The UK government has launched a code of practice for shipping on how to deal with the threat of cyberattack.
The Cyber Security Code of Practice for Ships is aimed at ship operators, shipowners, and crew and was presented by Lord Callanan, parliamentary undersecretary for aviation, international and security at the Department for Transport, during a cyber-security event hosted by Inmarsat as part of London International Shipping Week.
The guidance deals with helping shipping companies develop a cyber-security assessment and plan; devise the most appropriate mitigation measures; ensure you have the correct structures, roles, responsibilities and processes in place, and manage security breaches and incidents.
The code also examines which national and international standards and regulations that it says should be followed and reviewed.
With input from the Maritime Accident and Investigation Branch, the Maritime and Coastguard Agency and the recently created National Cyber Security Centre, Lord Callanan said the guidance complements work being done by the International Maritime Organization (IMO) on cyber-security.
The hope is that responses to cyber threats are integrated into a company’s risk management system.
Similar guidance was produced in 2016 for the ports sector.
Although the guidelines will be welcomed by the UK maritime industry, cyber-crime is a global threat and the problem needs to be tackled on an international level, such as IMO, the audience heard.
During a question-and-answer session held after the presentation, Inmarsat’s senior vice-president, safety and security, Peter Broadhurst, defended the IMO’s record on tackling the problem. “The IMO is there to allow the free trade of shipping safety around the world. Many countries are coming up with their own sets of regulation. That makes it very complicated for and difficult for a ship entering a member state of the IMO to meet the local regulation if there’s no global regulation. So the IMO’s role is to try and allow free trade by keeping the member states on a level par and allow ships in and out safely and not interfere with local regulation.
“They produce guidelines, which are a good start, but it’s the countries that make decisions and submit papers. There will be more papers submitted and eventually we will come to a level playing field that the IMO will agree, which they can pass on to the class societies and to shipowners. The IMO is not the quickest institution in the world, but it is starting to move in the right direction,” Broadhurst said.
Another major challenge in tackling the problem is finding the perpetrators.
Lawrence Munro, a cyber-security with Spiderlabs explained the challenges faced in prosecuting those committing cyberattacks. “If you consider the different legislations in different countries, trying to co-ordinate efforts to tackle cyber-crime can be very challenging.
“For example, an attacker can be in one country, using servers in another country to attack a completely different country’s system. Authorities need to work out which legislations have been breached, and there’s no international code of conduct to fall back on.”