The International Maritime Organization (IMO) adopted Resolution MSC.428(98) aimed to address cyber risks in the marine industry. The IMO resolution effectively addresses cyber risks as a part of safety management systems within the ISM Code. Under Resolution MSC.428(98), administrators are to ensure their existing safety management systems appropriately address marine cyber risks by their 2021 annual verification.

As Per ABS Guide

“Cybersecurity introduces an additional element into the safety equation: security against deliberate actions intended to cause harm. Security has always been a concern with naval ships, and the military routinely exercise precautions to maintain the security of their ships and offshore assets. Commercial vessels routinely employ special security measures under certain circumstances to prevent theft, piracy, smuggling or stowaways.
Those crimes are usually economically motivated, where destruction is not the goal. Acts of terror are
usually politically motivated, and ships and offshore assets are prime targets because of their mobility and high potential for causing extensive damage to life, property, the environment, and the transportation and economic infrastructure. The maritime community has come to the realization that ships and offshore assets must be made less vulnerable to security threats, both at sea and while in port. Perpetrators of such acts have moved toward cyber-attacks for similar purposes. Exposure to these threats has become pervasive due to the exponential growth of automation methods – and increasingly, autonomy – that has penetrated nearly all aspects of shipboard and offshore asset systems. Because these systems control multiple aspects of asset, ship or platform operations, they become integral parts of system and operational safety….”

The use of personal devices, from mobiles through iPad and personal computers has made the ship and shore more vulnerable to Hacking and planting malicious software. This in turn can materialize as a ransomware or plain destructive measures to personal data and equipment.

Once in, through vessel internet connections this may filter into vessel systems within the network disrupting anything from entertainment equipment to entering navigation software or hardware connected.

Risk assessing and identifying vulnerabilities with vessel and relevant shore connections can avoid leaving unidentified doors and elevate crew and guest awareness.  The main weapon we have is the assessment and continues training and educating all users within the network. Using the best software and firewalls to make it has hard as possible for the hackers to enter.