Satellite and communications provider Inmarsat has published a new report providing cyber-resiliency guidance.
Compiled by maritime innovation consultancy Thetius, ‘Beyond Compliance – Cyber Risk Management After IMO 2021’ encourages proactivity in preventing and mitigating the impact of cyber-attacks.
“Assuring data resilience and cyber security are key preoccupations for the shipping industry,” said Ben Palmer, President, Inmarsat Maritime.
The company warned that there is more to combating attacks than simple compliance with the 2021 International Maritime Organization (IMO) codes.
“The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts,” he said.
Over the 12 months between May 2020 and May 2021, cyber-attacks targeting the maritime sector increased by 168 per cent in the Asia-Pacific region alone.
“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to cyber-risk management,” Palmer said.
The company promoted its own Unified Threat Management (UTM) solution. By combining solutions such as firewalls, antivirus programs, content filters, and intrusion and detection systems into a single hardware and software package, Inmarsat’s Fleet Secure UTM streamlines the installation, configuration, administration, and maintenance of network security infrastructure.
The report also noted that one of the greatest vulnerabilities in supply chains is through staff.
In 2021, maritime security consultants, Waterways, conducted a penetration test across one carrier’s fleet of 100 vessels. They sent 292 emails to the fleet nodes and tracked an open rate of 92 per cent. A link was contained in the email which was clicked by 90 of the recipient seafaring officers. 44 of them went on to access the website and enter in sensitive information
In combatting this, Inmarsat said its Fleet Secure Cyber Awareness training programme contains everything the crew needs to know to be aware of vulnerabilities and suspicious online behaviour with best practice guidance this training module is offered free to all Fleet Secure Endpoint users.
In a report published earlier this year by Thetius, 3 per cent of surveyed shipowners that had fallen victim to a cyber attack in the last three years reported having ultimately paid the perpetrator – at an average cost of $3.1 million. Even where a ransom was not paid, the cost of combatting the threat averaged $1.8 million.