Cyber security guidelines for the shipping industry
A group consisting of several leading shipping organizations and companies has published a set of guidelines to help the global shipping industry develop good solutions for preventing cyber incidents onboard their ships.
“As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web,” the document says.
“This brings the greater risk of unauthorised access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems onboard, for example by introducing malware via removable media.”
The organizations have become aware that the safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant
The guidelines are not meant to be taken as a hard plan, though, but more as a document detailing the current situation of cyber security in the shipping industry – both risks and possible solutions – in order to make industry stakeholders’ senior management aware of the need for cyber safety.
“Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations,” the group noted.
The document contains an overview of the current cyber threats and types of attacks that may affect companies and ships, guidelines on how to asses the risks a company faces, how to find vulnerabilities in their systems, how to reduce the risk, how to develop contingency plans, and so on.
“Cyber security should start at the senior management level of a company, instead of being immediately delegated to the Ship Security Officer or the head of the IT department,” the group also pointed out.
As cyber threats change, the guidelines will change as well – the group has pledged to regularly update them to reflect the current situation.