A leading cyber security expert has said that the international Maritime Organization’s (IMO) decision to defer the implementation of cyber security regulations is a “real failure of leadership”.
Speaking at London International Shipping Week’s security event in the Cavalry & Guards Club in Piccadilly, Andrew Fitzmaurice, chief executive at cyber-security firm Templar Executives, told delegates that the industry is in serious danger from organised criminals.
“Serious organised crime, the clue is in the name, very serious, very organised unless you have and have invested in some really good kit and really good training and really good people you will not detect them, you will not know they’re there,”
They skim companies, take little bits out of companies a little bit at a time, so they want you to be very successful, so that’s something to remember, that just dong the bare minimum is not enough in this space to get on top of the cyber agenda.
Fitzmaurice, believes that one method for vessel owning and operating companies to protect against cyber-crime is to make certain that the staff that take care of IT and those engineers that maintain ships should not be in different departments, but rather the teams should be integrated.
“One group should be looking after the integration [of systems]” said Fitzmaurice.
According to Fitzmaurice, Ciaran Martin of the National Cyber Security Centre said “If we don’t get cyber-security right the fundamentals of our economy and our way of life could be challenged, people laughed at that when it came out in the press, in March, then WannaCry happened, and for the first time British people were inconvenienced.”
For ten years infrastructure has been under serious attack and the challenges over that decade has increased immeasurably, by 2020 the global cost of cyber-crime is expected to reach GBP2.4 trillion.
“Euthanasia for legacy systems is good,” in this context said Fitzmaurice. Getting rid of old systems makes the hackers work a little harder, Fitzmaurice pointed to the Talk Talk system which was hacked into by a 15-year-old boy, that system, he said, was 17 years old.
“Cyber moves at the speed of light, there are a million new bits of malware every day if you put in what you have now it will be out of date by next month, but you have to draw a line in the sand… and you [the industry] is waiting until 2021 to introduce regulations?”