Steven Jones, Consultant to ISWAN, looks at the growing importance of cyber security for seafarers.

As vessels increasingly rely on automation and remote monitoring, key components, including navigational systems, propulsion and power management, can be compromised. With potentially devastating consequences for life, the environment and businesses.

There is a growing emphasis on seafarers to be able to respond. It is vital that seafarers are not only aware of the problems, but of what they actually can do as part of the solution.

The solutions are both human and technical:

HUMAN: The 'human element' angle cannot be overstated. Maritime cyber security requires unique skills and mindsets. It also requires an understanding of what can go wrong, when and how.

While seafarers do have more responsibility there is also a need to ensure people are adequately trained and prepared.

STRUCTURAL: There are structural problems too, and there needs to be a reassessment of the vulnerabilities being faced. Ensuring the vessel’s Safety Management Systems (SMS) addresses cyber threats is a good starting point.

CYBER HYGIENE

Ships need to embark on a simple 'cyber-hygiene' routine to ensure that many of the more obvious vulnerabilities are dealt with. Various best practices would include:

• Seafarers acting as a human firewall;
• Seafarers recognising common cyber threats, such as phishing and email scams;
• Vessels having up-to-date antivirus protection on computers, systems and mobile devices;
• Vessels using updated operating systems and application software;
• Administration rights being maintained, and those with access trained;
• Data being regularly backed up.

In addition, it is vital that a shipping IT security policy is developed which is explicit and sets out penalties for infractions. While dynamic risk assessments which reflect the changing nature of ship life and demands are vital too.

In addition to this guidance and advice, there is a need for seafarers to be able to implement the necessary steps. So there are some absolute basics which vessels need to implement onboard as practicable actions, and crews need to be at the heart of these simple steps to cyber hygiene.

Seafarers should:

• Set up strong user access control;
• Set up strong network access control;
• Perform regular, scheduled back-ups;
• Test disaster recovery plans;
• Ensure the SMS reflects cyber issues;
• Make sure any anti-virus software is kept up-to-date.

With seafarers suddenly having new cyber security responsibilities thrust upon them, it is important that everyone understands what is expected of them and how to deliver.