Fresh calls for vigilance against cyber-attacks on ships

There have been fresh calls for shipping to be vigilant against the threats of cyber-attacks on board ships, with two prominent marine insurers highlighting the consequences of such incidences.

There have been fresh calls for shipping to be vigilant against the threats of cyber-attacks on board ships, with two prominent marine insurers highlighting the consequences of such incidences.

The London P&I Club has warned that the risks posed by attacks to ships may not be as well understood by ship owners as threats faced by traditional back-office functions such as accounting, payments and banking.

While good cyber hygiene, up-to-date firewalls, penetration testing and staff training are routinely deployed in the industry to counter back-office threats, the physical risk to ships themselves is less well-understood by owners, says Philip Roche, a partner with Norton Rose Fulbright, in the Club’s September StopLoss Bulletin.

“Although it might be said that the risk is currently low”, says Roche, “cyber-attacks potentially pose a serious risk to the overall operability of a ship because of the increasing use of onboard IT, even where there is no single network controlling numerous systems and where internet connectivity is low.

“Examples of such technologies in common use are the Automated Identification System (AIS), Electronic Chart Display & Information System (ECDIS), Global Navigation Satellite System (GNSS) and E-Navigation Systems (E-Nav).”

Roche adds, “Although cyber-attacks can occur deliberately, it seems that currently the risk is principally from the inadvertent introduction of viruses and the like into key systems. For example, a crewman charging a mobile phone from a USB port in the ECDIS system causing a virus to render the system entirely inoperable.

“The ship’s maintenance and propulsion systems are exposed to the same hacking/malware risks and the consequences of cyber-attacks might be potentially severe if key systems are lost at crucial times.”

Separately, the Shipowners’ Club has issued cyber guidance for ship crew, saying that seafarers need to be aware of the problems they can introduce on board as shipboard system become more connected and sophisticated.

In an article on the Club’s website, Steven Jones FRSA, specialist in maritime affairs, consultant and writer, says every ship is potentially vulnerable and so seafarers need to know what is needed and expected of them to keep ships safe and secure.

“Understanding and awareness are key aspects of cyber security. As vessel communication networks carry more data and faster, then this too has an effect and can make ships more vulnerable.”

Jones continues, “Hackers could theoretically target vessels and there is growing evidence that some may have done already. However, the bigger problem is actually what happens on board.

“Viruses and malware can have huge effects; they can render systems inoperable, or make them do the wrong thing. Whether that is propulsion systems, steering, fuel or navigation, everything is vulnerable.”

The article points to a recent survey in which some 43% of seafarers said they had been on a vessel which had its systems affected by a virus - many believed the viruses had been unwittingly introduced by the crew themselves.

Seafarers are not routinely trained in cyber security, and 88% in the same survey claimed they were not aware of how to manage cyber issues on board.

Earlier this year, the International Maritime Bureau (IMB) called for shipping and maritime companies to be alert to the potential commercial impact that cyber-attacks can cause.

IMB said cyber security is not only about trying to identify and to prevent systems on board ships from getting hacked or ‘taken over’. “

There is also a very real danger that emails being sent to and from ships are monitored or altered.This could have huge commercial effects on vessels,” IMB said.

Source: London P&I Club, The Shipowners’ Club.