Page 45: of Maritime Reporter Magazine (May 2024)

CYBER SECURITY mandatory veri? cation scope for new vulnerable and, in turn, expose physical fective training. Most maritime orga- vessels contracted from July 2024. As a systems to being targeted and breached. nizations lack critical cyber security classi? cation society, DNV already has This can lead to severe damage to equip- awareness and knowledge across their more than 250 projects ongoing or ? nal- ment, people, or the environment – or, workforce. Despite the practical chal- ized with its corresponding cyber secure worst case scenario, to all three. lenges of training and education – es- class notation and type approval aligned - Clarify responsibilities. To profes- pecially around industry-speci? c chal- with the IACS rules. sionalize their approach, maritime busi- lenges, such as ship crews operating in

IACS will increase the focus of ven- nesses should seek to clarify cyber roles remote and inaccessible settings – orga- dors, yards, owners, and ship classi? ca- and responsibilities across the enterprise nizations must remedy this.

tion societies on cyber security. It will while enabling system owners to manage ensure that technical cyber security by the risk from a multidisciplinary team. Although cyber security is a grow- design is built into important onboard - Champion insight-sharing across ing safety risk to the maritime industry systems and a vessel’s overall network, the industry. Sharing cyber security – perhaps even the risk for the coming for example, addressing the integration experiences – the good, the bad and the decade – crucially, it is also an enabler of IT and OT and the systemic integrity ugly – with peers and the regulator will of innovation and decarbonization. As of third-party suppliers. It will also lead be key to improving cyber security. In an we pursue greener, safer, and more ef- to follow-up on cyber security with sur- increasingly connected industry, where ? cient global shipping, the sector’s digi- veyors visiting vessels in operation. an attack on one organization or asset tal transformation is deeply dependent gives rise to contagion risk, this is in ev- on securing these interconnected assets.

WHAT NEXT? eryone’s interest: only through collabo- This makes it imperative that the sector

Maritime organizations should take ration will the industry create standards works collaboratively to strengthen its the following actions to address their and best practices around cyber security. collective cyber security.

cyber security: - Reframe regulation as the baseline - Treat cyber security as an enabler. instead of the goal. Meeting the mini-

The maritime sector has set itself clear mum requirements set out by industry strategic priorities around digital trans- regulations, such as the IMO and IACS, formation to enable both commercial doesn’t guarantee security; after all, regu- advantage and decarbonization. Cyber lations tend to come into being at a much security leaders must be part of these slower pace than the hacking methods wider strategic conversations from day used by cybercriminals. Rather than treat- one; consider investment in cyber secu- ing them as the end goal, the maritime in- rity as not just a cost of business but an dustry should use regulations as a foun- investment in con? dence, competitive- dation on which to further improve and ness, compliance, and innovation. adapt to the changing threat landscape.

- Treat cyber risks like safety risks. - Rethink how to manage supply

Maritime leaders have long asserted that chain vulnerabilities. Including cyber work is never so important it cannot be security in the procurement and devel- carried out safely; for decades, employ- opment processes for new technologies ees have been encouraged to stop work is much more ef? cient than carrying out and blow the whistle if they believe safety risk assessments at a later stage. Sup- protocols are being neglected. A similar pliers may also be able to help address mantra should be adopted for cyber se- maritime organizations’ limitations in curity. If security procedures and systems technical cyber knowledge, turning sup- are not set up according to standards and ply chain risk into an advantage.

requirements, they could be potentially - Resource a strategy for more ef- www.marinelink.com 45

MR #5 (34-49).indd 45 5/3/2024 9:02:00 AM