quarter deck

Shipping industry has started relying on technology for processing a large amount of data for quick solutions; issuance of automated e - Bills of Lading, automated systems for operating container terminals, track and trace systems etc. The storing, processing and transferring of data brings in great risks along with indirect costs such as loss of a physical asset or a system due to a cyber-attack, data retrieval, penalties for failing contractual confidentiality obligation, insurance costs and legal costs which can be crippling for organizations.

In 2011, the system of Port of Antwerp was attacked by hackers to track containers that concealed their illegal cargo to protect it from the authorities. The enterprise involved infection of the IT system, capturing passwords of port employees and is estimated to have been continued for almost two years.

In another incident, an international shipping company operating worldwide had fallen prey to high tech pirates who, instead of holding ships and crew hostage for indefinite periods, started attacking ships in a specifically targeted and time synchronized manner to steal valuable goods. The CMS system of the company had been compromised 'by loading a malicious web shell on the server'.

The maritime industry is an ensemble of ship owners/operators, terminals, consolidators, forwarders, agents, customs brokers, transporters, storage providers, banks and various regulatory departments; all of whom could be involved in moving a single consignment from point A to point B anywhere in the globe. Hence, a detailed cyber due diligence is a must.

Under cyber risk management, Port Community System could be adapted as a matter of policy. Employees can be trained to understand the risks of cyber-attack, preventing it and making an execution strategy. A Cyber Incident Response Plan must be in place for immediate implantation in the event of an attack. The plan should comprise of detection and containment procedures, evaluation of implications, notification of parties concerned and corrective actions for preventing recurrence. A specific cyber insurance policy is required to cover all direct and indirect costs such as legal service, PR, crisis management, security and forensics consultants, asset rectification, business disruption/interruption and cyber extortion.

Cyber threat is a real risk and it is increasing in its severity in shipping and other maritime industries. The readiness of an organization to deal with cyber threat will be crucial in determining its success.