A survey of 2,500 seafarers has revealed that 40% of officers have sailed on a vessel, which has become infected with a computer virus or malware. The ongoing crew connectivity survey, carried out by British firm Futurenautics, also found that 87% of those surveyed have had no cyber security training. The organisers of the poll expect the final number of participating seafarers to double to 5,000.
Cyber security has come in to sharp focus for the shipping industry in the wake of June’s NotPetya attack, which hit a number of lines, most notably Maersk, which saw up to $300m in revenues wiped from its books.
Commenting on the Futurenautics survey, Phil Tinsley, head of maritime security at global shipowning body, Bimco, told Splash: “This statistic is no surprise.”
Prior to developing its industry guidance on cyber security Bimco arranged for penetration testing on a variety of ships. The findings confirmed many ships are operating with outdated, unpatched and insecure software.
“It is imperative that shipowners and managers deal with infected systems in the same manner and priority that they would deal with all other safety issues onboard,” Tinsley stressed.
James Wilkes, managing director of British maritime consultancy Gray Page, concurred with Tinsley, telling Splash: “The IT systems on ships are no more or less resilient to viruses and malware than the IT systems of most companies and organisations ashore. And seafarers are no more or less susceptible to doing something daft – such as opening an attachment in an email from a person you’ve never heard of before – than the rest of us.”
Lars Jensen, who heads up CyberKeel, a Danish organization focused on maritime cyber security, suggested the 40% statistic should be interrupted differently.
“That appears to indicate that a large amount of seafarers are unaware that they have had virus or malware on the ship,” Jensen warned. “What is noteworthy, however, is that 60% of seafarers are unaware that at some point their ship has in all likelihood had virus or malware. Of course the severity of a virus or malware can vary dramatically, but it is highly likely that most vessels have seen some elements of virus or malware.”
Jensen’s assumptions were backed up by Roger Adamson, who has led the survey for Futurenautics.
“The figure from serving officers is confirmed by additional research we have conducted with ship operators,” Adamson told Splash, adding: “However, given that typical breach detection time is 146 days and that up to 70% of breaches go undetected the figure could be far higher.”