Shipowners need to get more cyber aware, says UK P&I Club

Constant monitoring - in excess of 230
Constant monitoring - in excess of 230

The UK P&I Club has told IHS Markit that the maritime industry must get a grip on the threat posed by cyber-attack.

Speaking after the club issued guidance to members in the need to be more cyber aware, the club’s director of loss prevention Stuart Edmonston said the sector was viewed as having a particularly high level of exposure to cybercrime given its international nature.

“Since the beginning of time merchant ships have been targeted by a number of different foes,” he explained. “From pirates of the Caribbean in 1700s, to modern-day warfare, commercial shipping has suffered horrendous losses, in the main due to its utmost importance to global trade and industry.

“Of course, our modern-day enemies – the cyber hackers – cannot be seen or engaged with in the traditional way. Most shipping companies are international and rely heavily on overseas third party service providers and contractors to conduct their business internationally, they are simply not secure and therefore unprepared for an attack of this kind, the industry in general remains proactive rather than reactive to the risk of cybercrime.”

Looking at the specifics Mr Edmonston said the rise in malware was a particular problem for owners and shipping firms alike.

“I understand from outside sources that in excess of 230,000 new viruses are created each day and that it is commonly accepted that only 5% of this malware is successfully stopped by anti-virus software,” he added.

“The shipping industry urgently needs to address these issues and to understand that cyber risk is not just an IT problem, and it cannot only be solved by an IT solution. Shipowners and operators should have the same level of preparedness as they do for safety, shipboard security, and the environment. All levels of the company need to be involved, management and staff ashore as well as shipboard personnel.”

One of the key issues for shipowners remains the international nature of seafarers and crew and the fact that in port vessels will see officials and workers come aboard vessels.

He said owners needed to ensure that crews were briefed in their responsibilities to take steps to protect on board systems from attack.

“Shipowners, operators, and managers need to implement a cyber security plan and adopt cyber risk management as part of their business and on board cultures,” explained Mr Edmonston. “Ideally, this should be incorporated into their existing ISM procedures. The USA has recently announced plans to introduce cyber security legislation that would affect all ships entering US waters, which would require shipowners to voluntarily report on prevention, management, and response to the threat of cyber security.”