Page 31: of Marine News Magazine (November 2021)
Great Workboats of 2021
Read this page in Pdf, Flash or Html5 edition of November 2021 Marine News Magazine
The Colonial Pipeline ransomware attack provides im- portant lessons for critical infrastructure providers in the maritime industry on being prepared for cyber-attacks. It still remains a mystery how the attacker, DarkSide, ? rst broke into Colonial Pipeline’s business network, but recent reports speculate that the pipeline was taken of? ine be- cause there was no separation between data management and the pipeline’s actual operational technology. “Other pipeline operators in the United States deploy advanced ? rewalls between their data and their operations that only allow data to ? ow one direction, out of the pipeline, and would prevent a ransomware attack from spreading in.” In this case, the attacker did not aim to take hold of the pipe- line, but held the data for ransom. The ransomware attack on Colonial Pipeline illustrates the need for separate, of- ? ine backup systems and cyber incident response plans.
Similar to the Colonial Pipeline attack and other recent cyber incidents, a targeted cyber-attack upon a sizeable ocean carrier or its supply-chain network could cripple signi? cant segments of the world’s transportation capacity to deliver essential goods. We have seen during the CO-
VID-19 pandemic the effects of hindered supply chains, scarce products on store shelves, and long lead times for integral components. To help address the need for in- creased action against cyber-attacks, the International
Maritime Organization (IMO) Maritime Safety Commit- tee, at its 98th session in June 2017, adopted Resolution
MSC.428(98) - Maritime Cyber Risk Management in
Safety Management Systems. The Resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as de- ? ned in the ISM Code) no later than the ? rst annual veri- ? cation of the company’s Document of Compliance after
January 1, 2021. Additionally, the IMO has issued MSC-
FAL.1/Circ.3, Guidelines on Maritime Cyber Risk Man- agement. The Guidelines provide high-level recommen- dations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vul- nerabilities and include functional elements that support effective cyber-risk management. The Baltic and Interna- tional Maritime Council (BIMCO) has also published its own Guidelines on Cyber Security Onboard Ships to aid shipowners and ship managers meet the IMO requirement to implement cyber-risk management in their safety man- agement systems. The maritime community should review