Cyber Security Awareness for Seafarers
Cyber attacks on ships can put the safety of everyone on-board at risk and impact important responsibilities in running a ship. Since January 2021, cyber security has fallen under the ISM Code, which aims to provide an international standard for the safe management and operation of ships.
The incorporation of cyber security into the International Safety Management Code makes it an essential aspect of risk management that ship owners and managers must take into account. A key aspect of the management of cyber risk is raising awareness of cybersecurity through specialist training. Along with our maritime training courses, at VIRSEC, you can learn cyber security awareness and strategy for vessels.
What are the New IMO Regulations for Cybersecurity?
Ever since January 2021, owners and managers have had to comply with industry best practices in assessing the vulnerabilities of their systems. In practical terms, this means risk assessing their IT, which includes both operating and communications systems.
But because cyberthreats can come from external sources, this also will cover all interactions with customers, suppliers, port operators and others. The new regulations apply to all commercially-operated vessels over 500 gross tonnage (GT). Potentially vulnerable systems on board vessels include:
- Bridge systems
- Power control and propulsion
- Access controls
- Administrative systems
- Communications
- Cargo handling and management
- Passenger service management.
What Makes Cyber Attacks on Ships Such a Threat?
There are various ways in which ships are vulnerable to cyberattack, from taking control of on-board satellite communications to exploiting vulnerabilities in access control networks. A vessel’s Information Technology (IT) and its Operational Technology (OT) can both be at risk, and the threat that a cyberattack poses can impact passengers, crew, shoreside facilities, as well as owners.
The implications of cybercrime can be long-reaching. There can be an immediate loss of revenue, for example, if hackers find their way into private information, but there are also issues such as reputational damage to consider. There are also risks to personal safety and even the potential for loss of life as a result of cyberattacks enabling acts of maritime piracy.
How to Improve Cyber Security Awareness
There are many steps that can be taken to improve cyber security awareness. With cyber attacks on ships being a massive threat that isn’t going away any time soon, understanding how best to prepare for a cyber attack and how to counter one if it takes place is crucial.
The best way to combat cyber attacks on ships is by undertaking cyber security training courses, which give you the best chance at staving off or combating cyber attacks quickly. But there are other methods that can help prevent cyber security attacks on ships.
Running simulations of a cyber attack, known as “phishing simulations,” can give you hands on experience dealing with a cyber attack, ensuring you can put your training and awareness into action when called upon. A risk assessment course can help you and everyone on-board foster a safer security culture. This can be as simple as two factor authentication for passwords, ensuring you log out of everything when using a computer and never leave compromising information open or stored in an easily accessible place.
The Importance of Training
Robust cyber risk management requires dedicated training of all personnel involved. Fundamentally, this needs to focus on awareness, including a general knowledge of cyber threats, best practice for reducing risk and how to identify cyberattacks when they happen.
Then there is the whole management of cyber security, including how to develop a Cyber Security Assessment and Plan, and understanding what the most appropriate measures are for tackling these types of threat. It is also vital that the right roles and responsibilities are in place, along with clear processes.
Managing cyber security and cyber risk is an ongoing commitment, requiring that all those involved stay up to date with technological and regulatory developments. With new methods for breaking down defences being constantly tried and tested, it is essential that cyber security training evolve with them.
Raising Awareness of Cyber Risk
Protecting vessels against cyberattacks is not simply a matter of compliance. While the addition to the IMS Code helped give much needed importance and guidance to the issue of cyber security, what really matters is how individuals approach the threat. And nor is it only a technological issue. Although technology can offer degrees of protection against cybercrime, what makes the real difference is the human factor.
Seafarers, operational staff, and others involved in the port and maritime sectors need to be up to speed on cyber risk so that they can work proactively to protect their industry against it. Compliance generally deals with risks that are already known, but cyber criminals keep evolving their methods, just as digital technology itself keeps evolving.
On the other hand, a clear, risk-based strategy should equip crew and others with the skills they need to proactively identify potential risks, going beyond minimum requirements.
Find Cyber Security Training at VIRSEC
Cyber security training can be an issue for the port and maritime sectors. Typically, it is a challenge to co-ordinate face-to-face training sessions for seafarers due to the nature of the job; you are unlikely to find many at port at the same time, making classroom-based training even more complex. Thankfully, VIRSEC is on hand with the ideal solution, e-learning. By taking away the need to learn in person and instead through dedicated online courses, our maritime cyber security awareness and strategy courses are instantly accessible, overcoming any access issues for individuals and enabling them to learn and absorb skills highly effectively at their own pace.
Our vessel cyber security and awareness courses have proven effective and provide a versatile but rigorous virtual training solution for seafarers and other personnel.
For more details about our specialist online maritime training, please contact us by phone at +44 (0) 161 763 4427 or fill out our contact form, and we’ll be back in touch as soon as possible.