No vessel is immune: The reality of maritime cyber risk

Technology innovation is everywhere. Improved connectivity, data sharing and digitalisation are actively improving every corner of maritime operations. But with it brings an increased risk of cyberattacks. Panagiotis Anastasiou, Cybersecurity Strategy Leader, Bureau Veritas Marine & Offshore, shared insights from his vast career, discussing how the industry’s technology revolution is evolving and what industry leaders can do to protect themselves.

Proactivity Vs Reactivity

“We introduced high-speed internet, we introduced connectivity, but neglected to secure everything before implementing this connectivity and this created problems.”

Panagiotis continued, “The industry sees cyber as a financial burden and not the added value that cyber security brings, only caring when they get impacted.” This mindset is rooted in an industry that still sees cyber as an unnecessary cost, with everyone thinking it won’t happen to their vessels.

In reality, this is not the case. Nobody is immune.  Panagiotis shared his experience at Bureau Veritas: “We see ransomware attacks distributed everywhere. Onboard vessels impacting business networks impacting operations and I’m not talking about the safety or stability of the vessel while sailing. I’m talking about pure operations on board the vessel.”

Legacy Systems, Legacy Protection

This ‘it will never happen to me’ mindset is outdated, much like the technology infrastructure onboard. “A big issue we see is legacy systems in maritime. Cybersecurity doesn’t exist for this technology. It was not foreseen as a potential issue, so they were developed with no cybersecurity protections in place.”

So how can you protect software that was never designed to be protected? Panagiotis advised, “You need to implement some safeguards and countermeasures to ensure that you are also protecting legacy systems because you could be basing the security of your entire operations on these systems.”

Location, Location, Location

Organisations can spend millions investing in the latest hardware and platforms, all with built-in cyber resilience, but when an attack occurs, the extent of damage can often fall down one key uncontrollable – location.

Panagiotis explained, “The mitigation and the response time on board the vessel depend on many factors. One of these is being in an area where you have good connectivity. You also have to be in a region where you can approach a port where you can implement any parts or maintenance on systems. So it’s not that easy.”

Change Starts From Within

Too often, individuals look to their IT teams and senior leaders to manage cyber risks for the entire organisation, but too often, the effectiveness of these internal processes is impacted by employees, more specifically, their willingness to embrace cybersecurity.

“Cybersecurity is not something that only companies should be worried about. It’s an individual concern. So, it’s not just a matter of training; it’s a mentality issue. It should be a way of thinking, a way of behaving on a daily basis.”

For industry leaders, it isn’t on you to take on the burden of cybersecurity alone, but it is your responsibility to change the hearts and minds of your employees. “Leaders should be embracing cybersecurity… The industry still sees cybersecurity as just one tick on the checklist that we have to do. That’s not the purpose or the true meaning of cybersecurity.”

Panagiotis’ final advice is to be proactive. Don’t wait for regulations to tell you what you need to do. “Keep in mind, cybersecurity is not a matter of regulation. It’s a matter of personal engagement on protective assets and people… Because in the end, if you care, you should engage yourself to protect.” 

Cybersecurity doesn’t just protect your operations, it protects your source of income, your personal data and your future.

source : thedigitalship