There’s no doubt the threat of a cyber attack on a fleet, an individual vessel or a company is currently exercising the minds of many a boardroom meeting in the shipping industry.
Maersk, COSCO and a host of other well-known shipping industry names have already been laid low by costly and time consuming cyber attacks.
There is now an army of technology consultants, insurers and risk managers offering the industry every kind of panacea to overcome the threat of cyber ruin.
And for the media, it’s a great story: once it comes out in public it runs for days as the extent of disruption and damage becomes clear.
The reputational damage of a sustained cyber attack is painful and can be long term. Within the shipping industry it often leads to a long-term reappraisal of security, the use of technology and systems and how they are applied to daily ship and office operations.
A recent survey of owners and managers showed that very few in the industry believe they are fully prepared for a cyber attack on their fleet or offices.
It seems as if the cyber story and shipping is going to run and run and there is no doubt it is a headline grabbing topic.
With media intrusion post attack, it is vital the facts are communicated as honestly and as quickly as possible. But what is even more important is the ability to convey to customers, business partners, shareholders and other stakeholders that the company under attack has a clear plan to overcome the issue and is taking the necessary steps to put things right.
To date many shipping companies which have suffered cyber attacks have done the opposite and gone into lock-down when crisis strikes. This just increases speculation and extends the length of the crisis.
But there is evidence that as the industry wakes up to this threat, things are changing.
A leading ship manager recently banned all outside USB flash drives from its vessels.
The industry acknowledges that more than 60% of all cyber attacks are caused by the human element. It can be as simple as a third-party service provider coming on board in port and using a USB flash drive to transfer ECDIS files to a laptop.
This kind of event has caused several cyber attacks on board vessels and now many in the industry are moving towards a system in which USB flash drives are completely banned from all vessels as well as from offices.
Transferring updated ECDIS systems via removable storage devices has already caused havoc in the industry, but owners and managers are waking up to the fact that these ‘thumb-drive cyber bombs’ have inherent danger.
The manager in question has now decided that all USB drives on board its ships will be encrypted and for use on board its vessels only.
The other problem for the industry is the fact there are so many versions of ECDIS the risk of virus attack is greater when information is shared and updated. And the deeper problem with the use of technology on board vessels and the consequent risk of cyber attack is not the technology itself but the attitude towards it. Many ship managers are now acknowledging that it is not possible to layer new technology into the industry unless old attitudes change.
The issue for shipping is that it keeps putting new technology on top of old processes and attitudes, and until that changes there will always be a heightened risk of cyber attack.