KVH Industries hosted maritime industry leaders for a frank discussion about cyber security prior to the start of the CMA Shipping 2016 conference in Stamford, Connecticut, on the morning of March 22, 2016, which focussed on industry best practices to tackle cybercrime.
During the roundtable, a range of concerns about the current level of vulnerability emerged. Among the key issues identified were complacency by ship operators, lack of training for crew, non-existent contingency plans for dealing with a cyber attack, and the need for a set of best practices for minimising risks.
Rick Driscoll, Vice President of Satellite Products and Services at KVH, said: “We need to bring the same best practices that we expect on shore and in our corporate networks to ships. Ship operators need to make sure there’s a process that is consistent throughout their organisation, especially as ships are increasing their data usage.
“For example, a vessel’s digital systems must be configured to ensure personal devices brought onboard by the crew use a network separate from ship operations, and that individual passwords are utilised when logging onto the ship’s computer systems, rather than relying on one password common to the ship. Those practices would be standard procedure anywhere else.”
Several panelists mentioned that the issue is only beginning to be understood by the industry.
Peter Hinchcliffe, Secretary General for ICS, said: “I think currently ships are relatively low-tech, and there is a high degree of complacency. As ships get more high tech, which is happening rapidly, we very much need guidelines and contingency plans.”
To instill safe cyber behaviour among on-board personnel, panelists mentioned the importance of training.
Nigel Cleave, CEO of Videotel, a KVH company, said: “With increased emphasis on minimising cyber risks, education and training of the seafarers is vital, but it must be supported from the top. Crew need to be aware of the risks, for example, of bringing unlicensed material on-board, which could introduce a virus or other problem.”
Training will also be a major theme at PTI’s upcoming C-level terminal training and automation conference on June 8, this year at the Grange City Hotel in London.
Videotel is currently collaborating with BIMCO on a maritime training program about safe cyber practices for seafarers, using the recently published “Guidelines on Cyber Security Onboard Ships,” as a point of reference. The guidelines were produced by several maritime groups, including BIMCO, ICS, and Intertanko.
One particularly challenging aspect discussed by the panel is the fact that maritime regulations may never be able to keep up with the fast pace of cyber crimes, which are continually evolving.
Regulations must be accompanied by a shift in mind-set, panelists noted, so that awareness is raised on every level, whether it is about the personal devices brought on-board or a malicious attack that could compromise a ship’s navigation system.
Industry guidelines, it was felt, should ensure that vessels have cyber attack contingency plans in place and are doing drills just as they do for other types of safety risks on-board.
Rick Driscoll said: “Regulations can set minimum levels of security practices, and industry guidelines can build on that. Just as on land, it is impossible to be 100% protected against cyber risks. However, establishing contingency plans and following cyber safety measures will give vessels a much higher level of protection.”
Fact File: KVH Industries is a leading provider of in-motion satellite TV and communications systems, having designed, manufactured, and sold more than 200,000 mobile satellite antennas for applications on vessels, vehicles, and aircraft. Videotel is the provider of training films, computer-based training and e-Learning. KVH is based in Middletown, RI, with research, development, and manufacturing operations in Middletown, RI, and Tinley Park, IL. The company’s global presence includes offices in Belgium, Brazil, Cyprus, Denmark, Hong Kong, Japan, the Netherlands, Norway, Singapore, and the UK.