As technology has been increasingly incorporated into the shipping industry, in an attempt to reduce human error in the management and navigation of vessels, there have been nefarious attempts (some successful) to discover and exploit cracks in these computerised systems. Cyber attacks have become an expanding and real threat to vessels which have shifted the risk from internal vulnerabilities to external ones.
In efforts to ensure that the technology incorporated into vessels is as robust and capable of meeting these new types of threats, the International Association of Classification Societies (IACS) has publicised a new recommendation on how to build cyber resilient ships. This is an attempt to ensure a set of standardised criteria can be met to combat deficiencies and weaknesses in systems incorporated into new buildings. It applies to the use of technical systems that provide important functions on board such as control, alarm, monitor, safety and internal communication.
According to the publication, it
‘is to provide technical requirements to stakeholders which would lead to delivery of cyber resilient ships, whose resilience can be maintained throughout their service life’.
It is meant to provide
‘crew and ships the capabilities to effectively cope with cyber incidents occurring on computer-based systems onboard which contribute to operate and maintain the ship in a safe condition’
– in a context of prevention rather than cure.
The recommendation is written with recognised elements of effective cyber risk management in mind – Identify, Protect, Detect, Respond and Recover. These are also used in the IMO and the industry guidelines.
Source: The Standard Club