Cyber Reporting can aid in defending your vessel
Timely sharing of incidents enables vulnerability warnings to the broader maritime sector.
Information sharing is critical in our collective defence against cyber crime and to strengthen cyber security within the maritime sector. By sharing information about cyber events with the right authorities, vessels can contribute to and avert current or future cyber security threats.
The maritime industry has increasingly adopted new technologies and digital systems to improve vessel and port facility operations. However, this digital interconnectedness has introduced cybersecurity risks, including the threat of ransomware attacks that can disrupt operations, unauthorised access to vessel controls and navigation systems, espionage in supply chain practices and behaviours, and theft of trade secrets.
When cyber incidents are reported quickly, the authorities can use the information to provide both assistance and issue warnings, to prevent others from falling victim to similar attacks. This information is also crucial to identify trends that can help us protect ourselves and the rest of the maritime sector.
Important items to share
Event data and time, location, type of activity and a detailed description of the event.
Types of activities you should share
- Unauthorized access of your system.
- Denial of Service (DOS) attacks lasting more than 12 hours.
- Malicious software in your systems, including type if known.
- Targeted and repeated scans against the company’s IT services systems.
- Repeated attempts to gain unauthorized access to your system.
- Email, mobile or social media messages related to phishing.
- Navigation events related to SATCOM, AIS and GNSS interference
How should you share?
It is important to communicate incidents with the flag administration, coastal authorities, national police, port authority, class society and/or your cyber security service provider. Sharing information with your cyber security service provider does not replace statutory reporting requirements to authorities. Remember to include full contact information.
Reporting to the authorities
For example, the US Coast Guard (USCG) seeks to address maritime cyber espionage and cybersecurity risks by focusing on establishing minimum requirements for the reporting of cybersecurity incidents by the maritime shipping community. The USCG stresses that the mandate for reporting will be quite broad, and their expectations for reporting any such suspicious activity will become much higher going forward.
The new USCG requirements will only apply to US-flagged vessels, outer continental shelf facilities, and US facilities subject to the Maritime Transportation Security Act of 2002 regulations. Although not mandatory, any other vessel, harbour, port, or waterfront facility may also report activities that may result in a cyber security incident.
On an international level the IMO implemented Resolution MSC.428(98) in 2021, which requires vessel owners, operators, and managers to consider the overall cyber risks, and to implement cybersecurity across all levels of their management system, in line with International Safety Management (ISM) Code.
In combination with this resolution, the IMO also released Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3). This provides high-level recommendations for maritime cyber risk management that can be incorporated into existing risk management processes.
Reporting onboard superyachts
Reporting cyber incidents for superyachts is challenging due to the complexity of onboard systems, the involvement of interconnected networks, and concerns about privacy.
Yacht owners and operators often prioritize discretion, as incidents can expose sensitive data about passengers, itineraries, or business operations. This hesitancy to report, while understandable, limits the ability of the broader maritime industry to respond effectively to emerging cyber threats. However, sharing anonymised data on cyber incidents can strike a balance between privacy and security, benefiting the entire community by contributing valuable insights that help improve defenses and protocols across the sector.
To safeguard against these risks while respecting privacy concerns, superyacht operators are encouraged to seek expert maritime cybersecurity advice. For comprehensive guidance, contact enquiries@priavosecurity.com.
Reference:
https://www.gard.no/articles/sharing-and-reporting-cyber-incidents/