At a meeting of the IMO’s Maritime Safety Committee (MSC), it was recognised that ships may also be exposed to so-called cyber-attacks.
Now, the IMO wants to prevent hostile attempts to interfere with electronic systems in the maritime industry and it has therefore drawn up interim Guidelines on risk management.
An important point of the guidelines is that potential attacks will not be aimed merely at traditional computer systems, but will also to a high degree focus on control and steering systems for, for example, navigation, machinery, communication, etc.
Ships can be hit by IT attacks
The Maritime Safety Committee (MSC) has recognised that ships can also be exposed to hostile attempts to disturb or interfere with electronic systems, so-called cyber-attacks. The Committee emphasized that the entire maritime industry must take these threats seriously. Against this background, the Committee has
drawn up interim Guidelines on risk management to prevent “cyber-attacks” in the maritime industry.
With these guidelines, the IMO supports the guidelines drawn up by the industry – inter alia headed by the Copenhagen-based BIMCO – however, without officially rubber-stamping some guidelines rather than others.
An important point of the guidelines is that potential attacks will not be aimed “merely” at “traditional computer systems”, but will also to a high degree focus on control and steering systems for, for example, navigation, machinery, communication, etc.
Today, most ships’ steering systems are computer-based and, in many cases, connected to a network. Thus, the systems become vulnerable – though they are not directly connected to the internet. In addition, thoughtless use of a USB port can cause great problems. The guidelines stress the importance of transferring the principles of operational risk management from the traditional “physical” areas to ships’ steering systems.
In short, it is all about identifying and assessing the threat scenario, “taking action” in relevant areas, following up on the effect of one’s actions and modifying the assessments and actions as an ongoing process of development. The maritime industry is already used to doing this, and the Danish Maritime Authority urges everyone to extend this way of thinking to ships’ steering systems.
Summary of MSC 96
Read more about the IMO’s prevention of cyber-attacks and the other issues considered at the meeting in the summary.