North P&I Club has set out the growing range of cyber risks now facing shipowners in a new loss prevention briefing published today (09 June 2016). Entitled Cyber Risks and Shipping, the briefing outlines the increasing sophistication of cyber criminals and raises the need for mitigation measures to be taken by shipowners.
According to North’s loss prevention director Tony Baker, ‘When we talk of cyber risks we mean any accident, incident, financial loss, business disruption or reputational damage which arises through the failure of electronic systems or through their manipulation. The risks of on-board electronic equipment failure are generally well known in the shipping industry, but unauthorised access or malicious attacks are relatively new threats.’
Baker says P&I policies cover liabilities arising from cyber risks in the same way as those arising from traditional risks, subject to P&I club rules. ‘The rules generally require members to show they have taken all reasonable measures to prevent losses and liabilities arising. Given the increasing use of technology on board and the potential impact of cyber risks on vessel operations, a proper cyber security policy should now be a key feature of an owner’s risk management programme.
Deputy loss prevention director Colin Gillespie says, ‘Our new loss prevention briefing therefore focuses on raising awareness of the cyber threats of unauthorised access and malicious attack. It includes a summary of the shipping industry’s Guidelines on Cyber Security onboard Ships, which was published by BIMCO in February this year. This recommends a six-step cyber-security process: identify threats, identify vulnerabilities, assess risk exposure, develop protection and detection measures, establish contingency plans and respond to cyber security incidents.’
Gillespie points out that cyber threats can come from activists, hackers, criminals, terrorists and governments as well as disgruntled employees. ‘Common to all however is that they will target unwitting employees as the easiest way to gain access to company and shipboard systems. It is therefore essential that all staff, both ashore and afloat, understand the potential threat and the need for proper security procedures.’
North’s new briefing also includes examples showing that GPS, ECDIS and AIS are all vulnerable to hacking, meaning that ship and cargo operations can be disrupted without their owners, operators and even crew members being aware until it is too late.
‘Though the risk of catastrophic incidents cannot be ruled out, it is far more likely that companies will be at risk from criminal activity such as small-scale fraud, drug, weapons, contraband and people trafficking, and cargo theft, ’ says Gillespie. ‘As more and more potential cyber risks are identified, shipowners will be expected to operate sensible and properly managed cyber risk procedures and systems in their offices and on ships.’
He adds that such procedures and systems could also be a focus for the authorities in Europe and the USA. ‘If they have not already done so, shipowners should start reviewing their cyber security now.’
1. Cyber Risks in Shipping is available for free download from North’s website at www.nepia.com/publications/
2. North P&I Club is a leading global marine insurer providing P&I, FD&D, war risks and ancillary insurance to 131 millionGT of owned tonnage. North acquired Sunderland Marine in February 2014 and formed the North Group. Through Sunderland Marine, North is also a leading insurer of fishing vessels, small craft and aquaculture risks. The Standard and Poor’s ‘A’ rated club is based in Newcastle upon Tyne, UK with regional offices in Greece, Hong Kong, Japan and Singapore and Sunderland Marine offices worldwide. North is a leading member of the International Group of P&I Clubs (IG), with 11.5% of the IG’s owned tonnage. The 13 IG clubs provide liability cover for approximately 90% of the world’s ocean-going tonnage and, as a member of the IG, North protects and promotes the interests of the international shipping industry. For further information visit: www.nepia.com