(www.MaritimeCyprus.com) Cyber security is not just about preventing hackers gaining access to systems andÂ information, potentially resulting in loss of confidentiality and/or control. It also addressesÂ the maintenance of integrity and availability of information and systems, ensuringÂ business continuity and the continuing utility of digital assets and systems. To achieveÂ this, consideration needs to be given to not only protecting ship systems from physicalÂ attack, force majeure events, etc., but also to ensuring the design of the systems andÂ supporting processes is resilient and that appropriate reversionary modes are availableÂ in the event of compromise.
Personnel security aspects are also important. The insiderÂ threat from shore-based or shipboard individuals who decide to behave in a maliciousÂ or non-malicious manner cannot be ignored. Ship owners and operators need to understand cyber security and promote awareness of this subject to their stakeholders,Â including their shipboard personnel.
This Code of Practice explains why it is essential that cyber security be considered as partÂ of a holistic approach throughout a ship's lifecycle, as well as setting out the potentialÂ impact if threats are ignored. The Code of Practice is intended to be used as an integralÂ part of a company's or ship's overall risk management system and subsequent businessÂ planning, so as to ensure that the cyber security of the ship, or fleet, is managed costÂ effectively as part of mainstream business.
This Code of Practice should be read by board members of organisations with one orÂ more ships, insurers, ships' senior officers (for example, the Captain/Master, Chief OfficerÂ and Chief Engineer) and those responsible for the day-to-day operation of maritimeÂ information technology (IT), operational technology (OT) and communications systems.Â It does not set out specific technical or construction standards for ship systems, butÂ instead provides a management framework that can be used to reduce the risk of cyberÂ incidents that could affect the safety or security of the ship, its crew, passengers or cargo.
The maritime sector is a vital part of the global economy, whether it is carrying cargo,Â passengers or vehicles.Â Ships are becoming increasingly complex and dependent on theÂ extensive use of digital and communications technologies throughout their operationalÂ life. Poor security could lead to significant loss of customer and/or industry confidence,Â reputational damage, potentially severe financial losses or penalties, and litigationÂ affecting the companies involved.
The compromise of ship systems may also lead to unwanted outcomes, for example:
- physical harm to the system or the shipboard personnel or cargo â in the worstÂ case scenario this could lead to a risk to life and/or the loss of the ship;
- disruptions caused by the ship no longer functioning or sailing as intended;
- loss of sensitive information, including commercially sensitive or personal data, and
- permitting criminal activity, including kidnap, piracy, fraud, theft of cargo,Â imposition of ransomware.
The above scenarios may occur at an individual ship level or at fleet level; the latter isÂ likely to be much worse and could severely disrupt fleet operations.
Better be prepared, better be safe than sorry.
Click on below image to download full guidance paper:
For more cyber-security related Guides and circulars, click here.
Source: UKÂ Department for Transport