Cybersecurity – Critical Issue in Maritime Industry

Cybersecurity – Critical Issue in Maritime Industry

This post is also available in: heעברית (Hebrew)

An IT expert points out at various cyber security threats in the shipping field. Frank Coles, the CEO of Transas, a developer and supplier of a wide range of IT solutions for the marine industry, called for the International Maritime Organisation (IMO) to set standards of compliance for the communication connections between ship and shore or else create a significant cybersecurity risk.
Coles delivered a keynote speech on Connected Ships & Cybersecurity at the Shipping Insight Fleet Optimization Conference in Stamford, CT earlier this month. Key points appeared in Transas’ website.
Cybersecurity is without a doubt a highly-debated topic in the maritime industry. Coles opened by stating that compared to the highly regulated ship equipment environment, the connectivity environment is relatively uncontrolled in terms of maritime certification and compliance.
“The connected ship is like a long chain, with each piece linking to the next and at every point there is the opportunity for a failure. It can be hardware or software or both and it can be a cyber virus penetration or simply a denial of service, either of which can cause damage,” he explained.
The essence of cybersecurity is a smart information technology system, process and procedures and therefore standardization and regulatory controls for the ship’s systems need to include connectivity.
“Before we get to unmanned ship discussions, we should recognise that although connectivity is not new, what is new is the connection in smart shipping. There are international maritime standards for GMDSS (global maritime safety procedures) or AIS (Automatic Identification System on ships), but for the big data nothing exists. This means the cyber security risk is left to each satellite operator, each service provider and each hardware manufacturer,” Coles stated.
With the current growing demand and use of the Fleet Operations Centres ashore, operating alongside the Vessel Monitoring Services of the various government bodies, the security of connectivity is going to be very important, and the industry is going to need contingency plans in the event that the link is broken.
“This is where the human will become important, both on board and in the monitoring centres, as they will be able to communicate with each other and maintain a safe environment,” said Coles.
“It is time for the IMO to apply the same standards of compliance used for GMDSS, ECDIS and other bridge equipment to the standard communication networks and equipment. If these networks and the associated equipment is going to be used for operational, remote management and technical decision, it must be cyber secure and compliant with a global set of international maritime standards. Until then we will have a cyber risk associated with a non-standard approach to connectivity,” Coles concluded.