return to news
News

Maritime Cyber Security: A Global Challenge Tackled through Distinct Regional Approaches

Published 30 - November - 2021
risktechnologysupply chainother
Source: MDPI
Read full article
By Chronis Kapalidis, Principal at ISF, Stravos Karamperidis and Tim Watson.  

Abstract

Maritime cyber security is an emerging issue that requires immediate attention, according to the International Maritime Organization (IMO). Feedback received from global shipping professionals indicate that a common threat to the industry, such as cyber security, is dealt with differently among industry practitioners around the globe. Data collected from two targeted focus groups (one in Europe and the second in Asia, two leading groups in the maritime transport sector) demonstrated that, based on technology adoption maturity, cyber security is perceived differently between these groups. The COVID-19 pandemic has highlighted these differences. Our findings lead to useful intelligence that will inform key maritime decision makers, both in meeting the IMO requirements and preparing the organization to address cyber risks.

Introduction

Innovative technologies have found their way to the maritime transport sector as they minimize the costs and maximize the benefits in everyday operations. At the same time, these new technologies enhance the interconnectedness of core port and shipping operations to the whole supply chain. As such, any interruption to the core of these operations may have a consequent knock-on effect to the wider economy and industries related to the supply chain, as illustrated in the CyRiM Report [1].
Despite the increasing numbers of cyber incidents to corporate networks and data, the maritime transport sector is rather slow in addressing cyber risk [2]. Well-established regulations and guidelines have been implemented for decades on topics such as environmental and crew safety and, more recently, on ballast water management; these risks are tangible. However, cyber risks are different. Their intangible nature means that their consequences are not palpable; therefore, it is difficult for them to be initially identified and addressed. Infected applications, computers in the office, or operational technology (OT) systems on board may continue to operate without any noticeable performance issues. Unlike any other risk, when a cyber breach occurs, it can affect the entire infrastructure of an organization, including its fleet and offices around the world.
This threat landscape will only grow, as ships at sea increase their connectivity, exchanging data so they can increase supply chain visibility and performance. Unfortunately, while connectivity solutions have evolved, achieving greater resilience, a single specific vulnerability in one industry or organization can swiftly cascade to affect other industries and organizations due to the lack of appropriate security controls [1].

Read more here