The maritime domain, therefore, is critical infrastructure. As the world shifts toward securing a decentralised work environment, it is worth noting a rise in cyberattacks against “soft targets” such as ships and oil rigs.
For example, a hack on Maersk’s infrastructure in 2017, although Maersk was not the original target, cost the company more than US$300 million. Another attack that targeted Cosco in 2018 and an attack on MSC this April similarly led to widespread consequences for company operations.
As cybersecurity services provider to the sector, we are aware of several additional, undisclosed attacks. It is evident that maritime infrastructure must be strengthened in a manner fitting its already decentralised structure.
with physical security offshore, there is also a clear disconnect. If a commercial ship encounters circumstances that endanger the vessel, cargo or crew in ways that involve piracy, terrorism or warfare, support can be expected from military vessels or international security bodies in the region.
The same cannot be said for cyber threats, which blur the lines between national security interests and the private sector in ways physical threats do not.
This implies that the insurance industry could be an important market maker for maritime security reforms by putting the onus on the security of digital fleet management in its requirements around pricing and policymaking.
Paradoxically, insurance coverage for cyber issues remains lacking in the maritime space, with even the most well-established underwriters and brokers seemingly reluctant to offer comprehensive products. Gradually, however, this is changing and progressive players in the industry are likely to capitalise on the hesitation of the followers.
Digitising fleet operations and management began before Covid-19, but a wide range of functions that require in-person visits may need remote solutions in the new normal. These include safety audits and inspections, maintenance protocols, hardware and software upgrades and others.
Technology is often most unprotected during digitising and automation, a reminder that
should be implemented from the outset and viewed as integral to digital infrastructure.
Furthermore, the more complex maritime and port operations become and the more sensitive the cargo, the more we need cutting-edge solutions to safeguard digital integrity. In essence, ships must be made unhackable.
Coronavirus: What’s going to happen to China’s economy?
Industrial security, including critical operational technology, can no longer be the neglected stepchild of IT policy. Although maritime industries at large, including merchant marine and offshore oil and gas, are process-driven with significant documentation requirements and attuned to system audits, these have traditionally been done in offices or on-board vessels.
, however, the efficacy of these processes is challenged by the inability to conduct in-person meetings and attend audits on board. Progressive operators, cargo owners and classification societies have had to develop novel ways of conducting audits, which has resulted in several remote audits and inspections via video calls and conference systems.
The shipping industry must adapt to a world of low oil demand in which it takes on new purposes as well as to forward-looking demands for digital integrity. Consolidation may provide an opportunity to commit the resources necessary to improve cybersecurity across fleets and assets.
In non-maritime businesses, online firmware updates are an obvious part of IT policy. Onshore businesses like
and the automotive sector have already learned hard cybersecurity lessons.
In maritime operations, though, vessel hardware is rarely updated. Owners are only beginning to address the issue and should learn from other industries’ experiences. Intensive digitisation, better satellite coverage, lower data costs, new on-board equipment and Covid-19 responses are pushing innovations.
One major priority is business continuity planning, which requires a stronger and more efficient marriage of operational and IT policies. An inherent challenge for business continuity plans facilitating a remote working environment in the shipping industry is that IT has largely never been considered a strategic function within most shipping and maritime organisations. That must change.
The demands imposed by the coronavirus, cyberattacks and oil price crash require nothing less than this fundamental overhaul in how the maritime industry functions.
Parag Khanna is managing partner of FutureMap and author of The Future is Asian. Mikhail Zeldovich is chairman of Cocoon Capital and an investor in the cybersecurity solutions company Oceanshield. Brian Worning also contributed to this article