Recent time have seen widespread adoption of the digital systems. Shipping industry which once was hesitant to undergo digitization, saw high technology adoption in the recent times. With the introduction of automated systems, Internet of Things (IoT) and connected devices, integrated ship management applications; all the operations in the shipping industry are streamlined and more connected than ever which became reality only because of the direct revenue impact and value propositions realized by ship owners and ship operators.
Wireless networking technology is an enabler of these technology advancements but as of many things around us, these advancements too have darker side, making the whole system susceptible to cyber-attacks with possibility of jeopardizing the entire operations. Cyber-attacks which were used to be temperate in the beginning resulting into only financial losses now have increased severity putting human lives, vessel and entire sea and onshore operations at risk.
As the events go, Maersk headquarters had intensive cyber-attack in 2017 eventually leading to disconnection of Maersk’s entire global network. Number of other attacks on large maritime entities like COSCO (the 4th largest container shipping company in the world), Austal (an Australian shipbuilding and defence corporation) as well as ports of San Diego and Barcelona have highlighted the devastating impacts of these attacks. Recently Norsk Hydoo which is one of the largest aluminium company has to shut down it systems because of attack from ransomware named LockerGoga spread through organization’s network, encrypting files and demanding payment for the decryption of the infected files. This forced the organization to stop the production in several plants and switch to manual operations.
As far as cyber security measures, non-technical risk migration strategies are not comprehensive and does not provide complete protection from the cyber-attacks but ensure minimum precautions to avoid these kind of incidents, certain approaches like restricting access to common ransomware entry points, having 24×7 IT response team, limiting third party integrations and connections to the system and monitoring them at a regular basis, taking routing backups to maintain the data integrity and training the resources for cyber security best practices are some of them.
To ensure certain security standard levels, implementation of cyber security tools and systems is an option but in long run, keeping cyber security as the top agenda during new technology implementations or upgrades should be the priority for shipping companies.
Summary:
There are still lot of areas which are exposed to cyber-attacks and cannot be covered completely, hence the industry needs to put dedicated cyber risk management resources, experts and systems as a part of the overall safety and security system of the organization.