Lloyd's List is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support at +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By

UsernamePublicRestriction

Shipping needs to be vigilant over cyber risks

The ransomware attack on CMA CGM is just one of a series of digital threats facing shipping

Cyber attacks on shipping have undergone a sharp surge since Maersk was a victim of the NotPetya attack in 2017. Operational technologies on board ships need protecting as much as customer data

THE cyber attack on CMA CGM has again reiterated the dangers faced by shipping from malicious actors taking advantage of an ever more digitally connected industry.

CMA CGM had already been a victim of cyber attack last year, but the French container line is not alone.

Other notable cases include the NotPetya attack that affected Maersk in 2017, the outage at the International Maritime Organization and Mediterranean Shipping Co last year and an attack on South African ports operator Transnet earlier this year.

“There is one incident on a ship every day, and attacks on shipping have increased 900% in the three years to 2020,” said HFW global head of shipping Paul Dean. “There is a ransomware attack once every 10 seconds.”

Speaking in a webinar before the latest attack, Mr Dean said container shipping had a greater vulnerability to attack than was seen in other sectors.

“What happened on Golden Ray could easily happen on a containership from a cyber attack,” he said. “Reefers and pressurised containers are also equally vulnerable. In terms of reefers, hackers may not be interested in food, but may be in relation to chemicals and dangerous goods.

“You could imagine a stowage plan being altered and containers being put in the wrong place.”

Cyber security should be seen as an act of seaworthiness and due diligence in the same way that the International Safety Management Code was.

The IMO’s Maritime Safety Committee adopted Resolution MSC.428(98) in 2017 to give guidance on good practice in cyber security.

“We do have IMO MSC 428, but again compliance is not enough, the same way that a vessel being in class does not mean it is seaworthy,” Mr Dean said.

The bigger issue, however, was the commercial one.

“You have tight turnaround times in ports, so there is less time to remediate,” said Mr Dean. “The costs of delay are enormous. We need to be looking at protection against the key financial exposures.”

The solutions included undertaking a maritime cyber security review.

“One of the legal elements is that parties need to be looking at their contracts,” he said. “Do not just look at charter parties and introduce cyber clauses. Everyone needs to be looking at their supply contracts.

“Can they pass on liabilities that they are incurring in regards to cyber risk to their suppliers?”

Operational technologies on board ships needed to be reviewed as well.

“There are many high-risk systems on containerships,” he said. “The risks are real and if they are not keeping you awake at night, they should be. But the good news is that there are solutions.”

Related Content

Topics

UsernamePublicRestriction

Register

LL1138256

Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel