No more excuses; shipping needs a cyber reporting scheme now
Martyn Wingrove 27 Jun 2018 http://www.marinemec.com/news/view,shipping-needs-cyber-reporting-scheme...
All shipping companies face cyber threats, regardless of the location of their operations or the size of their assets.
Clearly, then, it would be advantageous to the industry to have a shared forum for reporting cyber attacks.
To those who fear a public relations nightmare for their brand or business: the forum would be anonymous. It would not name those affected by an attack.
To those who cannot see a benefit: What about the safety of your crew, your vessel and the general public?
To those who do not see a business rationale: A forum would allow the industry as a whole to more quickly follow cyber criminal tactics and find strategies to mitigate them. Costs to address cyber crimes would drop for everyone.
Frankly, I do not see an argument against the idea.
In fact, calls for a forum of this kind are routine by now, and I have personally heard shipowners, class societies and organisations such as Intertanko advocate for a shared forum in the past.
Just this month, two major tanker operators at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit expressed their concerns and summarised the cyber challenges they currently face, giving yet another call for the shipping industry to have a recognised but informal reporting platform.
It is essential that shipping gets to grips with the growing number and sophistication of cyber threats and that owners can learn from the problems faced by others in the industry, they said.
As one tanker IT manager explained: larger shipping companies have the resources for tackling these cyber threats head-on and, and smaller operators will likely find comprehensive cyber security measures difficult to fund. These businesses were advised to prioritise funding security such as firewalls, antivirus software, passwords and training for crew.
So why not use the intelligence being gathered by the big players to benefit all?
If a catalogue of incidents and the learnings taken from them was on hand by way of an informal cyber attack reporting platform, small players could focus their investments on prevention and the industry as a whole would be safer as a result.
In that outcome, everyone wins.