Ships risk detention over cybersecurity

Ships that fail to comply with cybersecurity code of the International Maritime Organisation (IMO) may face detention from January 1, 2021. This comes as the IMO identified the management of cybersecurity as a key aspect of safety as technology becomes essential in ship operations.

The group has identified cybersecurity as a major risk to be addressed in safety management systems. The handling of the risks is to be verified in audits from January 1, 2021 onwards.

Director of Maritime Safety at the IMO, Heike Deggim, told the Safety@Sea webinar that “there is a strong need to balance the benefits of new technologies with safety and security concerns, in particular, cyber-security.

“Many people tend to have a very outdated view of what modern shipping looks like. Modern ships are technologically advanced workplaces and IMO plays an important part in shaping the development,” she said.

Recent reports have revealed that cyber attacks are on the rise in shipping. Deggim said Cyber technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment, including bridge systems, cargo handling and management systems, propulsion and machinery management systems, power control systems and administrative and crew welfare systems.

She said that one of the most critical developments in smart shipping and rapidly gaining importance is cybersecurity, recognising the use of electronic technologies is continually increasing in many areas of shipping.

With the process of digitalisation accelerated by the COVID-19 pandemic, cyber attacks have become more common not just in shipping, but globally in 2020, and indeed the IMO itself was hit by a cyber security incident.

Dekkim detailed how cyber risks will have to be addressed in a vessel’s safety management system from the annual verification of its Document of Compliance from January 1, 2021.

“Considering the human element aspect is vital in this regard, while systems can be protected and recovered by implementing different IT technologies, it is important humans understand the risks associated with the use and operation of critical systems,” she told the webinar.

“Thus implementing good cyber discipline within an organization is critical in good cyber risk management as much in shipping as anywhere else,” Dekkim said.

Also, the United Nations report on a review of maritime transports 2020 stated that many issues may be identified onboard ships that make them more vulnerable to cyber attacks, including unsecured networks and software, lack of seafarer training and insufficient protection of data.

It however stated that shipping companies would need to consider these issues and include cyber risk into their safety management systems, so they know how to deal with and approach a cyber incident.

“As this will require some time, all work should be completed ahead of the first inspection by International Safety Management auditors after January 1, 2021.

“Owners who fail to comply may risk having their ships detained by control authorities that will aim to enforce the requirement in a uniform and equitable manner.

“At the same time, implementing cybersecurity is important to protect shipping assets and technology from mounting cyber threats, in particular given that cyber risks are expected to grow, with greater reliance on virtual interaction as a result of the ongoing COVID-19 crisis,” it stated.