Shipping companies and owners need to be just as wary of cybersecurity as any other industry, with the increased digitalisation aboard vessels posing a significant threat.

We’re living in an increasingly connected world and as such these companies and owners are now treating their vessels like a mobile office, performing the most mundane of tasks and business-related actvities either on board or remotely via the HQ.

However, this opens up a whole host of vulnerabilities for the vessel and insider threat is a major cause for concern for the industry and something that shouldn’t be taken lightly.

Seafarers bring an average of three communication devices on board ships, but insecure personal devices, be it smartphones, laptops or tablets, can add additional vulnerability to the vessel’s IT system which is open not separated from the vessel’s business LAN.

Having said that, cybersecurity is not just about preventing hackers from gaining access to a ship’s system. It’s also about ensuring that the IT systems in place are robust and resilient and that appropriate reversionary modes are available in the event of a compromise.

Potential risks of a cyber attack on a vessel include:

• The interruption of operations
• Loss of business-sensitive information
• Insurance cover – impact on premiums of lack of cybersecurity measures
• Reputational damage
• Loss of customer and / or industry concidence
• Severe financial loss / penalties
• Privacy impact – personal data protecton legislation will see companies eed for failing to secure employee information

The threat landscape is constantly evolving and with this in mind, ship management companies and operators need to approach cybersecurity in a holistic way.

The Maritime Safety Committee, at its 98th session in June 2017, adopted Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems. The resolution stated that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.

This resulted in the issuance of compliance structure & date for compliance, resulting in the below:

• The resolution states that an approved safety management system should include cyber risk management in accordance with the objectives and requirements of the ISM Code, no later than the first annual verification of a company’s Document of Compliance after 1 January 2021.
• This refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
• Maritime organizations now need to follow the guidance and recommendations outlined by the IMO to ensure their vessel operations are protected from potentially catastrophic cyberattacks

The introduction of the IMO guidelines for cybersecurity brings requirement for both attitudes & methodologies towards Cybersecurity at sea to change.

Moving forward, the objectives & requirements listed within the ISM code are to be the key components when considering risk assessment for on board systems.

These requirements will need to be met for the vessel to approved during annual class authority review

Responsibilities for the vessel operator now include:

• Ensure that adequate risk assessments are carried out when considering cybersecurity
• Cyber risk management methods are to be included in the vessel safety management system (SMS)
• Roles & responsibilities must be clearly designated with a view to cybersecurity, both on-board & at HQ
• Cybersecurity must be considered as part of the safety mechanism on board, meaning it becomes the Master’s responsibility to oversee
• All crew must be trained on Cybersecurity, ensuring they are aware of requirements & measures to take if required
• The vessel systems must be configured and located correctly to ensure safe operation, separating access from non-authorized personnel
• All IT & communications equipment must be certified as compliant, with assurance from the third party supplier provided

Ship Managers should be duly prepared for effective PSC inspection worldwide having in mind that the cyber issues required by IMO as an SMS requirement will be checked for implementation after 1st January 2021.

Ship Managers should:

1. Implement procedures in their SMS ensuring cyber risk management is appropriately addressed, no later than the first annual verification of the company’s Document of Compliance (DOC) after January 1, 2021.
2. Provide adequate training for both shore and on-board staff in order to implement these procedures
3. Create an evaluation procedure (through internal audits and drills) in order to determine the effectiveness of their procedures.

Shipboard staff should:

1. Be familiar with cyber procedures as incorporated in their SMS
2. Implement and follow the cyber procedures on board
3. Act proactively to protect on board Information Technology (IT) and Operational Technology (OT) systems from cyber attacks
4. Report to Head Office (and relevant PSC Authorities) any cyber incident as required by SMS, Flag Administration and local requirements.

Vessel operators are working in an increasingly regulated world and with the IMO MSC.428 resolution on Maritime Cyber Risk Management in Safety Management Systems, responsibility for all cyber risk management has been placed on vessel operators.  We want to ensure our customers are provided with key security controls, enabling them to maintain full control of their network and infrastructure. SMART@SEA’s powerful cyber protection suite provides the appropriate robust cyber security and safety functionalities which are critical because of their potential effect on personnel, the ship, environment and company.

SMART@SEA is the result of over 50 years of maritime industry knowledge and working closely with our customers to develop a portfolio of increasingly SMART products, services and technology.  With SMART@SEA we have a practical and cost-effective solution that future-proofs our customers’ needs as the industry becomes more digitalised, connected and as a consequence cyber vulnerable. NSSLGlobals new SMART@SEA platform offers our customers unrivalled levels of transparency, operational control and cyber protection over their networks and bandwidth usage. 

WHAT IS SMART@SEA?

• The powerful virtualised on-board, complete intelligent management solution, SMART@SEA offers the seamless integration of communications networks, cybersecurity, crew welfare and IT services.
• SMART@SEA’s world-class security features help customers with resilient vessel level security and to become IMO Cyber compliant

KEY FEATURES FOR CUSTOMERS INCLUDE

To serve an industry which has been increasingly adopting digitalisation for on-board operations, SMART@SEA provides vessel operators with a smart technology portfolio that can work with their existing systems offering:

• A virtualised digital platform which provides the seamless integration of on-board services
• Management of communications networks
• World class security suite of services
• A powerful management and control portal
• Virtual computer hosting
• Fully managed IT service (on-board and virtually)
• Access to on-board entertainment and other crew welfare provision
• 24/7 global technical support with some of the best engineers in the industry
• Single appliance smart technology

To request a copy of our SMART@SEA brochure or find out about NSSLGlobal's products and services please complete the contact form below or alternatively, email us at marketing@nsslglobal.com.