More cyber awareness training needed to curb attacks
The webinar aimed to outline sources for potential cyber security vulnerabilities and provide guidance to mitigate against the risks
More understanding of cyber threats and recognition that they are increasing is needed, a security expert has declared.
The warning came from Steven Jones of Mc Watt and Jones, as he spoke during a maritime cyber security webinar hosted by P&I insurer The Shipowners’ Club.
He said: “We don’t know the level of cyber-attacks. The current reported amount of attacks is low but this probably due to ignorance and underreporting."
The webinar, held in partnership with Ian Hirst of MAST Security, aimed to outline sources for potential cyber security vulnerabilities and provide guidance to mitigate against the risks.
Mr Jones added: “If we’re not protecting the systems in place and isolating them so they don’t cause problems then that’s a problem in itself. All crew need to be aware of the threats they can introduce.”
The biggest danger is that navigation and propulsion are going to be affected viruses and malware render systems inoperable, he stressed. He pointed out, however, that Maersk's operations wasn’t affected when it was hit by a cyber attack recently. He suggested systems that are affected could indicate lack of technology and training for crew.
Mr Jones said it was positive that new guidelines are emerging, but emphasised the responsibility of setting up processes needs to be assigned and responsibility needs to come from the top down.
"Safety management is hugely important and a big trigger in all of this," stressed Mr Jones. "The IMO’s Maritime Safety Committee decided and I think correctly, for cyber risks to join safety management risks so that from the ISM code understanding the top down approach to safety/cyber risks that will have to be included in the safety management system so that you say what you’re meant to be doing, you do what you say and you can prove it.
"We’re going to see cyber security risks covered within the ISM code and the safety management system and that will be a positive step because we can start looking at risk assessments."