From January 2021, all vessels globally must undertake a cyber security impact assessment as part of their certification process. This has become a major issue for the shipping industry due to the increased use of technology for operational processes and increasingly, to remove the need for human intervention.
In an industry renowned for thin margins, eliminating all possible overheads through technology implementation and leverage, offers scope for increased profitability. The process of assessment is complex due to the mode of functioning of the marine fleet. Whereas corporations may have their headquarters and business units in multiple countries, fleets traverse a multitude of routes, some with higher risks than others.
Additionally, the interface between information technology and operational technology and the variances in the age of both creates opportunities for attackers to manipulate, incapacitate or sink vessels at distance. This scenario and the potential catastrophic consequences of environmental damage, loss of property and lives has prompted the increase in focus on cyber and related risks by the regulatory body.
How does this impact upon other businesses outside of the marine sector? There are a number of potential implications arising from the current and developing marine cyber regulations due to the scope and scale of supply chains globally. Firstly, the regulations apply, as per the GDPR in that a shipping company is liable unless they can prove compliance. This extends to managing suppliers throughout their supply chain. Secondly, marine also applies to inland transportation and logistics, from port to warehouses. Thirdly warehouses are included.
With suppliers being part of the shipper’s operational processes and being dependent upon each to secure their own network, your company may have unwittingly become part of the risk assessment requirements for any transportation and storage company.
This has been illustrated by the attack on Clarksons PLC, one of the largest shipping firms, which lost sensitive data and confidential information from the company’s computer network. Other major marine hacks, such the one on AP Moller-Maersk after their digitalization process: “revolutionizing supply-chain management and global trade, saving tens of millions of dollars annually with the power of data”. This attack took out 17 port termination from operation and affected the global supply chain.
As a direct consequence of such attacks and the continuing automation of the shipping sector, the major players within the marine sector have had to reassess third party suppliers and their access and supply of data, communications, services and management. The downstream effect is that, again as per GDPR, suppliers must be trusted sufficiently to trade with others within the global supply chain.
Undertaking a cyber risk assessment, mapping of business processes to IT systems and categories of use is a pre-requisite for compliance with the IMO regulations by all concerned. Using Quantar’s CyCalc® software solutions, your company can map business process to systems dependencies rapidly and at low cost, providing you with the auditable proof you need of compliance; not just to IMO regulations, but GDPR as well.
Contact us to see how we can help your business become more resilient.