Cyber Blog
Would you buy fire insurance if you genuinely believed your house could not burn? Would you buy fire insurance if you believe fire damage can be quickly and efficiently repaired?
Obviously, you would answer “no” to both questions if you agreed with the underlying premise that fires either cannot happen, the likelihood of them happening being extremely small or the damage done being limited.
From 1st of January, 2021 cyber security will be a new requirement for all Safety Management Systems, according to IMO Resolution. In SAFETy4SEAs special column SeaSense, in association with The North of England P&I Club, they ask global experts to provide feedback on the following question: “Is the shipping industry prepared for the IMO Resolution taking effect from January 2021 that states cyber security should be included in safety management systems (SMS)?”
Keeping data safe and systems protected is a key challenge for global companies. Yet, many companies are not prepared for an attack on their infrastructure. We have spoken to shipping and cyber security expert Lars Jensen of Improsec about the state of cyber security in global shipping and logistics. He explains why the next attack in the industry is not a question of ‘if’ but ‘when’.
Cyber criminals look for the weakest point of entry – just like burglars in the physical world. A few simple tests might illustrate, how mature an organization’s approach to cyber security is. However, an analysis shows a critical current-state, and highlights improvements how to strengthen your cyber security.
Ransomware attacks against shipping companies have spiked in number and severity over the past year, according to security firms. Norwegian shipbuilder Vard, part of Italy’s Fincantieri, was hit last week but has declined to give details. Lars Jensen, a maritime security adviser at Danish cybersecurity firm Improsec, said there had been more cyber attacks on shipping in recent years, but an increase was hard to gauge as many attacks went unreported
Cyber risks in shipping are as real and present as ever. The risk of having your full operations brought to a standstill is genuine. The risk of having your ships rendered inoperative, or ineffective, is genuine.
Our experience from Improsec is that if you have never had your systems properly tested against a cyber-attack, you are unlikely to have a good overview of your actual vulnerabilities. However, our experience is also that many of the vulnerabilities can be alleviated if a proper plan is drawn up based on the actual vulnerabilities found, whereas a plan made only on the basis of assumptions is likely to miss the mark.
