IMO is being warned of ‘scary’ potential of maritime cyber-attacks, says marine insurance expert, By James Brewer
Cyber-security is set to come under the microscope at the International Maritime Organization in 2015, marine insurers have been told.
A little-publicised document submitted to an IMO committee by representatives of Canada has underlined concerns, senior insurance expert Nicholas Gooding has told the International Union of Marine Insurance.
Mr Gooding is the IUMI alternative representative at IMO. He is responsible for monitoring developments at IMO and ensuring the industry’s viewpoint is heard, alongside IUMI secretary general Lars Lange and IUMI political forum chairman Helle Hammer.
Canada presented its paper, Measures toward enhancing maritime cyber-security, to the 39th session of the IMO facilitation committee in September 2014.
In his report to the 2014 annual conference of IUMI in Hong Kong, Mr Gooding said: “The paper examined the impact caused by a cyber attack or attacks to the maritime industry, and I have to say it was pretty scary stuff.”
The Canadian presentation called for voluntary guidelines on cyber-security practices to protect and enhance the resilience of electronic systems of ports, ships, marine facilities and other parts of the maritime transport system.
It is understood to have suggested that cyber issues are brought into the coverage of the International Ship and Port Facility Security Code (ISPS).
Introduced as a response to fears of the US and other nations of possible terrorist attacks such as the planting of bombs inside containers, ISPS was enshrined in a mandatory security regime for international shipping which entered into force in July 2004 and included amendments to the 1974 Safety of Life at Sea Convention (Solas).
ISPS contains mandatory security requirements for governments, port authorities and shipping companies, with guidelines on how to meet these requirements in a second, non-mandatory section.
It provided a methodology for security assessments so as to have ready plans and procedures to react to changing security levels; and to ensure confidence that adequate and proportionate maritime security measures were in place.
iSPS requires officers to be designated on each ship, in ports and in shipping companies “to prepare and to put into effect the security plans.”
All IMO member states are entitled to attend its facilitation committee, which has agreed to include cyber-security on its agenda “recognising it as a relevant and urgent issue for the Organization, in order to guarantee the protection of the maritime transport network from cyber threats, ” according to its minutes.
Cyber-security is exercising the Security Association for the Maritime Industry which represents more than 180 maritime security companies and associated providers. It says that cyber-security will move closer to centre stage as the sophistication of systems grows..
SAMI has reported on worries that terrorists could use high-powered jammers to disrupt the global navigation satellite system and Global Positioning Satellite reception, and that terrorists could introduce a virus into the coding of vessel systems.
SAMI wants to work with industry partners to raise awareness, develop best practices and an industry-wide scheme to identify critical assets, harmonise flag state policies, and have roles and responsibilities specified.
Welcoming the filing of the report by Canada, Mr Gooding told the IUMI conference: “Certainly at a time when marine insurers are increasingly being asked to cover this risk, it is a paper well worth reading.”
Mr Gooding said that the main areas he and his IUMI colleagues have been following at IMO were the planned Polar Code, places of refuge for ships in need of assistance (“again a hot topic following the Maritime Maisie casualty”), piracy and armed robbery against ships, verification of the gross mass of containers, implementation of the International Maritime Solid Bulk Cargoes Code, and out-of-specification fuels.
Mr Gooding noted that there was much uncoordinated information flowing through IMO on marine casualty statistics and port state control actions, but “very little worthwhile statistical data coming out.” The IUMI team forwarded all these papers to the IUMI facts and figures committee “and this may be an area where IUMI can make a difference at IMO.”