Cyber security threats are not new, but shipping still unprepared

The maritime industry’s mix of legacy systems, rapid data exchange, and rapid digitalisation create challenges around cyber security in need of urgent, collaborative solutions, according to an expert panel. Speaking at Seatrade Maritime Qatar in early February, Engr. Asmaa Abdulaziz Mirzaei, IT manager, MWANI Qatar said that cyber security was nothing new in the industry, but shipping is not really prepared. A lack of effective regulation on cyber security, many legacy systems in the sector, and the readiness of people working in shipping to address cyber threats are all challenges that need to be overcome, she said. “We have challenges, but it will come with time, we need to make sure that we standardise. We need to train people to be up and ready for cyber threats, to raise awareness, especially that [attackers] use social engineering.”

Google Cloud Regional General Manager, Ghassan Kosta, said that the rise of AI, IoT and digital twins in shipping were all critical to decision making. “Everything is related to data and everything is related to business operations. Because it's all about supply chain, it's all about real time access, every organisation needs to have the right security transformation and the right security posture for all their systems to be able to move forward into the next step and continue to innovate while protecting their assets in the right way.”

Jassim Al-Majid, VP, Information Technology Department, Milaha, said that much has changed since Milaha was preparing for Y2K over 25 years ago. “For all our systems like ERP and other systems, we spent two years to update all of them. But when it came to the vessels, it took us about two days, because there were no systems in the vessels at that time. Now, if we are going to update any system in our vessels, it takes years,” said Al-Majid.

Julian Panter, CEO at SmartSea commended the IMO’s work on cyber risk management, but said its regulations and guidelines were vague and based on best efforts. “I think we need to get more specific about what those standards need to look like in order for people to follow. They need to be mandated, because we are on the cusp of real growth in the maritime sector from a digital technology perspective, and that brings challenges because the more and more technology that you bring in, the more and more risk you have of cyber-attacks.”

ABS Senior Vice President, Global Engineering, Gareth Burton said there was a greater recognition of the need to address cyber security within the industry, which was an important first step. There is regulatory movement, and class societies have a range of mandatory and optional notations around cyber security, he added. “It is a dynamic situation, and I think the other aspect to recognise is that with so many different players involved, it's very challenging to make sure that all those stakeholders are paying attention to the same thing. It comes down to a risk management perspective, really understanding that risk, and then managing that risk accordingly,” said Burton.

The panel outlined some of the challenges in addressing cyber security issues and further digitalisation, from people to a lack of standardisation.

“The very reason that we all love the maritime industry is probably one of the causes of that issue,” said Panter. “We love the maritime industry because of its history and its culture and and at the same time, sometimes that stops change when it comes to the embracing of digital technologies.” Data protection, a lack of information sharing and fears over competitiveness are among concerns raised in the industry that prevent the adoption of the type of common data platform seen in aviation, he added...