Cyber security affects all stakeholders in the maritime and offshore industries
- Charterers need to ensure the effective and secure delivery of products as they are being moved from one place to another. Associations such as
- RightShip, and
- Marine insurers have applied the CL.380 Cyber Attack Exclusion Clause to hull and machinery insurance policies in many cases in order to exclude the risk of physical damage caused by a malicious cyber-attack. However, due to the increasing cyber risk, concerns have grown over the gap in insurance coverage created by the CL.380 exclusion. The insurance market has started to offer new services to their clients in order to omit or buy-back the exclusion of cyber coverage.
- Banks and financial institutions need to manage financial risks of their investments, including cyber risks. Similar to charterers and insurers, banks must either define a minimum set of requirements to be fulfilled in terms of cyber security or apply effective cyber risk assessment schemes to determine the business risk for them in case an asset is affected by a cyber incident.
- Ports and terminal operators need to protect their own operations and intellectual property (IP) rights as well as clients’ data and property. With the recent increase in cyber-attacks on maritime ports and terminals worldwide, more focus is being placed on strategies to reduce cyber risk at maritime facilities. Furthermore, regulations such as the ISPS Code and the EU Directive 2016/1148 require execution of effective cyber risk management of port security.
- Other transport stakeholders such as inland waterway, railway and road players have similar demands, as vessels have to ensure the overall effective and secure movement and delivery of products. In September 2019, an initial “Cybersecurity in Inland Navigation” workshop was held in Bonn, Germany, and facilitated by the Central Commission for the Navigation of the Rhine.
- The IMO, EU and national authorities (e.g. flag states) need to provide guidance as well as laws and regulations to keep shipping and offshore operations safe and secure. Currently, a wide variety of international and national regulatory guidance and requirements are applicable to the maritime industry. Due to the fast-changing environment of system connectivity and the cyber-threat landscape, guidance and regulations must be continuously updated to stay relevant.
- Navy, coast guards, customs and police must ensure the proper cyber security of their vessels and operations due to, amongst others, the sensitivity of data being processed. Both smuggling and piracy have been reported to be supported by hacking into cargo information systems as well as navigational equipment. For navies, cyber security is becoming an important field, especially considering the introduction of cyber warfare and political and regional conflicts making use of these attack methods.
Recommended actions and related support provided by DNV
- Charterers, ports, other transport stakeholders as well as navies, coast guards, customs and police benefit from DNV’s cyber gap and risk assessments, the development of cyber security policies and procedures, and the delivery of relevant training, as well as the execution of verification through penetration tests, the Cyber secure class notation and/or ISO/IEC 27001 certification
- Marine insurers and banks partnering with DNV benefit from the development of schemes to assess the cyber risks of vessels and organizations in order to undertake efficient underwriting and determine premiums for marine cyber risks coverage or the risk of the investment.
- The IMO, EU and national authorities utilizing DNV’s expertise enjoy support in executing maturity or benchmark studies of the current cyber security situation for a specific group of vessels or in the development of regulations and guidance.