First of all, the shipping field is oriented to a full digitalization of the entire process, beginning to mapping and tracking of goods and vessels to the establishment of full digital channels for the documents’ flow, like the IBM case with its “Block Chain” service utilized by Maersk.
As first, the definition of Cyber-Attack is considered as any “attempt to damage, disrupt, or gain unauthorized access to a computer system, or electronic communications network. Cyber-attacks pertain to the same computer assets on ships, terminals, ports, and all computerized equipment supporting maritime operations”.
The starting point is to understand how important it will be to increase the level of security (Cyber Security). The reason is shown by data: almost 80% of European companies, indeed, have experienced one or more cybersecurity incidents.
The starting point is to understand how important it will be to increase the level of security (Cyber Security).
This scenario can be useful to better understand the mechanism behind. It is necessary to illustrate the approach and the different solutions created by the market.
We are vulnerable in the military and in our governments, but I think we’re most vulnerable to Cyber Attacks commercially. This challenge is going to significantly increase. It’s not going to go away.” By Michael Mullen – US Navy Admiral Chairman of the Joint Chiefs of Staff.
As shown in the title of newspapers above, the situation relative to Cyber-Attack can be effected with distinct modality against different types vessels, giving space both to private and public actors.
The International Maritime Organization guidelines
The international community has also been working through the International Maritime Organization (IMO) to discuss possible approaches to dealing with this challenge. In 2016, IMO approved “Interim Guidelines on Maritime Cyber Risk Management” focusing on voluntary measures despite some calls by some nations to create mandatory measures.
The Key Points highlighted inside the document are as follows:
- Identify: define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
- Protect: implement risk control processes and measures, and contingency planning to protect against a cyberevent and ensure continuity of shipping operations;
- Detect: develop and implement activities necessary to detect a cyber event in a timely manner;
- Respond: develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyberevent;
- Recover: identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyberevent.
The Rolls Royce Autonomous Waterborne Applications Initiative solution.
From the private side, one of these solutions is provided by Rolls Royce with the Autonomous Waterborne Applications Initiative (AAWA).
The Key features of Rolls the Royce system:
- Create competence for remote controlled vessel in commercial use Data in transit
- Create hotspot for waterborne remote control technology
- Develop commercially Viable short to medium term solutions
The European Commission directive about the security of network and the Mitigate Program
The European Commission has adopted a series of measures to tackle Cyber-Attack, it did not enact the European Union’s (EU’s) first broad legislation on cybersecurity until August 2016. Member states have until 2018 to adopt the directive on security of network and information systems (NIS), which essentially creates a network of computer security incident response teams across the EU to react to cyberthreats. It also establishes cooperation between member states.
Another interesting input on issues relating to cyber supply chain to protect it from cyber-criminal activities. The main goal of MITIGATE is to realize a radical shift in risk management methodologies for the maritime sector towards a collaborative evidence-driven Maritime Supply Chain Risk Assessment (g-MSRA) approach that alleviates the limitations of state-of-the-art risk management frameworks.
But what are the goals of MITIGATE?
- detects vulnerabilities of the IT infrastructure,
- enables to develop optimal security measures,
- uses Social Media to disclose new cyber threats and
- allows to collaborate with supply chain partners.
Therefore, MITIGATE aims is to develop an effective, collaborative, standards-based Risk Management system for port’s Critical Information Infrastructures (CIIs). The system will consider all threats arising from the global supply chain, including threats associated with port CIIs interdependencies and associated cascading effects.
These new type of research about modern system with the function of increase the level of Cyber Security is strongly supported and are co-funded by the European Commission, under its biggest Research and Innovation Program Horizon 2020.