Admit cyber weaknesses to improve resilience

The maritime world should pay attention to a recent internal review by the US Navy that reveals the magnitude of cyber threats it is dealing with. It not only highlights its own major inadequacies in understanding what data has been stolen as a result, the 57-page internal report also found that the navy’s lax digital security jeopardised its activities. This led to leaks of classified intel and material, including plans for anti-aircraft missiles that could take down supersonic ships.

The leaks, according to the report, have not only given tactical advantages to China, weakening America’s military position on the global stage, but also reveals that hackers may have been leveraging weaknesses in its corporate and academic partners to get information about its military activities.

What is important for the maritime industry to pay attention to, with this revelation, is that not only will hackers utilise weaknesses in your own company’s cyber defences, but also those of companies in your supply chain. It is vital that shipping companies assess their own cyber vulnerabilities and those they do regular business with.

Furthermore, perhaps disturbingly or comfortingly, depending on your world view, it shows how even a major military organisation of the world super power can get it wrong.  

I personally find it laudable that the US Navy conducted extensive research into its weaknesses, and admitted them, is a major step in improving its cyber resilience. The first step to addressing an issue is admitting your faults. Shipping, which can all too often write off the scale of threats it faces, or outright bury its head in the sand, must follow suit.

Individual companies and the maritime industry as a whole must do more to assess its weaknesses and make major improvements to the way they approach cyber threats, or continue to be a sitting duck to malware and targeted hackers looking to leverage data or take a cut of the money flowing through our industry.

More importantly, cyber attacks can intentionally or unintentionally shutdown on board operational technology. This could lead to a large scale physical event, such as loss of propulsion or a grounding, resulting in death, asset damage, or pollution. Such an event would carry a high financial and reputational cost to the industry and wider supply chain.

The industry, however, seems reticent to acknowledge such dangers. Our 2018 Maritime Cyber Security survey found that only 7% of respondents felt that operational technology was at risk to cyber attacks.

Shipping must be more transparent and honest with itself about the attacks it is experiencing and its vulnerabilities to better protect against them. We must realise that we are all working towards the same end and collaborate to strengthen our resilience to cyber attacks. While we will never be able to stop all attacks, we can deflect many, and move more swiftly to prevent major damage from the attacks that do break through our defences. 

Our 4th annual Maritime Cyber Security survey, run in partnership with BIMCO and supported by ABS Solutions, looks into all these areas. It asks CEOs, onshore and onboard management and seafarers to share their experiences and views on cyber attacks, cyber training, supply chain and operational technology risk. It is vital we build up an honest picture of the threats we face and identify areas we can improve. The survey is our way of contributing to this effort.

We urge you to spare a few minutes to take the survey by visiting www.safetyatsea.net/news/2019/cyber-survey Entries close on 30th April.