Suomen Merenkulku 2 ● 20

According to a 2018 report by Futurenautics, 47% of seafarers questioned said that they had sailed on a ship that had been the target of a cyber-attack, but only 15% had received any form of cyber security training. Furthermore, an astonishing 80% of seafarers believed that cyber security was the responsibility of a single person onboard (41% of this number believing that person to be the ship’s master). This mindset needs to change quickly to avoid the potential damage that a cyber-attack can cause to a ship, its crew and the environment. Cyber security is the responsibility of everyone onboard – and the industry needs to move beyond the belief that cyber security is a complicated, esoteric topic. Cyber security risks must be treated the same way as any other threat to safety and security. Cyber security practices can easily be integrated into daily onboard processes and procedures, and should be the priority of everyone onboard. This is the approach taken by Witherby within the Cyber Security Workbook for On Board Ship Use. Developed in conjunction with BIMCO and ICS, this workbook takes a practical stance to cyber security, focusing on the most important component to a safe ship: the crew. As well as outlining the importance of training and offering detailed guidance on how to craft specifi c, tailored training programmes, a holistic and practical approach is taken to all aspects of cyber security onboard. Checklists turn what can be confusing into simple, step-by-step processes and specifi c manageable tasks, designed to make cyber security checks routine. This guide focuses on both IT and OT systems and breaks down complex issues (network segregation, ECDIS security, etc) into manageable and easy to understand tasks. From password protection to the use of personal devices onboard, every aspect of digital life at sea is taken into consideration. Cyber security will become more and more important as ships become more technologically advanced, and the maritime industry needs to act fast to stay ahead of increasingly sophisticated cyber threats. It is hoped that the Cyber Security Workbook for On Board Ship Use will prove to be a valuable tool for every ship at sea to help them stay protected and to enhance crew awareness and vigilance. • FINLANDS SJÖFART J SUOMEN MERENKULKU 25 Machtelinckx’s statement is supported by the number of prominent cyber attacks on the industry in recent years, including on Maersk in 2017 – a ransomware attack that affected over 45,000 PCs across 4,000 servers and cost the company an estimated $300 million – and the attack in November 2019 on James Fisher and Sons PLC, in which unauthorised access to the company’s computer systems resulted in all systems being temporarily taken offl ine. Attacks are becoming more common and are increasing in complexity and sophistication. Andy Powell, Maersk’s chief information security offi cer, explains: ‘The change in threat is very big. In the past, it was small groups of criminals launching cyber attacks on companies. Now, we are seeing a much more structured and organised threat.’ Criminals are increasingly targeting the control systems onboard ship – known as operational technologies or OTs – to gain access to ships’ systems, as opposed to the traditional IT route. These OTs are often overlooked and unprotected, offering an easier route for hackers to penetrate networks. The motivation of hackers has changed as well. Making direct demands for money was, until very recently, the most common motivator, but now hacks are also being carried out to gain access to sensitive information with a view to selling this on. Hacking is a tool of other criminal enterprises, too, with drug traffi ckers and pirates employing hacking techniques to achieve their goals. Drug traffi ckers may manipulate systems that control the movement and location of containers within ports to smuggle drugs within legitimate cargo – for example, the 2013 attacks on the Port of Antwerp. And the increase in global security measures means that acts of piracy are moving from physical attacks on ships to more insidious uses of social engineering for fi nancial gain, as with Gold Galleon, a criminal organisation that uses social engineering to launch attacks solely on the shipping industry. The growing threat has been a wake-up call for the maritime industry, and national and international legislation is being rapidly developed and implemented. In June 2017, the International Maritime Organization’s (IMO) Maritime Safety Committee (MSC) adopted Resolution MSC.428(98), which encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defi ned in the International Safety Management Code), no later than the fi rst annual verifi cation of a company’s Document of Compliance after 1 January 2021. Alongside this, some industry groups including Inter- Manager and Intertanko, have published a set of guidelines interpreting this resolution and giving advice to shipowners and operators as to how to implement it. The International Association of Classifi cation Societies has also just announced the replacement of its 12 cyber security proposals with a set of recommendations designed to aid ships in being ‘cyber-resilient’. However, there is still much more that must be done. The guidelines and resolutions are designed from a top-down perspective and are clearly aimed at onshore ship owners and operators rather than crew, but it is the crew who are on the front line. A Cyber Security Workbook for On Board Ship Use. Produced by BIMCO, ICS (International Chamber of Shipping) and Witherby Publishing Group Witherbys, £175 ISBN: 978 18560 98311