The Triton

News

Secure at Sea: Cybersecurity laws lacking when it comes to yachts

ADVERTISEMENT

Secure at Sea: by Corey Ranslem

It is hard to realistically determine the number of cyberattacks that take place within a given time period. Many cyber experts believe the maritime industry has suffered eight to 10 major cyberattacks since the start of 2018. If you look at all cyber-related issues, that number moves into the thousands.

What are the International Maritime Organization and the respective world governments planning to push forward when it comes to cybersecurity laws and regulations for the maritime industry? Very little. Industry organizations seem to be taking the lead when it comes to guidance and industry-specific best practices. Unfortunately, regulatory compliance does not always align with industry-best practices. Those best practices sometimes vary by industry and location. What is good for a large cruise ship might not always work well within the large yacht industry and vice versa.

Currently the IMO has issued Guidelines on Cyber Risk Management (MSC-FAL.1/Circ.3), and the Maritime Safety Committee, in their 98th session last year (June 2017), adopted Maritime Cyber Risk Management in Safety Management Systems (Resolution MSC.428(98)). This resolution encourages flag administrations to ensure that cyber risks are “appropriately addressed” as part of existing safety management systems (ISM code). This is set to take place by the first annual verification of the company’s Document of Compliance after Jan. 1, 2021, according to the IMO website. A lot can happen between now and then.

I attended a recent conference with IMO officials. Several participants asked about changes to the ISPS codes to incorporate cybersecurity. The IMO said there are no such plans. They felt the existing code, in broad terms, provides the framework to address a number of threats, including cybersecurity.

Flag states and some class societies have put forward some guidance documents regarding cybersecurity. The U.S. Coast Guard published cybersecurity guidelines in 2017 for MTSA-regulated facilities as part of an overall critical infrastructure cybersecurity plan. Nothing within this strategy mentions vessels. The MCA published “Cyber Security for Ships, Code of Practice,” a 73-page document with some good guidelines. However, there are no major regulations proposed regarding cybersecurity specifically for the maritime industry.

Governments have put forward laws and regulations regarding cybersecurity, but they are more specific to handling data, not cybersecurity in general. I believe maritime industry regulations are not being proposed because of potential problems with enforcement of those regulations, along with several potential jurisdictional issues.

There are several maritime industry-related organizations (within the cargo and cruise industry) that have provided guidance to their respective industries on cybersecurity. These documents mirror a document on cybersecurity put together in the U.S. by the National Institute of Standards and Technology. Published initially in February 2014 and revised in April, this 55-page document is not specific to any industry or organization, but critical infrastructure in general. Many of the principles, in theory, can be adapted to the maritime industry.

Insurance companies aren’t moving at lighting speed in producing cybersecurity coverage for the maritime industry and, specifically, vessel operations. There are several cyber-related products for companies and critical infrastructure, but at this point, most large insurers haven’t worked through the risk model for cyberattacks against large yachts, cargo vessels or cruise lines. Cyber-risk insurance for ships will start in the cargo industry, then move to cruise lines and large yachts. Insurance companies still need to collect data to determine how to best price that risk.

I recommend one simple principle: If you have a company managing your cybersecurity infrastructure, it is a good practice to have another trusted company try to penetrate your network, testing the resilience and security of that infrastructure. I haven’t seen many vessels – whether large yachts, cargo lines or cruise lines – with cybersecurity standards even close to that of the healthcare and financials industries. As an industry, we have a long way to go.

Corey Ranslem, CEO at International Maritime Security Associates (www.imsa.global), has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Click for this month’s Triton cover article: Hacker hijacks email, steals $100,000 charter deposit

Related Posts...
Secure@Sea: by Corey Ranslem “I can’t believe that happened!” That’s Read more...
Secure @ Sea: by Corey Ranslem “Small vessel rapidly approaching from Read more...
By Dorie Cox A client who enjoyed his previous Mediterranean Read more...
Secure at Sea: by Corey Ranslem “The British are coming! Read more...
Secure @ Sea: by Corey Ranslem When I heard about Read more...

Share This Post

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Editor’s Picks

Secure at Sea: Yachts tempt thieves, especially in South Florida

Secure at Sea: Yachts tempt thieves, especially in South Florida

Secure@Sea: by Corey Ranslem “I can’t believe that happened!” That’s usually the response you get when you hear about the …

Multi-yacht owner Paul Allen dies

Multi-yacht owner Paul Allen dies

Co-founder of Microsoft and large yacht owner Paul Allen died yesterday from complications of non-Hodgkin's lymphoma. He was well-known …

New plans emerge for old Summerfield yard

New plans emerge for old Summerfield yard

By Dorie Cox The Hix Snedeker Companies of Daphne, Alabama, is scheduled to meet with Fort Lauderdale city officials in November to …

Yacht industry gathers for Triton Expo

Yacht industry gathers for Triton Expo

More than 800 captains, crew and industry professionals attended the Triton Expo in October at ISSGMT in Fort Lauderdale. Fifty businesses …