Not Enough Protection Against Cyber Attacks
Modern bridge systems and advanced ships technologies could be vulnerable to a cyber-attack, says the new report out by Allianz Global Corporate & Specialty (AGCS), which discussed the rising concern that ships do not have sufficient cyber protection.
Automatic identification systems (AIS) are used for tracking and identification by vessel traffic services, which exchange data with ports, coast guards and nearby vessels. AIS systems supplement marine radars, which is a primary method of collision avoidance for waterborne traffic. A ship’s position, course and speed are displayed on ECDIS (electronic chart and display and information system). ECDIS charts for navigation are updated off the internet, and if the system is hacked and false information is downloaded could create a major casualty.
Small crews, larger ships and the increased reliance on automation were cited in the report as contributing to the risk of cyber-attacks, which could cause a collision, grounding or losses. The AGCS reported said that grounding and ships sinking were the primary loss of vessels in 2014.
The interconnectivity of activities could greatly impact the entire maritime industry. Additionally, remote access to the control of a ship, terminal activity and container data could cause severe business interruption costs.
Another risk factor is the ever-increasing amount of different systems available to ships. Firewalls are unable to adequately provide protection because doing so would interfere with communication between other ships’ systems.
“Cyber risk may be in its infancy, but ships and ports could become enticing targets for hackers in the future,” said Captain Rahul Khanna, Global Head of Marine Risk Consulting at AGCS. “Companies must simulate potential scenarios and identify mitigation strategies, as attacks on particular electronic navigation systems could lead to a total loss of a ship or even involve several vessels from one company.”
The IMO’s Maritime Safety Committee (MSC) is currently considering a proposal to develop cyber security guidelines that will protect and enhance the safety of cyber systems used by ports, vessels and marine facilities.