Insight | Phish and ships: Understanding cyber risk at sea
Maritime
Inmarsat, as one of the leading global communications technology providers, has been at the forefront of ship-to-shore communications for as long as I have been alive. I am absolutely delighted that they are supporting the Be Cyber Aware At Sea campaign, which is helping us actively engage with both the global maritime and offshore sectors on a much wider scale.
The reliance on smart and interconnected systems at sea is continuing to grow as shipping companies and offshore energy providers strive for increased speed, cost reduction and maximum efficiency at all times.
Today’s onboard Operational Technology (OT) and Information Technology (IT) systems are becoming increasingly connected like never before. This hyper-connectivity greatly increases the risk of critical systems, such as safety, propulsion, or navigation, being exposed to internet-based and insider cyber-threats.
Additionally, shipping companies, their vessels, energy providers and platforms are not immune to the relentless cyber-criminal threat that seek financial rewards, as well as sensitive company or employee information, by using common social engineering techniques such as phishing, business email compromise (BEC), and other basic scams.
Whilst certainly not as catastrophic as the loss of a ship’s navigation systems, the loss of money and/or critical information can have a significant financial, legal and reputational impact on the ship owner, manger or charterer.
Avoidance of a possible attack on either IT or OT systems from an internet-based or insider threat starts with companies understanding the threat; understanding their IT and OT environments and how they’re connected; assessing where those environments could be exposed to the threat; then managing that exposure.
Shipping companies need to recognise and prioritise cyber security in their risk registers and assign accountability for managing this risk to appropriately qualified senior executives. This is not an IT issue, as I am often told by senior executives, CSO’s/DPA’s and onboard senior officers – this is an issue that needs be managed in the board room and disseminated right through to the onboard engine room.
Today, cyber security awareness across most industries globally is still relatively poor but it is particularly lacking in the shipping industry especially. As part of my own Master’s Degree in Maritime Security I spent a significant amount of time exploring this area, the findings after extensive research, interviewing and questioning was the catalyst for the launch of ‘Be Cyber Aware At Sea’.
Organisations’ employees remain one of the biggest cyber security vulnerabilities due to a lack of understanding and awareness of the risk. Instead of using highly technical and time consuming hacking methods to breach a company’s systems, cyber criminals often prefer to target the employees themselves, who are considered the “soft target” in order to get access to information and systems.
The first steps to building strong cyber security awareness in any organisation is for the executive management to recognise the risk and provide awareness and education for all the senior leadership team, shore side staff and onboard crew members. This needs to be a constant process, not a once off box-ticking exercise.
As a member of the ‘Be Cyber Aware At Sea’ campaign, Inmarsat is committed to helping raise awareness of cyber risks and threats to international shipping. In addition, it is actively taking steps to increase the standards of maritime cyber security globally with its own cyber security solution, to be launched later this year.
The ‘Be Cyber Aware At Sea’ campaign is a completely free, not-for-profit initiative with the objective of informing and educating on cyber risks in order to increase awareness and understanding.
After two years’ research, it was clear that there is a lot of work to be done to ensure ship owners understand and take the issue of cyber security seriously, and we felt an innovative messaging campaign and suite of free resources was the best way to do this.
We have been overwhelmed by the support and traction the campaign has gained to date worldwide and I am delighted that some of the biggest names in shipping from all sectors, as well as Inmarsat, have come onboard, including Teekay, North of England P & I Club, Standard P & I Clubs, P & O Ferries, Navarino, Holman Fenwick Willan marine lawyers and even the British Royal Navy.
We would very much welcome Inmarsat’s respected customer base to join us and help promote the ‘Be Cyber Aware At Sea’ message worldwide. I really do believe that ’online’ is quickly becoming the new frontline, and fortune favours the cyber prepared!
For more information or to show your support, please visit www.becyberawareatsea.com.
Jordan Wylie is an experienced maritime security and risk management professional whose career started with 10 years’ service in the British Military as an intelligence and reconnaissance specialist, before entering the private maritime security sector in 2008. Jordan has provided maritime security consultancy services to many of the world’s largest ship owners and is a retained consultant by several flag states, providing guidance on piracy, terrorism, organised crime at sea and the maritime cyber security approach. Jordan has trained over 10,000 seafarers globally and also completed over 100 missions on board as a security team leader during the height of Somali based piracy. Jordan is the founder of JWC International, a specialist marine consultancy provider, the President of the Security & Risk Management Alumni and a Non-Executive Director at the Company Security Officers (CSO) Alliance.
