“Going viral” describes the rapid spread of disease, as seen with the coronavirus outbreak, and has also been coined by the IT sector to describe computer cyberattacks. Steve Simms of Simms Showers considers the cyber security challenges facing the bunker sector.
In 2017, World Health Organization experts wrote that ‘[f]ew doubt that major epidemics and pandemics will strike again and few would argue that the world is adequately prepared.’ The COVID-19 spread once again brings vivid awareness of the profound human and economic costs of being unprepared.
Also in 2017, IMO Maritime Safety Committee adopted its Resolution MSC.428(98) that no later than 1 January 2021 flag States must ‘ensure that cyber risks are appropriately addressed in safety management systems.’
The bunker industry has relied on computerized operations for years. The dual phenomena of the COVID-19 pandemic and intense industry Internet reliance highlight the need for bunker providers to prepare now for unprecedented cyber risk.
One million more people use the Internet daily which brings challenges to cybersecurity to the maritime industry.
Cyber breaches can affect essential bridge navigation systems like GPS, and ballast water, vessel stability, and engine systems. They can also affect bunkering systems such as mass flow meters and electronic quality measurement devices.
At the center of every cyber security problem is human error.
A particularly increasing situation is where email communications are intercepted, the customer receives a spoofed email with ‘new’ wire instructions to send payment to the thief, and the bunker supplier either goes unpaid or the customer pays twice.
It can be the simple error of not picking up the phone to verify wire instructions, or of clicking on an attachment not passed through an effective malware detection and removal program, or using old and easily hacked software.
What lessons can bunker suppliers assist their customers to achieve and maintain compliance to decrease cyber risk?
Procedures to prevent or restrict the use of removable flash drives and other media, including those belonging to visitors, the awareness of email and attachments that may be virused, and maintaining a Cyber Response Plan onboard will help prevent cyber risks.
Actively promote cyber awareness and employ systems which regularly scan for viruses, and employ system limitations of points of contact with other systems, such as those of vessels, customers or suppliers.
In addition, IMO should provide robust enforcement to identify vessels which are noncompliant and should presume that all other cyber systems that one may contact, are cyber security risks.
Distance, that is, placing layers of security around entrance and exit-ways to IT and OT systems, is always better than close contact.
As Internet use continues to grow and vessel operations have even more cyber aspects, one must stay ahead of situations. What may be today an appropriate way to ensure that cyber risks are addressed probably will not be adequate or appropriate six months from now.
Overall, however, the best preparation should be undertaken along with advisors – legal and technical – who keep up with the standards and also can provide a neutral, and exacting, third party evaluation.
What is certain, however, is that just as there has been with COVID-19 and the pandemics before it, there will be more pandemics, and more cyber security challenges. The maritime industry generally, and the bunker industry, will experience increasing and increasingly sophisticated cyber security challenges, as Internet use multiples, just as COVID-19 multiplied because of presently increased world-wide human interaction.
This is an ideal time to consider in a very personal way the common sense of MSC.428(98) compliance, and steps to take now to more than appropriately address and maintain that.
To read further about our cyber security precautions and recommendations, access the full article at the link here.