Shipowners are used to taking risks and competing with each other. But with cyber crime on the rise, the shipping industry needs to work collaboratively to develop best practice to avoid attacks.
The Maritime Cyber Alliance seeks to bring Cyber Attacks into the open by allowing staff or crew to report events anonymously
A CULTURE of risk-taking leaves shipping highly exposed to Cyber Attack so it needs to be more collaborative in its efforts to fight off a common enemy.
With its fragmented nature, shipping is particularly exposed to attack because, except in a few notable cases, experiences are not publicized or shared. It means lessons are not being learned on an industry-wide scale.
In an effort to shed more light on what risks are faced, the CSO Alliance has launched the Maritime Cyber Alliance, an anonymous online reporting tool that allows anyone in a company to report any attack on a company or vessel, without fear of reprisal.
The CSO Alliance is a grouping of company security offices in the maritime sector.
“We’ve come together in an online, secure, vetted members-only community to share ideas and information to combat organized maritime crime,” says CSO Alliance director Mark Sutcliffe.
With 500 members, the alliance is designed for “hard-pressed” CSOs and poorly funded shipowners, where security is not even on the board agenda, Mr Sutcliffe says.
“There are thousands of companies like that around the world,” he says.
As part of its work, the CSO Alliance realized that Cyber Attacks were a rapidly emerging risk to shipowners, to crews and to ports, and that its methodology would work in addressing the threat.
“The MCA is really to give a one stop shop to come in and understand what is best practice, but at the very heart of it is an anonymous cyber crime reporting portal,” Mr Sutcliffe says. “If we report as soon as we get hit, we can get ahead of these cyber criminals.”
The goal is to align the shipping community to work as a team against the people who threaten the supply chain.
“We carry 90% of the world’s trade by sea and we all derive our living from the sea, so it is beholden on us to work as a team in the context of cyber,” he says. “If we do, so much good can flow from this.”
But to do this requires a neutral, low-cost community, which is where the MCA steps forward.
And the risks are real.
One unidentified member had its IT systems infiltrated for 150 days, resulting in a $500,000 payment being intercepted.
“A PDF document was altered and funds diverted,” Mr Sutcliffe says. “From an example like that, we write up a report on what was learned, what is the best practice, what was the source of the attack and how do we work as a team to prevent it happening again.”
Moreover, the organisation can also work with national authorities in the countries where attacking servers are based to get them shut down.
But more important is changing the entire closed culture of shipping, Mr Sutcliffe says.
“When a plane goes down you have 300 families that are destroyed and a huge amount of press coverage,” he says. “Shipping has a different approach to risk.
“When we lose a bulker with 20 crew on board, it doesn’t even make national news. Shipping doesn’t have that horrible spotlight on it like the aviation industry does and that allows that pervasive culture of secrecy.”
Hence the desire to support the employees at the bottom of the company.
“Quite often they won’t have a security culture,” Mr Sutcliffe says. “We’re trying to build the tools for this and to get cyber on the board agenda.”
But this is difficult while the shipping industry as a whole is struggling to make money.
“The industry is learning but it is still hard to get the money to invest,” Mr Sutcliffe says. “One Greek owner was given a $125,000 quote to completely protect his office and his ships. When told there was a 25% chance of being hacked, he said he was a risk-taker and would take the risk.”
But the odds are stacking up against shipping, he says.
“The industry is resourceful and will find a way out of cyber-crime, but there will be some pain along the way.”