Three things every shipper should know about cyber security
The Maersk cyber attack sounded bad enough. But this blog post on cyber security by ...
Cyber crime is likely to delay the introduction of autonomous ships for several years – and it could pose a significant threat to the shipping industry if it fails to act soon.
There has been much progress on autonomous ships this year, notably from Rolls-Royce, and in October Norway opened the world’s first designated test area. But there is still a long way to go, believes SeaIntelligence CEO Lars Jensen.
“Autonomous ships are a long way in the future,” he told delegates at TOC Middle East in Dubai last week.
“They have to be built to better specifications than current ships. Who will repair them?
“They need to be more resilient. And what is the cost? What will we save from it? That has to be worked out.”
One of the biggest problems facing the industry – and autonomous ships – is that it is not yet fully equipped to handle cyber crime, he added.
“The industry is in very poor shape when it comes to cyber security. It needs awareness among senior management – this is not an IT issue.
“Firewalls and anti-virus software will not keep out dedicated attacks. If you think you haven’t been hacked – you are wrong.”
Mr Jensen also warned ports and terminals that they were likely to be in the vanguard of cyber attacks.
Noting several attacks in the past few weeks alone, that took out major sites such as Netflix and Twitter, as well as a telecoms company in Libya and another on domestic routers in Germany, he emphasised the vulnerability of ports, particularly via the Internet of Things.
“When you start to think of hardware in ports and terminals, everything has to be secure. We can put a lot of things online – but should we? There are thousands of gadgets in a terminal, and if they are online, they will be attacked.”
Mr Jensen set out the groups which would be most likely to attack – although he pointed out that staff could be a company’s biggest concern.
“Staff are the worst – but often through negligence or incompetence. The most successful attacks compromise a person. It could be a disgruntled employee, or a trick which makes them reveal details.”
But this could be mitigated by training, he said.
While criminals are “plentiful and very good at cyber crime”, Mr Jensen thought the biggest risks to the shipping industry were states, or state-sponsored groups – not necessarily terrorists.
“Ships and ports are clearly state infrastructure.”
He said shutting down a major port in a hostile state would certainly be in the interests of some governments.
The good news, however, is that cyber crime can be combatted without huge investment, he believes.
Companies should be looking to prevent crime at the design stage of technology – and simply encryption, understanding the risk and training would be critical.
“Companies need to work cyber defence into their business processes,” he advised.
“Don’t automate any deals worth more than $1m, for example. Improve staff awareness and technical know-how. It’s not expensive – companies already have most of the tools they need. It’s about training and configuring networks slightly differently.”