One of the most interesting things to go through is the different aspects cybersecurity has in each industry. In this expert talk, we are going to focus on one of the primary sectors that 3Cyber-Sec operates in – the maritime industry. Together with Stefan Radushev, managing director of the company and experienced cybersecurity consultant, we will review what this specific industry has to face in terms of challenges and good practices.
Stefan has a background as a specialist consultant in the maritime industry and will share his knowledge about the sector in this expert talk. In these articles, we are talking with experts on different subjects that provoke the interest of our audience. This is the first sector-specific discussion we are doing. We are confident that it will be useful and bring added value to our readers and to all the experts in the maritime business that are not aware of the subject.
Cybercrime in the maritime industry – more essential than we think
In today’s world, one of the biggest worries about organisations, regardless of their location and industry, is how vulnerable they are to cyber-attacks. We can mention specific sectors like finance, insurance, and healthcare where there is plenty of sensitive data and are preferred targets to hackers. And what about the maritime sector?
“When you take a closer look, the maritime sector seems to be big like the ocean. There are a variety of industries – from ports, through shipping, and up to IT systems and navigation. Most people don’t have a clue how huge the maritime economy is.”, says Stefan Radushev.
In June this year, the CPO magazine came out with an article titled: “Maritime Cyber Attacks Are Among the Greatest Unknown Threats to the Global Economy”. If you think this industry is irrelevant to you, just consider how one ship that got stuck threatened the logistics of the whole world. Since the pandemic started, the digital transition has gone over each industry. Also has increased the risk of cyberattacks. According to the article mentioned above, cyberattacks on vessels increased by 400%. And that is only at the beginning of when Covid-19 hit the world.
“If you read the statistics, you can see that there is at least one incident a day related to the hacking of a vessel or company in the maritime business.”, Stefan added.
What can be done for prevention and what are the good practices in the sector?
Since the statistics about cyber threats in the maritime industry are showing only an increase, we have to ask ourselves what is done and can be done for prevention? The first thing for sure will be to train all employees and increase their staff awareness about cybersecurity and the dangers that the business faces.
“When the team of the organisation recognizes the scope of the potential cyber-attacks and has the knowledge what to do to minimize the risk, you can be confident that your system, networks, and devices and your operation, in general, have better protection and chance of not being hacked”. says Stefan Radushev.
Another good thing will be to explore the main vulnerabilities that the specific maritime business has in its cyber defense. There is no universal solution when it comes to cybersecurity. The best approach is the one tailor-made to the needs and challenges that each entity has. And in most cases, they are unique for each business.
“The first step is to know what you have to deal with. Imagine you are on a ship and are about to go out to the sea. You will check that everything with the vessel is secure before heading out into the water. If there is something that needs to be repaired, you will fix it. It is the same here. We have to identify the vulnerabilities, then treat them and make sure to be best prepared for any cybersecurity threats”, the expert adds.
And this is a constant ongoing process. You can’t just do it once. Your staff should be trained regularly and continuously and the cybersecurity policies you have in place should be up to date with the latest threats.
Good practices, guidelines, compliance, and standards about cybersecurity in the maritime industry
Efforts on cybersecurity are not left to the maritime business alone. There are several standards and compliance checks that take care of the issues in the sector. The International Maritime Organization (IMO) has a dedicated section on its website about maritime cyber risk. There are listed the following standards that businesses should meet:
- Since January 2021, IMO has issued a new set of cybersecurity regulations that must be implemented by ship owners and managers;
- Maritime Cyber Risk Management in Safety Management Systems resolution adopted in 2017 by the Maritime Safety Committee;
- Entities like ICS, IUMI, BIMCO, OCIMF, INTERTANKO, INTERCARGO, InterManager, WSC, and SYBAss have provided materials with guidance about cybersecurity on board the vessels;
- There are reports for cybersecurity of ports (issued by IAPH Port Community) and recommendations on cyber resilience by IACS;
- ISO/IEC 27001 handles international information security management.
“Each big company should have internal procedures and policies for the prevention of cybercrimes that have to be based on the standards mentioned above.”, commented Stefan Radushev.
Better late rather than never
As we can see, the maritime industry faces increasing cybersecurity challenges. Companies in this field of work should act accordingly to reduce the potential threats they might face. Investing in cybersecurity is a step that should be done by all maritime stakeholders. With the growing number of cyberattacks, prevention is the best tool.
“One of the oldest and most important industries in the world is stepping in the digital age very fast. This is uncharted territory for a lot of the decision-makers in the business. My advice to them is to turn to cybersecurity consultants that can help them develop and implement cybersecurity policies that are based on their needs. You won’t take a ship with a hole on the side to sail. Then why do that with the cybersecurity of your business?”, commented Stefan Radushev.