Cybersecurity panel cites 'high degree of complacency' in maritime industry

The following is the text of a news release from KVH Industries:

(MIDDLETOWN, R.I.) — KVH Industries Inc. hosted maritime industry leaders for a frank discussion about cybersecurity prior to the start of the CMA Shipping 2016 conference in Stamford, Conn., on Monday. During the roundtable, a range of concerns about the current level of vulnerability emerged. Among the key issues identified were complacency by ship operators, lack of training for crew, non-existent contingency plans for dealing with a cyberattack, and the need for a set of best practices for minimizing risks.

“We need to bring the same best practices that we expect on shore and in our corporate networks to ships,” said Rick Driscoll, KVH vice president of satellite products and services. “Ship operators need to make sure there’s a process that is consistent throughout their organization, especially as ships are increasing their data usage. For example, a vessel’s digital systems must be configured to ensure personal devices brought onboard by the crew use a network separate from ship operations, and that individual passwords are utilized when logging onto the ship’s computer systems, rather than relying on one password common to the ship. Those practices would be standard procedure anywhere else.”

The panelists participating in the roundtable were: Gerardo Borromeo, president, InterManager; Nigel Cleave, CEO, Videotel; Rick Driscoll, KVH; Angus Frew, secretary-general, BIMCO; Peter Hinchliffe, secretary-general, International Chamber of Shipping (ICS); Viraj Nilakanta, manager of business development, Fleet Management Ltd.; Denis Petropoulos, president, Braemar Asia; Esben Poulsson, president of the Singapore Shipping Association; and, Katharina Stanzel, managing director, Intertanko. Sean Moloney, editor of Ship Management International, was the moderator, and will be producing an article and white paper on the topic.

Several panelists mentioned that the issue is only beginning to be understood by the industry. “I think currently ships are relatively low-tech, and there is a high degree of complacency,” said Peter Hinchliffe, secretary-general, ICS. “As ships get more high-tech, which is happening rapidly, we very much need guidelines and contingency plans.”

To instill safe cyber behavior among onboard personnel, panelists mentioned the importance of training. “With increased emphasis on minimizing cyber risks, education and training of the seafarers is vital, but it must be supported from the top,” said Nigel Cleave, CEO of Videotel, a KVH company. “Crew need to be aware of the risks, for example, of bringing unlicensed material onboard, which could introduce a virus or other problem.”

Videotel is currently collaborating with BIMCO on a maritime training program about safe cyber practices for seafarers, using the recently published “Guidelines on Cyber Security Onboard Ships,” as a point of reference. The guidelines were produced by several maritime groups including BIMCO, ICS and Intertanko.

One particularly challenging aspect discussed by the panel is the fact that maritime regulations may never be able to keep up with the fast pace of cyber crimes, which are continually evolving. Regulations must be accompanied by a shift in mindset, panelists noted, so that awareness is raised on every level, whether it is about the personal devices brought onboard or a malicious attack that could compromise a ship’s navigation system.

Industry guidelines, it was felt, should ensure that vessels have cyberattack contingency plans in place and are doing drills just as they do for other types of safety risks onboard. “Regulations can set minimum levels of security practices, and industry guidelines can build on that,” said Driscoll. “Just as on land, it is impossible to be 100 percent protected against cyber risks. However, establishing contingency plans and following cyber safety measures will give vessels a much higher level of protection.”

By Professional Mariner Staff