Cyber Gap Insurance Report
The ability to create and analyze vast quantities of electronic data, and to share it over a network of computers within an organization and potentially with the outside world via the internet, is essential to today's business environment. Rapid advances in information technology over the last quarter century have brought enormous benefits in terms of reduced costs, increased efficiency, and a general streamlining of operations. However, while the benefits are clear and undeniable, the speed of the advances has brought with it a succession of new threats that are not fully understood, and which the cybersecurity industry has struggled to keep pace with.
While there have been relatively few reports of successful cyber-attacks on either shipping or on shore-based facilities, they are not unknown, and comparable industries have suffered attacks that suggest, at the very least, that the maritime sector may be vulnerable.
It has been reported that significant weaknesses have been identified in the cyber security of critical technology used for navigation at sea. Global Positioning Systems (GPS), Automatic Identification Systems (AIS), and Electronic Chart Displays and Information Systems (ECDIS) are all essential aids to navigation, and each has been identified as potentially vulnerable to attack.
The International Maritime Organization (IMO) has required that AIS be fitted on board the majority of ships, since 2004. The IMO regulations require that AIS will be capable of automatically exchanging information regarding a vessel's identity, type, position, course, speed, navigational status, and other safety-related information with other ships, shore-based facilities, and aircraft. AIS has come to be relied upon as a navigational tool on board ship as an alternative to radar, and is also an integral part of vessel traffic separation systems used by organizations with delegated authority for safety at sea.
Vessel navigation and propulsion systems, cargo handling, and container tracking systems at ports and on board ships, and shipyard inventories and automated processes, are all controlled using software that needs to be completely reliable. However, recent events suggest that these systems might be vulnerable.