IN the past few weeks, there seems to have been a continuing trickle of horror stories about large companies, including airlines, having their systems hacked and data stolen. I am sure none of us would want to be in the situation the directors of Cathay Pacific now find themselves, having to explain how a data breach exposed personal information of up to 9.4 million passengers.
Loss of data is of course hugely worrying but with the aviation industry, the idea that criminals could access sensitive operational systems would be much worse. It is to be hoped that hasn't happened yet but any breaches of cybersecurity in the aviation sector must be taken extremely seriously. And of course the same must go for us in the shipping business, especially as we are rather quickly moving into the era of at least semi-autonomous ships.
To be fair, there is a lot of activity going on within our industry to improve cybersecurity. This is evidenced by the number of press releases I receive on the subject.
For example, US-based classification society ABS and shipbuilder Hyundai Heavy Industries (HHI) have collaborated to develop cybersecurity requirements for the ABS Cyber Security-Ready (CS-Ready) Notation for marine assets. ABS issued HHI with the first-of-its-kind CS-Ready Notation to a large-scale commercial vessel, a VLCC, delivered this month.
"As a global leader in marine cybersecurity, ABS is pleased to work with HHI to ensure the next generation of vessels is better equipped to address increasing levels of cyber risk," said John Jorgensen, ABS chief scientist, cybersecurity. "Employing the ABS FCI Cyber Risk model in implementing this new CS-Ready Notation means valuable assets are already down the road to achieving a robust degree of protection on delivery to customers."
The ABS industry leading FCI Cyber Risk model quantifies cyber risk, measuring Functions (critical systems such as navigation and propulsion), Connections (digital networks connecting functions), and Identities (people or devices accessing connections). The CS-Ready Notation requires that functions and connections are properly characterised so the owner can control access to connections and systems.
"Achieving this CS-Ready Notation makes HHI a frontrunner in ship cybersecurity technology and means HHI is well prepared for future certifications, which are becoming increasingly strict," said Joo Won-ho, director of the HHI Corporate Research Center. "These cybersecurity requirements will be integrated into HHI's newly constructed ships, including LNG carriers, and will give HHI products the competitive edge, leading to increased market leadership."
Well, how much of a competitive edge they may have, or how long it may last, is another matter as many teams around the world are working to strengthen cybersecurity within the industry.
Japanese classification society ClassNK is also active in this area. It has just concluded a worldwide partnership agreement with German testing, inspection and certification services provider TÜV Rheinland for cybersecurity services.
The two parties have agreed to jointly develop and deliver a cybersecurity certification scheme for the maritime industry. Under the agreement, ClassNK will first team up with TÜV Rheinland to work on the cybersecurity guidelines that target onboard software currently being developed by the society.
Meanwhile, global, mobile satellite communications giant Inmarsat has introduced two new components to its maritime cybersecurity service, Fleet Secure, as it "continues to develop solutions that combat ever increasing cyber threats faced by ship owners and ship managers".
Peter Broadhurst, senior vice-president of safety and security for Inmarsat Maritime, said: "It is a priority for every fleet operator and ship manager - shore-side and at sea - to ensure their systems are properly protected. As this enhancement to Fleet Secure demonstrates, Inmarsat is constantly monitoring the ever changing cybersecurity landscape and devising new tools and approaches for addressing potential problems, ensuring that ships and their crew remain safe - physically and virtually."
Inmarsat has also launched a training app for mobile devices, Fleet Secure Cyber Awareness. This enables seafarers to educate themselves on the tactics that cyber criminals might employ in attempting to infiltrate a company's IT infrastructure.
Addressing the human element is essential to maintaining a strong security posture, said Mr Broadhurst: "Many attempts to gain unauthorised access to IT infrastructure require some sort of activation by an end-user in order to infect a system and cause further damage. These attacks are often heavily disguised so as to trick and manipulate end-users into unwittingly granting permission. However, there are nearly always tell-tale signs that, if spotted in time, would prevent escalation.
"Crew education is therefore an indispensable component in realising a well-rounded security strategy and the reason behind teaming up with Stapleton International and Marine Learning Alliance to launch our Fleet Secure Cyber Awareness module."
Not surprisingly, Singapore is at the forefront of cybersecurity developments. The technology group Wï¿½rtsilï¿½ has recently opened its Acceleration Centre here. This purpose-built centre promotes innovation and collaboration with industry, academia and local partners to strengthen and develop Singapore's maritime ecosystem.
The opening marks a key milestone following an agreement signed between Maritime and Port Authority of Singapore (MPA) and Wärtsilä in April 2018 to collaborate in areas of intelligent vessels, connected smart port operations, cyber-physical security and digital acceleration with startups.
Significantly, Wärtsilä will also address cybersecurity challenges in connected maritime operations by launching its Maritime Cyber Centre of Excellence as part of the Singapore Acceleration Centre.
It is encouraging that all this effort is going into this area but there is no room for complacency. Somebody, somewhere, will always be working at least as hard on ways to subvert the best cybersecurity systems.