Marine cyber risks

In our increasingly interconnected world, concern around the risks related to cybersecurity is growing daily.

On one hand, all these advances have made many things easier for the entire global industry by automating processes, avoiding waste, and even reducing malfunctions; however, the flip side of this reward is exposure to breaches by hackers, who could do anything from steal information to sabotage equipment. The potential for losses caused by a cybercrime is not very well understood, so it is difficult to put a price on it. It is estimated that just in 2018, cyberattacks caused USD 600 billion in losses.

Until recently, it was believed that the marine industry was not very exposed to these types of attacks, but they have indeed been happening, albeit at a much smaller scale than with the primary targets of hackers, such as financial market companies, industries, and airlines. As an example, in November 2019, Companhia de Docas, which operates in the state of Ceará and runs the Port of Mucuripe, suffered a cyberattack that seriously affected its operations, requiring some of its procedures to be performed manually. This attack led to a queue of vessels waiting to be loaded, which caused delays in business.

In the event of a cyberattack that, for example, paralyzed the Panama Canal, the losses and delays would be catastrophic for the global economy, given that 90% of world trade relies on maritime transport.

“In the event of a cyberattack that, for example, paralyzed the Panama Canal, the losses and delays would be catastrophic for the global economy”

The marine industry is particularly vulnerable. Despite the major technological advances in navigation, there are still a lot of technologies in use that were developed for the needs of the 20th century, but that are not suited to the threats of the 21st century. Essential navigation systems like GPS, AIS (automatic identification system), and ECDIS (electronic chart display and information) have already been identified as being vulnerable to attacks, which could expose the vessel to such risks as manipulation of information on its position, or even change its course.

For this reason, the IMO (International Maritime Organization) established mandatory regulations and standards for cybersecurity within its safety regulations, in its Guidelines on Maritime Cyber Risk Management, released in 2017. Shipping companies must put in place a cybersecurity management plan, wherein they must:

  • Identify key persons for the cybersecurity management process, as well as the systems, assets, and data that, in case of an attack, could pose a risk;
  • Implement risk-control processes and contingency plans that ensure the continuity of safe shipping in the event of a cyberattack;
  • Develop methods for identifying a cyberattack in a timely manner;
  • Develop plans and measures that ensure a quick return to shipping operations in the event of a cyberattack;
  • Identify the necessary measures to back up and restore the necessary systems for shipping, if attacked.

These measures need to be duly addressed in the safety management systems (SMS) and verified in compliance reports as of January 1, 2021.

What does the future hold? The shipping industry has advanced considerably in the past decade, moving toward increased automation. Autonomous prototypes are becoming more popular.

What does the future hold? The shipping industry has advanced considerably in the past decade, moving toward increased automation. Autonomous prototypes are becoming more popular. Although shipping is approaching a modern future wherein it will be less and less exposed to the classic risks related to seafaring, there is now a need to work toward mitigating the cyber risks that are emerging and becoming more sophisticated every day.