In 2019, James Fisher and Sons (JFS) joined a growing list of marine service providers that fell victim to bad actors who breached their computing system. While the maritime space might not be a traditional prime target, Stacy Scott, Managing Director in Cyber Risk practice of Kroll, a division of Duff & Phelps, said to Insurance Business America, “I have done assessments on oil tankers and different ships, and seen the technology they use. It’s old and not kept up to date because it hasn’t had to be, but also when they do have connection to the internet, they have a lack of controls. That means they could download anything, which could then be transferred to their charting system, which is not only the map on how to get from point A to point B, but are there storms, are there things you want to avoid that could have a catastrophic effect?”
Marine organizations need to stay vigilant for the data that a ship or port holds in its systems that might not be financially sensitive or personal, but could be operational, or intellectual property. As companies within the sector start to think about cyber security, Stacy advises that organizations should make a checklist for on-ship staff to check that systems are up to date and configurations are still the same, and to make sure people are logging off and not leaving open personal email sessions in their browsers. She further highlights that while we may not be able to protect every aspect of our system, we should focus on detection and containment.
Read the full article here.