Training against cyber-attack in the maritime sector

The Institute of Marine Engineering, Science & Technology (IMarEST)’s MLA College, together with the University of Sunderland and Stapleton International, has developed an online Maritime Cyber Risk Awareness Course to help address an industry-wide lack of preparedness against digital threats

Modern ships and seafarers are prime targets for cyber-attacks. It has been shown that bridge systems such as GPS, ECDIS, radar and autopilot systems can be compromised by outsiders which poses a significant safety risk.  And it is not only vessel navigation that can be undermined, but control systems for ballast water, vessel stability, engines and propulsion can all be targeted by increasingly sophisticated cyber criminals.

The threat is omnipresent, as the infrastructure that supports shipping, such as ports and shore-based businesses being just as vulnerable as ships. As the frequency and complexity of these attacks is set to rise, organisations will have to build stronger defences, chiefly by training their employees and equipping them with the knowledge to keep the business safe. It will soon become crucial for all employees – no matter how big or small the company – to understand the latest threats, the extent of the damage they could do, and the best way to prevent or deal with a breach of security.

Employing a permanent cybersecurity team is not yet common and it is worth noting that even if it were, staff are usually the weakest link when it comes to security. Providing regular training for all staff to ensure they are not fooled by clever attackers may currently be the most cost-effective solution available.

“Businesses that are proactively investing in cybersecurity training are future-proofing themselves against increasingly ingenious crimes. Global trade relies on shipping and maritime operations so anything that might interfere with them is problematic at an international level. There is also a growing shortage of qualified cybersecurity personnel, with unfilled roles on the rise. Upskilling staff through courses such as this one must be included in the short-term strategies of maritime businesses globally to meet this demand and to improve overall safety at sea,” said David Loosley, Chief Executive, Institute of Marine Engineering, Science & Technology (IMarEST).

Inmarsat, a FTSE 250 global satellite and telecoms company, has included this training course as part of their cyber security service, Fleet Secure.

“We understand the importance the role 1.6m seafarers play in the maritime industry. These same seafarers are a large component of a mature cyber security position for any shipping company and Inmarsat is happy to endorse the cyber security course aimed at the raising the awareness and competence of seafarers,” said Peter Broadhurst, Senior VP Safety and Security, Inmarsat Maritime.

Cyber-security skills are not only beneficial to operations and to the staff, but also for business continuity. Other organisations may be hesitant to do work with you if your credibility has been damaged by a data or security breach, so a small investment in ongoing training can prove enormously valuable in the long run.

Awareness training is becoming mandatory within the industry (a cyber security component has recently been introduced to the self-assessment undertaken by tanker operators) but many ship owners are reportedly ignoring the warnings and not providing the training.

This new training course aims to overcome the dangers and can be completed online and consists of four modules: the cyber security threat; the digital threat using your personal information; the digital threat using your IT device and the physical and human threat.