Monday, August 15, 2016

Understanding Cyber Incidents

In International Shipping News 12/08/2016
BIMCO 290x242
It is a regrettable fact that the convenience, productivity and efficiencies brought to everyone by modern connectivity and electronics, also bring with them a whole range of new vulnerabilities. Cyber crime, in all its various manifestations, is now a recognised risk and the shipping sector, like shore side industry, has to address this.
A first for the shipping industry, The Guidelines on Cyber Security Onboard Ships, was launched only last week and provides clear and comprehensive information on cyber security risks to ships. Developed by BIMCO and colleagues from CLIA, ICS, INTERCARGO and INTERTANKO, with expert support from a wide range of stakeholders, the guidelines will enable shipowners to take the right decisions to defend their vessels and organisations against attacks which could have serious consequences.
The guidelines identify the “enemy” represented by the activists, criminals, opportunists, terrorists and various state-sponsored elements who could mount a cyber attack on the industry, both afloat and ashore. They provide an understanding of the nature of the potential threat and offers advice on how risks and vulnerabilities can be assessed, both in terms of individual companies, ships and third parties.
It demonstrates how these risks might be reduced, how practical contingency plans can be developed and a lot else besides in hardening the security of cyber systems afloat and ashore.
It is significant how these vulnerabilities have grown in recent years, with an ever greater dependence upon sophisticated electronic systems, computers, timing and the transmission of data. One might first think of bridge equipment like satellite navigation systems, AIS, and radar, but in terms of cargo management, propulsion and machinery controls, administration and communication systems, crew welfare and access control, these too are all to a greater or lesser degree vulnerable. The increasing dependence on data handling systems for everything from machinery maintenance to electronic documentation indicates the importance of this issue for the whole industry.
Various tests have demonstrated this vulnerability and shown how even quite primitive jamming equipment can cause real problems to those aboard a modern ship. Research has shown that it is technically possible to externally interfere with control equipment, while there have been incidents reported where ballast handling systems have been hacked into on an offshore craft and cargo data has been penetrated by criminals.
It is important that these vulnerabilities are properly understood and the guidelines point to the need for these issues to be high in the priorities of senior management, so that the right decisions are taken and adequate resources allocated. The guidelines have been written in clear and unambiguous language so that people who are not IT specialists are able to understand the issues that are explored. The terminology is explained and the processes that need to be followed in hardening the defences are detailed in a practical fashion. Importantly, BIMCO and its partners in this important work recognise that this is a fast-changing scene and all will stay engaged so that where necessary, the information will be regularly updated. The guidelines are available to download from the website.

Source: BIMCO