Advanced cyber security solutions that protect onboard operational technology can go beyond protection and actually enhance a ship’s safety systems, argues Julian Clark from Ince.
It no longer takes a nation state to bring down a company; it can be done easily enough by a teenager with an internet connection. Coding software is increasingly efficient and accessible, and as in the 2008 recession, people with coding skills are turning to hacking for income.
The threat level and sophistication of hackers increases every day, and according to a Naval Dome report, the number of cyber-attacks has increased by 400% since February 2020. The number of attacks on operational technology (OT) has increased by 900% in recent years.
OT monitors events, processes and devices. This creates an opportunity for a hacker to “take active control” over vital processes with potential life threatening consequences. See for example the Colonial Pipe Line and Florida Water Treatment Plant attack, Such attacks underline the need to combine essential cyber security with increased vessel safety as a matter of routine management, not just to prevent or mitigate an attack.
OT cyber security technology monitors the values displayed on a ship’s safety systems and the vessel equipment itself. It then automatically identifies anomalies in these values caused by an intentional cyber-attack, but the system can also highlight discrepancies caused by equipment, computer or user error. If safety system or equipment values do not align with expected trends, or there are inconsistencies between data feeds supposedly conveying the same information, the cyber security software can alert crew or automatically restore devices to the proper configuration if required.
Safety systems themselves are also highly vulnerable to cyber-attack. In this instance, cyber security solutions can act as the ‘safety system for the safety system’. For example, a cyber-attack could result in the incorrect ballast tank fluid level being shown by the safety system. This would lead to dangerous instability when loading or unloading cargo. An advanced OT cyber security system would mitigate this risk by alerting crew and could very well eliminate the risk altogether.
While not linked to a cyber security event, the Ever Given grounding in March 2021 highlighted how costly a shipping disruption can be to global world trade, and a cyber-attack on a vessel’s navigational systems could easily have led to a similar result. From a loss prevention perspective, OT cyber security solutions could also aid in the investigation of vessel casualties by gathering any relevant vessel data prior to the incident and highlighting any anomalies that had not been picked up by the crew.
For all this to work, it is important to consider cyber security as part of maritime and vessel infrastructure, rather than a bonus. When expanding the OPEX equation to include the high costs of a cyber-attack and when valorising reduced risk and improved safety, the return on investment is clear. Plus, ship owners can be creative with funding, for example using a combination of the IT and safety budget to invest while potentially reducing insurance costs.
There are advanced systems available on the market today that can mitigate cyber risk and boost operational safety. Therefore, with profits increasing in many shipping sectors, it is a good time for ship owners to invest at their next budget review. Reluctant ship owners not implementing adequate cyber security solutions face increasing cyber security threats and miss an opportunity to improve vessel safety.
Shipping’s strong safety record is sometimes taken for granted, but it can only be maintained through continued innovation. Attacks on onboard OT, such as a ship’s navigational equipment, have the potential to risk seafarers’ safety and to significantly disrupt global trade if not mitigated appropriately. There is no excuse; cyber security is a must have today. Shipowners that take advantage of its safety potential are creating added value for themselves and the sector.
