NO: DELENG / 2017 / 70663
official media partner of national maritime foundation
Jeannette Pérez Fernandez, Law and Maritime Business Specialist: Digitalization and Cyber Risks in Maritime Transport
By Sea and Coast | 16/01/2020

The maritime industry does not escape the changes that occur in the so-called fourth industrial revolution, artificial intelligence applied in the operations of the maritime sector embraces the challenges and benefits of becoming a digital industry. As the sector becomes more digitized and automated, the impact of cyber risks can cause major damage to port facilities, transportation and maritime trade.

Cyber ​​security is a key point to achieve digital transformation; thus, information security has become one of the main concerns regarding digitalization in the maritime sector, however, this technological disruption causes the maritime industry to evolve, with risk management being a fundamental factor for the safety and protection of operations on land and on ships.

To carry out their operations in an efficient manner, ships increasingly require the use of so-called cyber technologies, mainly due to the dependence on digitalization, integration and automation of the procedures and systems that already operate in maritime transport, as indicated by the International Maritime Organization (IMO) in its regulations.

Cybersecurity and security management will therefore require more attention as new technologies are introduced in organizations, taking into account the global connectivity infrastructure revealed through digital models and commercial platforms achieving greater connectivity, using technologies such as the internet of things, blockchain and big-data, which placed at the service of commerce and maritime transport drive digital transformation.

Cyber ​​risk constitutes a threat to the maritime industry, which is why the IMO, through the Maritime Safety Committee, developed guidelines aimed at management of cyber risks to the possible threats and vulnerabilities to which navigation is exposed and therefore the safety of maritime transport.

That IMO has defined maritime cyber risk as: “any threat of a technological asset due to a possible circumstance or event, which could cause operational, safety or security failures of maritime transport when corrupted, lost or endangered information or systems".

The general objective is to contribute to the safety and protection of maritime transport, operationally resilient to cyber risks, so that the maritime industry in general is urged to undertake work that means safeguarding the transfer by sea from current cyber threats and vulnerabilities. and emerging, as established by the Maritime Safety Committee in Resolution MSC.428 (98), approved in April 2017, called “Guidelines on the Management of Maritime Cyber ​​Risks”.

Resolution MSC.428 (98) establishes the recommendations for addressing the maritime cyber risks in security management systems, further recognizing that precautions are necessary to safeguard confidentiality, suggesting Management to ensure that Cyber ​​risks are duly addressed in security management systems no later than the first annual verification of the company's compliance document after January 1, 2021.

Events that compromise cybersecurity can severely affect a company's performance, so that resilience, understood as the ability to resist disruptions and recover operations, is also present in the maritime transport sector, which has been exposed by cyberattacks that put operations at risk and, depending on their scope and penetration, can have catastrophic consequences.

IMO also approved Resolution MSC-FAL.1. Cir.3, through the Facilitation Committee, in June 2017, although they point out that technologies and systems offer important advantages to the maritime sector from the point of view of effectiveness, it is no less true that, it recognizes that there are risks for crucial systems and procedures linked to the operation of systems that are an integral part of maritime transport.

On the other hand, IMO in its publication on the International Code of Security Management (ISM Code) and its guidelines for its implementation (2018), establishes that the management of cyber risks is: “… the process of identification, analysis, evaluation and communication of cyber risks and acceptance, avoidance, transfer or mitigation of those risks to an acceptable level, taking into account the costs and advantages for those interested in the actions undertaken”.

The Code (ISM) makes reference among its objectives that the safety management system approved in some type of vessel requires taking into account the management of cyber risks, taking into account the functional requirements established in the IMO Resolutions. In other words, shipping companies should consider the aforementioned guidelines as complementary, as well as any other mechanism that contributes to the effective management of cyber risks that affect maritime operations and the exchange of information.

The Baltic and International Maritime Council (BIMCO), published the guide on Cybersecurity on board ships, which aim to help shipowners protect themselves against potential hackers, being considered as additional guidelines and standards that point out procedures of cyber risk management.

The Resolution, as well as the ISM Code, makes a distinction between information technologies, noting that it focuses on data as information, being different from what makes up the systems of operational technologies, since they focus on the use of information technology, data to control or monitor physical processes, taking into account that, there must be protection of the information and the data exchange in the systems.

The Guidelines on the Management of Maritime Cyber ​​Risks were designed to promote safety and protection management practices in the cyber field, in a generalized manner, depending in any case, if the ships have simple or more complex management systems, it is say that according to the complexity other functions can be carried out that allow in any way to protect the safety of ships.

Threats can occur due to hacking or introduction of malicious software, in addition to other causes that, although might not have intention of causing them, can also cause damage to systems, such as user permissions or maintenance of computer programs. Hence, one of the systems that may be involved in a cyberattack, is the navigation on the ship's bridge and the cargo management or handling systems.

The systems that exist for the operation of ships are especially vulnerable to possible cyberattacks, compromising security and, since they do not have their own data encryption or signal authentication mechanisms, the possible consequences of these attacks for maritime safety, Port infrastructure and international trade could be devastating.

The transport and logistics sector, as well as other productive sectors, are now on the radar of hackers. It is precisely this vulnerability to which operational and information technology is exposed, which compromises security in some of the systems considered crucial, several of them are expressly indicated in the Guidelines on Maritime Cyber ​​Risk Management.

The use of other technologies that are applicable in the field of cybersecurity, among which the blockchain stands out, becoming a tool for safer transmissions due to its cryptographic base, where protection against certain hacking attacks or, even the suppression of the need to use passwords, are necessary before the number of intermediaries in the global supply chains, so it is not surprising that the industry is turning to the blockchain.

Cyber ​​risk and companies are increasingly vulnerable, ships are more interconnected, being in danger even the safety of seafarers. It is important that the maritime transport sector make the necessary investments to counteract the cyberattacks to which they are exposed, reinforcing the security measures of the systems that are technologically operated.

It is necessary to train personnel in risk management and change cyber security behavior with the new digital processes, which are being used in ports, in the logistics chain and navigation.

Cybersecurity, networks and data management will be vital for maritime transport, computer threats are evolving in an accelerated digital landscape, there is a need to protect against external interference, such as viruses, piracy and terrorist attacks, to continue complying the main function of maritime transport, as it is, the commercial flow and the exchange of merchandise worldwide.