OSERV, a part of OSM Maritime Group focusing on supply chain management and value-added services, has geared up to offer integrated risk management systems for the shipping industry to address the increasing threat from cyber attacks.
Peter Schellenberger, managing director of OSERV, says cyber threat in the sector is increasing rapidly as hackers and organised crime start to realise how vulnerable shipping is as a target. This is doubly troublesome as shipping companies connect their fleet to VSAT broadband without upgrading security to match.
“The biggest threat of all is to ships that have their operational technology (OT) on the same network as the crew systems. If the safety of life at sea is dependent on your OT systems, and your OT systems are exposed to any threat that can target your crew’s personal IT, you have a very vulnerable vessel,” Schellenberger says.
Schellenberger believes the awareness of maritime cyber threat is growing, however, he strongly suggests the awareness needs to translate into direct action to secure ships before it is too late, and to translate this into understanding and responsibility at the board level.
“This is not an IT issue, this is a board issue, and it is board members that will be held responsible in the event of a disaster,” warns Schellenberger.
OSERV now offers a broad range of cyber security solutions to shipowners, including Seawall Protect, a continuing service to protect the vessel from hackers and viruses over VSAT broadband. Seawall Test is another OSERV service designed to find any cyber security vulnerabilities on ships before the hackers do, while Seawall Fix sorts out any loopholes before they are exploited. Additionally, the company offers Seawall Training to help educate the most vulnerable part of the network – the crew who operate it.
Schellenberger, in his interview with Maritime CEO, hits out over the issue of a lack of standards and comprehensive product offerings in the maritime cyber security area, something he has fixed by reaching out to partners across the maritime universe to offer a complete cyber damage limitation service.
OSERV acts as the service integrator for all this new cyber offerings, while Pragma is its core technology partner, class society DNV GL will provide training, with Navigate Response on hand for damage control and HFW for legal support.
“There are some service companies, including communication/ connectivity providers that offer parts of the desired scope, but to our knowledge no comprehensive product range with similar credibility. Everybody is talking about cyber security, but no established services or standards are in place yet,” Schellenberger says.
Schellenberger reckons owners need to realize fast that increased security on vessels is an absolute must and does not come for free.
“Small gizmos or just monitored communication with encryption does not do the trick and cannot prepare for the huge leverage that would be created in the case of a real cyber casualty. This is a job for professionals in all aspects of the areas to be protected,” he maintains.
Adding to that, he warns that IT departments in shipping companies are often under resourced or not trained enough.
“A cyber specialist from the real world that comes back from a vessel visit always has the impression to have travelled back 20-30 years in IT time, so poor are mostly the standards on the ships. Therefore, training should be made mandatory,” Schellenberger concludes.