Remote working solutions have taken centre stage since the outbreak of Covid-19 as companies reorganise their operating practices. Gard warns that cyber criminals are waiting in the wings.
To cope with operational issues such as denied physical access, quarantined vessels and travel restrictions, shipowners and operators are actively deploying remote access and implementing remote digital survey tools towards vessels and encouraging shore staff to work remotely from home. There is also increased use of mobile devices to access operational systems on vessels and core business systems within companies. These pose significant cyber security issues.
Jarle Fosen, senior loss prevention executive at Gard, explained: “Unprotected devices could lead to the loss of data, privacy breaches, and systems being held at ransom. Data is an asset and protecting it requires a good balance between confidentiality, integrity and availability.
“In an era of cyber everywhere, with more technological transformation, use of cloud [computing], and broader networking capabilities towards vessels, the threat landscape continues to increase. Cyber criminals will look to attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to destructive cyber attacks. Cyber security depends not only on how company and shipboard systems and processes are designed but also on how they are used – the human factor,” he added.
To combat this, “shipowners and operators who have not already done so, should undertake risk assessments and incorporate measures to deal with cyber risks in their ship’s safety management systems (SMS) and crew awareness training,” said Fosen.
He outlined some recommendations for shipowners and operators, including a focus on policies, procedures and risk assessments. Fosen also stressed the importance of ensuring that those performing tasks involving cyber security understand that the purpose of the procedures is to prevent unauthorised access and not simply to satisfy the regulators or their immediate superiors.
Today, the weakest link when it comes to cyber security is still the human factor. It is therefore also important that seafarers are given proper training to help them identify and report cyber incidents.
Lastly, Gard recommends that everyone stays cyber alert and avoid all Covid-19 phishing expeditions. Exercising caution; using trusted sources; remembering to disconnect or close temporary remote access given to any external party after finishing the job; and not disclosing personal or financial information in email are of the utmost importance in today’s remote working world.
For more information about Gard’s cyber security recommendations, click here.