The biggest challenge with maritime cyber security could simply be explained as deciding what to do about it.
On one hand we have massive dangers, such as using a ship as a weapon – but do we need to worry about this, considering we already give seafarers control of the vessel?
On the other hand we have a consistent stream of phishing attacks, virus fraud attempts and viruses. But considering that operational software is actually not critical to operations in most companies, in that a shipping company could function for days just with paper and telephone if it had to, how much of a risk is that really?
And what do we do about ‘people’? It is common to hear security professionals complain about the silly mistakes that people make, but rather than send people on courses to hear advice they soon forget, it may be better to block USB drives and access to external e-mail, and implement software whitelists, rather than give people freedom and complain when they make mistakes.
There are some very specific risks – such as viruses on an ECDIS or GPS spoofing – which are possible to mitigate, so long as we are aware of them.
There are also some serious threats of attacks by government organisations, such as for tanker companies in service of national oil companies owned by target governments. But perhaps these attackers have better targets than shipping companies.
Our Athens Maritime Cyber Resilience Forum on May 7 aims to provide perspective about where the real threats are in the maritime industry, and what to do about them.
No admission charge for ship owners, operators, managers and builders.
To register: https://www.athens.thedigitalship.com/register/