Rod Johnson, Marine Manager at international law firm Stephenson Harwood LLP and member of the Marine Insurance Casualty Response Team, has written a report intended to demystify the risks to shipping, and in particular exposure to hull and machinery claims, from cyber crime. The guide is sponsored by the Joint Hull Committee of the Lloyds Market Association, and contains the Committee's due diligence standards.
The report was launched on 2 September at Lloyd's of London. The main points are;
- There is no single answer to the question of cyber exposure and the meaning of cyber as an issue is often misunderstood.
- The risk of a loss to a ship as a result of cyber disruption is foreseeable, but is not yet a reality. A systemic threat which could conceivably result in multiple losses on a scale which might impact the solvency of the world’s insurers and reinsurers does not yet exist.
- Ships are mostly isolated units, but as shipping embraces information technology, it becomes exposed to cyber risks some aspects of which are already well known in retail and banking. As the International Maritime Organisation's E-Nav programme gains momentum, the technologies required, as well as the aligned commercial demands of an ever more interconnected world, will increase the exposure to loss as a result of a cyber attack or intrusion.
- The report argues that the risk of loss or damage caused to or by a ship as a direct result of cybercrime is currently low for bulk or general cargo shipping, but higher for specialised or technically advanced ships engaged in oil and gas exploration and exploitation by reason of remote systems access and the potential vulnerability of Dynamic Positioning.
- The defences against cyber attacks fall into two broad categories: people based, and design based. People based defences are generally easier to implement, unless the design defences can be incorporated at build. The concept is that multiple defences from both categories should be deployed to offer defence in depth. There is no single solution to the security problem.
Rod Johnson commented "The concept of cybercrime has been discussed in industry and commerce for at least 30 years, but it is only relatively recently that the well reported attacks on Home Depot and Sony in the United States, together with similar stories originating from within the European banking system, have raised the issue of cyber crime and cyber security within shipping."
We hope this guide will be useful in differentiating the perceptions of cyber crime from the realities of it, within the industry.