As the maritime industry continues to grow and ECDIS software is linked to parties involved through ship’s communications, this creates higher risk of a malware or a cyber attack. There is now an urgent need to develop cybersecurity regulations for the maritime industry.
Ship owners, ship managers and engineers are encouraged to follow guidance from BIMCO and International Chamber of Shipping in ECDIS security as published in Witherby’s Cyber Security Workbook for On Board Ship Use to identify cyber risks and to protect vulnerable onboard systems. This publication also gives guidance on how best to detect, respond and recover in the event of a cyber attack.
Physical security is equally important -- ECDIS computers are required to be secured in a cabinet and USB ports are to be prevented from being accessed to bridge teams and endpoint protection should be installed. All computers should be hardened during installation and functions restricted to ECDIS applications.
Global ship manager Anglo-Eastern in partnership with Naval Dome will provide cyber security to more than 650 ships and evaluate ways to improve protection of ECDIS. “Cyber threats are among the most serious challenges the global shipping industry faces…not only enhances the level of security across our fleet, but also encourages system providers to retrofit systems installed aboard the global fleet with more advanced cyber protection.” – Bjorn Hojgaard, Anglo-Eastern Chief Executive
North P&I partnerships improve navigation safety and cyber security
Significant moves towards cybersecurity regulations for shipping have already been taken by organizations such as North P&I Club. They have partnered with HudsonCyber to offer its members access to their HACyberLogix platform, which will help them better understand their vulnerabilities to cyber security and how to improve their cyber security processes and systems ahead of the International Maritime Organization’s deadline for safety compliance in January 2021. This platform integrates cyber security standards, frameworks and standardized practices, including IMO’s International Ship and Port Security Code and the ISM Code.
The future of maritime cyber security requirements
Recognizing the cyber threat in the maritime industry, cybersecurity requirements will be established in Chapter IX of SOLAS, Regulations 1-6, Management for Safe Operation of Ships as of January 1, 2021. IMO has also decided to incorporate mandatory cybersecurity requirements into the International Safety Management Code, ISM. It's expected that cybersecurity will be addressed by all players in the shipping industry and incorporated into their Safety Management Systems (SMS).
The deployment of technology-based security systems as controls and mitigations to specific security threats may introduce or increase cyber security vulnerabilities. The port and port facility should continually review their overall business risk assessment to assess the level of exposure and whether there are any additional potential cyber related threats across the full range of port systems and data.