During the second SAFETY4SEA Singapore Forum, Mr. Jerome Floury, Project Manager, Bureau Veritas Singapore, discussed cyber risks in smart and autonomous shipping, providing an overview of recent cyber-attacks in the maritime industry and the potential motives of hackers. He then shared the key pillars of a proper cyber resilience program and recommendations designed to help ships [and their managers and seafarers] maintain cyber resilience throughout their operational lives.

In qualifying cyber incidents, there are two principal types: The first is a cyber safety incident when systems, software and human interaction – as well lack of competency – combines with poorly managed systems and equipment protection. The second is a cyber security incident when an asset is targeted, voluntarily accessed by an unauthorized person with intrusive or criminal intent.

The following is an example of a cyber safety incident. In 2013, in the Gulf of Mexico: an offshore worker, having loaded media files at home on a thumb drive, brought the drive on board a drilling unit (a MODU) and used it, plugging the thumb drive into an onboard computer to download media files. The following day, when resuming work, malware that had been loaded during the download hit the MODU’s network and disabled the signal sent to the DP systems leading the unit to drift off position, causing an emergency shutdown of the well with serious and direct implications for operations.

The subsequent root cause analysis clearly identified a lack of awareness of the staff and, even though the incident happened in 2013, a recent survey still indicates that more than 41% of shipping company personnel place the responsibility of cyber security on the shoulders of the Master when, in fact, it needs to be shared by everyone in the organization.

Meanwhile, the first cyber security incident worth noting is one we have all heard about – the incident in 2017 when Maersk was hit by ransomware. Ship safety was not impacted per se, but all paperwork related to cargo logistics was affected and prevented the release of containers in terminals. Maersk communicated openly about the attack and its impact and, in their estimation, they incurred a US$ 300 million loss as a consequence. They also had to flash more than 4,000 servers and nearly 50,000 computers while 2,500 applications needed to be reinstalled across their systems… (read more) Source – https://safety4sea.com/cm-digitalization-and-innovation-in-smart-shipping/