Written By Christian Glies for 57th issue of ESTIEM Magazine

Our daily life is influenced by Computers and digital systems. We can order things we do not need on Amazon and receive them just a few days later. Many of these goods are shipped by the Maritime Industry, for example from Asia or North-America.

As we all make our experiences with malware, so does the maritime industry. There were different occasions, where drug traffickers hacked port security systems to mark Containers as “checked” by Customs authorities or shipping lines whose servers were hacked and that were unable to operate afterwards which lead them to switch back to pen and paper.

But how does the Maritime Industry respond to these growing threats, while keeping track of the latest innovations like digitalization, the Internet of Things and integration of operations and different systems? Even the idea of a Maritime Cloud is being discussed, which is actually in development already. The absolute security of the digital system cannot be ensured as it can be understood.

In fact, the International Maritime Organisation (IMO) has responded to these growing threats by naming several counter-measures, with the most important one being probably the most obvious one,: Raising awareness. Often the biggest danger to a digital system is still sitting right in front of it. People who open email-attachments or who use USB-Sticks that they shouldn’t, are often the easiest way for an attacker. Also, the International Maritime Organisation recommends naming a responsible person, who is to identify all critical and important systems that might affect shipping transport. This is why several shipping companies have started to introduce the position of a Digital Security Officer.[CG1]

Furthermore, the Maritime Industry is trying to implement a process and several activities that ensure ongoing operations in case an attacker is successful. This can include back-up systems, as well as several layers of defense. In addition, Red Teaming is being used, which is a team of friendly hackers that are supposed to identify possible weak spots in the digital infrastructure in order to be fixed them afterwards. The infrastructure itself is to be watched by a devoted team in order to detect any possible attack.

In case that all these measures prove to be ineffective, a company from the Maritime Industry, no matter if it is a shipping line, port authority or any other part of the Supply Chain, is advised to identify potential measures to rebuild its own infrastructure in short time and with as little struggle as possible.

However, here again, we can see that sometimes raising the awareness is not really in place, yet. Often budgets for IT-Security are very low or even cut from time to time because Top-Management does not recognize the potential threat to value-creation in the case of a hackers-attack. In fact, Top-Management often needs some kind of a culture change in order to be a good example of Cyber Security.

Apart from the recommendations of the International Maritime Organisation, some companies choose to follow a different way or to be more precise — an additional way. Several shipping lines and carriers have decided to join forces and to start coopetition in terms of Cyber Security to develop a joint system for their security. Coopetition describes that these companies do compete against each other on the market, but they do cooperate on several terms in order to lower their own costs and to reach a level of economies of scale. Of course, this also means that they become a more interesting target again towards hackers, since hackers would be able to gain access to the data of several companies or authorities at once.

So as we can see, the general threat of a cyber-attack has been recognized by most in the Maritime Industry, but not by all. The first steps have been taken, but many are yet to go. Especially in the very traditional Maritime Industry things might take a while, but it is already now moving in the right direction.

One point that the Maritime Industry will benefit from is the growing interest of politics for the field of Cyber Security, as many governments are preparing measures to support the private industry in its means to ensure ongoing operations, even in case of a successful cyber-attack.