30 May 2023
Guidance on cyber risk management beyond IMO 2021
How the shipping industry can raise cyber risk management standards beyond regulatory compliance amid escalating threats to maritime cyber security demonstrated.
Inmarsat published a new report, it is the world leader in global, mobile satellite communications. Thus, the report highlights the role of the International Maritime Organization’s (IMO) 2021 cyber risk management code in providing a framework for cyber resilience but warns that there is more to combating attacks than compliance alone. Compiled by maritime innovation consultancy, Thetius. Hence, Beyond Compliance – Cyber Risk Management After IMO 2021 encourages proactivity in preventing and mitigating the impact of cyber-attacks.
“Assuring data resilience and cyber security are key preoccupations for the shipping industry… The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts. Over the 12 months between May 2020 and May 2021, cyberattacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone. To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to cyber-risk management.”Ben Palmer, President, Inmarsat Maritime.
How to be proactive
One cornerstone of this approach is Unified Threat Management (UTM). By combining solutions such as firewalls, antivirus programs, content filters, and intrusion and detection systems into a single hardware and software package, UTM streamlines the installation, configuration, administration, and maintenance of network security infrastructure. It thereby helps shipping companies, like Denmark-based Evergas, to raise security standards beyond regulatory compliance.
“Regulations provide a good starting point, but it is important from our perspective to go above and beyond the guidelines, and Inmarsat’s comprehensive Fleet Secure solution facilitates a proactive approach to network security. Being able to unify the separate parts of our network security into a single solution and deal primarily with one supplier allows our IT team to focus on optimising the day-to-day support given to our ships and systems.”Poul Rævdal, Evergas IT Manager
Continuous development in seafarer training represented another key bulwark in shipping’s cyber security defenses. Therefore, there are training programs that contain everything the crew needs to know to be aware of vulnerabilities and suspicious online behavior with best practice guidance.
Effective cyber risk management must consider multiple assailants and diverse lines of attack – targeted and random. Threat actors make continuous efforts to update strategies. Particularly, by developing malicious coding, seeking out vulnerabilities in hardware and software, and by responding to human behavior. Only by being proactive can shipping stay ahead of the cybercriminals.
The report is available to download for more details Beyond Compliance – Cyber Risk Management After IMO 2021.
New research has investigated the cases where cyberattacks in the maritime industry lead to ransom payment. Hence, shipowners pay more than US$ 3 million on average to the perpetrators.