Page 34: of Maritime Logistics Professional Magazine (Q2 2016)

33 35

CYBER SECURITY “It’s like Capt. Obvious from Hotels.com – If you are not thinking about how to train folks, making sure your systems are secure and constantly reevaluating – if you are not doing all of this, then you are taking on an unwarranted level of risk.” – Kim Hall, CLIA Director of Technical &

Regulatory Affairs for Operational & Security human.” Unintentional tions, which recently debuted Security-As-A-Service for re- or accidental incidents mote network monitoring and security, says “There are only are actually more of a threat two kinds of computers: Those that have been hacked, and than deliberate sabotage or out- those that will be hacked.” Ask any major government agency, side perpetrators. This is no minor issue when crew connec- ? nancial center, retailer, healthcare giant or insurer. Nothing, tivity to the outside world is now ‘de rigueur’ for recruitment and no one, is safe.

and retention. The majority of insurance policies that cover ships and ports “You have a better chance of securing technology than edu- include cyberattack “Exclusion Clauses.” For now, most in- cating and making sure humans do the right thing,” observes surers focus on creating awareness and working with clients

Kim Hall, CLIA Director of Technical & Regulatory Affairs to help them get started on battening down the cyber hatches. for Operational & Security. In one case, as a vessel was getting Allianz educates clients by speaking on topics of cyber ready to go to sea, the ? rst mate decided to listen to some mu- threats and through educational papers. “The U.S. is about to sic. He plugged his unbeknownst to him infected player into launch a ‘Know the Facts’ series on cyber to help our bro- the ship USB port, unleashing an infection. The ship had to kers (and subsequently clients) understand current exposures, cool its heels in port for two days waiting for a technician to risks, and coverage issues. This will be a quarterly feature,” come and ? x the problem. It’s why the U.S. Navy and Coast says Emy R. Donavan, Head of Commercial Cyber, North

Guard banned personal USB ? ash drives. Some companies America, Allianz.

seal up USB ports on ship computers to prevent such accidents. Some insurers are looking into offering some level of policy

But sometimes the problem is the technology itself. It protection. Allianz is ? nalizing a cyber security policy that doesn’t matter how old or new your ships’ systems are – noth- will offer coverage for liability associated with data breach, ing is safe. The more automated a vessel is – the more the costs of complying with regulatory requirements, digital asset bridge operates as the proverbial “brain” of the ship – the replacement costs, cyber extortion and other coverage. “Cov- more susceptible the entire operation is to malfeasance. Au- erage at this time is only available for larger clients with a tonomous ship operators of the future will have to deal with reasonable level of risk management around cyber threats. We issues when something goes wrong. Not everything can be will be launching a mid-market initiative later in the year, but handled or discovered remotely. that will still require some basic cyber hygiene responses on

The technology issue facing older vessels is more critical, the application,” says Donovan. and correcting it urgent. Running applications that were never meant to be networked or linked to the internet, it’s not uncom- Regulatory Sword mon to have wide open back doors, created to enable remote If that doesn’t get your attention, then the specter of more monitoring and repairs but with little thought given to criminal regulation might. That’s because, at some point, taking steps egress. And, many applications were written on operating sys- to implement a cyber security program might become a nec- tems that are no longer supported, and hence, no longer secure. essary part of proving seaworthiness. Capt. Andrew Tucci,

And patching solutions can aggravate the problem. Chief, Of? ce of Port and Facility Compliance U.S. Coast

Guard, thinks the level of regulation, although nothing like

Pressure to Act is Building the typical IMO iron-clad directives, will be more akin to what

Emil Regard, Managing Director, BlueTide Communica- industry has done with safety management. 34 Maritime Professional 2Q 2016I 34-49 Q2 MP2016.indd 34 5/19/2016 11:29:35 AM