Another key issue at the Connecticut Maritime Association (CMA) conference held in the USA recently was that of cyber security. KVH Maritime Group was involved in a high level round table debate, which was hosted by KVH Industries and our sister company Videotel involved too.
BRIGHT BUT SCARY
The shipping industry finds itself in something of a difficult position at the moment – the future is looming large, but so too are the operational realities which need to still be addressed.
A new video released by Rolls-Royce recently has shown an incredible potential future, one with unmanned ships. These vessels are managed and overseen by Star Trek style shore based controllers. The future looks great, flashy and shiny, but some faces have been set to stunned.
There is no clear united vision of what the future of shipping will be like – some believe in the unmanned route – while others are unwilling to accept that seafarers have no future.
Whatever the shape of shipping in years ahead, there is going to be a real need to tackle cyber security, and there has been much debate about how real the threats are, and of what can be done about them.
The maritime industry tends to be a late adopter of solutions – perhaps one of the reasons for this is that it often doesn’t appreciate problems. There is a well held truism in shipping that disasters have done more for safety than any legislator. Sadly it takes tragedy to prompt a response.
This is perhaps then the backdrop to cyber security in shipping. There is a clear problem, but the industry has been slow to wake up to it because there hasn’t yet been a big enough disaster to prompt action.
Shipping sadly does not have a good track record in the recording, reporting and compiling of data either. Maritime piracy is still dogged by under or misreporting. Stowaway data across the industry is incomplete, and even safety issues go unreported. To think that such a recent threat as cyber would arrive with a neat, accepted and effective reporting mechanism would be either naïve or foolishly optimistic.
So we see a dearth of statistics, data and records. There is a black hole of information and no definitive data on the scale of the problem facing shipping, let alone any quantum of resulting losses.
ARE WE PREPARED?
In short, it would appear the answer would have to be no. There is no real indication that either threats are fully explored or understood, or that the mechanisms, protective systems and resources are in place to mitigate or counter the threat.
There are efforts to remedy this –and the fact that the industry debate is rumbling on is positive – but there is such a lot to consider, and so much to be done…and we simply do not know how much time there is to get it sorted.
It could be that the virus which will cause a VLCC to ground is already in the tankers’ ECDIS, or that the jammer which blocks a Cruise ship’s GPS has just been bought online. Or the seafarer uploading pirate movies onto the ship’s computer is about to damage the whole vessel’s stores database. Or the terrorist group are looking at pictures of ships and ports they want to target. We just do not know!
What then is the biggest cyber threat to shipping? Terrorist hackers crashing tankers into each other? Cruise ships being run aground? Cargoes being vanished or containers of drugs being allowed through ports? Well, it seems all of the above – but the biggest current single threat would have to be ignorance.
HEADS IN SAND
Without data it is hard, if not impossible, to plot trends. However, what is certain is there has been an almost exponential growth in coverage of the issue. The number of conferences, publications, articles and discussions have exploded in the past 18 months.
The trend of actual attacks or breaches may be obscured, but the fear they have engendered is clear for all to see. There need to be proper, effective and wide reaching solutions across all aspects of the industry. From training and awareness through to being able to spot threats.
There can be no head in sand approach, there is no room for complacent, and indeed any lack of appreciation will make it hard to form a coherent industry response. Thankfully things are moving, the International Maritime Organization (IMO) and the United States government have become embroiled in the move to legislate, and the Round Table of international shipping associations have produced industry guidelines – which are massively significant and positive strides.
LONG JOURNEY AHEAD
However, there is a long tail between guidance, legislation and shipboard or shipping company personnel being better able to deal with problems, or to make sure they do not threaten safety and commerce at sea.
This means that there is a massive opportunity for cyber security improvement. Companies and seafarers need to be guided, encouraged, and supported, they do not need to be scared or panicked.
The industry needs to be provided with answers, lest the all too usual three wise monkey syndrome takes hold once more. Across many challenges facing shipping there has been a tendency to err towards no-one talking about the problem, no-one looking at the threats, and with no-one listening.
To such a backdrop it becomes increasingly hard to see how answers will be found, despite being desperately needed. The fact that so many heavy hitters from the industry sat around the table in CMA was testament to the fact that we may be seeing some progress – it can only be hoped that it is in time and we do not see a disaster and tragedy at sea before real improvements take centre stage.
With so many potential issues, it is vital that seafarers are supported –and one area of potential concern is the use of pirate software and movies. Do you know what is on your ship or whether your own crew is about to unwittingly introduce a virus onboard? We would be pleased to talk to you about these issues and of how our licensed content can help you sleep better at night…