Data, information and cyber security issues seem to be reported weekly. Last week we heard about a concerted attack against parts of the US government, with up to 2.1 million government employees possibly affected. Earlier, we saw issues such as data being stolen from JP Morgan Chase and Sony Pictures Entertainment. There are even public rumours of factories and industrial facilities being attacked successfully.
The maritime industry has not been immune to these issues, but in spite of industry warnings about imminent disaster, there have been few publicised cyber-attacks in shipping. However, as maritime organisations become more heavily reliant on interconnected systems to operate efficiently, the cyber threat becomes more prevalent.
We have seen other industries go through the same transformation to their risk profile. In our experience, three important points to remember are:
- It will (probably) happen to you. It possibly already has. The threat is complex, firewalls and anti-virus are generally not considered to be enough. The volume and complexity of attacks suggests adopting a ‘defence in depth’ approach. So you should think about your resilience to cyber-attacks, how you would detect if you had been hacked and how you would respond to an issue should one occur.
- The solution is not (just) technology
Of course technology has a part to play in helping mitigate this threat. But technology is no substitute for sensible decision making, user training and education. Technology may offer the medium that cyber-attacks are perpetrated over, but the solution has to include both people and process as well as technology.
- Your board needs to understand
The board needs to be able to balance the risks of using technologies with the opportunities they present. The board really does need to understand the risk posed by cyber security issues, how well the risk is being managed and how you would respond if you detected an issue.
This really is a complex and emerging area, but there are simple steps that can help you start to address the risks. We’re committed to help the shipping industry, so if you’d like a briefing for your team, audit committee or board, please do let us know and we’d be delighted to share our experience with you.