The global shipping industry – much like air, road and rail transportation – is undergoing a technological revolution. From hull cleaning to collision avoidance systems, automation has made incredible advances in recent years. One of the key challenges in the coming years, is how the shipping industry will cope with the growing threat from cyber attacks. “Ships have an opening to the outside world,” Chris South, a senior underwriter for West of England P&I, said at a seminar in Montréal. “And wherever there is an opening there is a vulnerability.”
Indian Shipping Industry and Cybersecurity
Experts in Singapore have urged India to build a strong cyber security system for its shipping sector, saying the country is investing billions of dollars in maritime infrastructure but the enforcement of anti-cyber-attack rules is not as per the need of the hour. Geoff Leeming, partner at Singapore-based cyber security consultancy Pragma, said that cyber-attack was a mega problem for every industry but the shipping sector has just “woken up in the last couple of years”.
“Don’t just wait for a cyber-attack on your ships and maritime infrastructure, for it may be worse than the 26/11 attack in Mumbai,” Leeming said, referring to the November 2008 terror attack in Mumbai and the September 2001 attack in New York. “The shipping industry has to wake up to what they can do about these threats from cyber-attack planners,” he said.
Virtually any company that now relies on these systems is exposed to a cyber-cascade of sorts, where one part of the industry ends up infecting another. So a shipping company’s systems might get infected at headquarters. The infection then spreads to the ship and charterers before moving on to ports and terminals, the logistic companies and ultimately the manufacturing plants receiving the merchandise.
The Indian shipping sector, just like the rest of the world, is low on the use of IT expertise despite a large pool of IT talent in the country. Indian maritime infrastructure development includes privately-owned ports which again are likely “identified” targets for cyber-attack, said Peter Schellenberger, Managing Director of OSERV Private Limited, a global supply chain and services company. Anti-cyber-attack rules and regulations enforcement in countries like India, which is developing multi-billion dollar maritime infrastructure, is lower than the need of the hour.
Consequences of an Eventuality are Alarming
As India develops a large number of ports, it is time to have all the regulatory checks in place. Cyber-attack is a dangerously open game. Governments and the shipping community should expeditiously work on strong security systems.
“Indian shipping companies have started looking into cyber security but it has never been the focus as it should be. Some 95 per cent of Indian exports are shipped which needs a strong cyber security system fully backed by regulations and operating regimes,” Schellenberger said.
Citing expensive learning from painful losses, Leeming highlighted the case of container shipping company AP Moller Maersk. Maersk had said that its revenue loss could be as high as USD 300 million following the NotPetya cyberattack.
Preparedness and Damage Mitigation
To safeguard ships from cyber threats, companies should follow International Maritime Organisation approved guidelines on cyber risk management, which focus on identifying the systems, data and capabilities that pose a risk to operations, when these are disrupted. To do that, companies must implement risk control processes and have the ability to detect cyber events in a timely manner. They must also be able to back-up and restore systems necessary for shipping operations or services impaired following a cyber-event.
(References: Borden Ladner Gervais LLP, The Economic Times, The Maritime Executive)
Sea News Feature, May 7