engagements in maritime, brings a new perspective to this historic industry. As the only services integrator with a dedicated maritime focus, CSC offers leading solutions to maritime organisations navigating the journey to the digital enterprise.