Wednesday, January 16, 2019

Shipping Industry Cyber Attacks Prompt Government Action

Security Upgrade Following Spate of Crimes
Shipping News Feature
DENMARK – The Danish Ministry of Industry, Business and Financial Affairs has launched a new strategy for the shipping industry aimed at reinforcing and improving cyber and information security activities within the sector. In recent years, the global shipping industry has faced increasing vulnerability to cyber-attacks, as evidenced by the massive breach that affected shipping giant, AP Moller Maersk in 2017, the scale of which was unprecedented, costing as it did hundreds of millions of dollars.

Cyber and information security in the maritime sector includes the safety of navigation in Danish waters and the safety and security of Danish-flagged ships and their crews just as it does globally. Cyber security for ships includes services such as traffic monitoring, warnings and navigation information (AIS, NAVTEX), systems used by ships and ship operation software, including software for propulsion and navigation.

The responsibility for regional cyber and information security in the maritime sector lies with the Danish Maritime Authority (DMA). The DMA has established a dedicated Danish Maritime Cybersecurity Unit, which is to handle implementation of the strategy in practice.

With the prime objective being to ensure that safety in Danish waters and on board Danish ships is not compromised by cyber-attacks, the government's strategy contains a number of initiatives aimed at strengthening IT security and preventing cyber threats in the maritime sector. The strategy includes a raft of proposals and measures which include:

  • The aforementioned establishment of the Danish Maritime Cybersecurity Unit
  • Coverage and enforcement under the umbrella of EU and International law
  • A single point of contact between maritime operators and the Centre for Cyber Security (CFCS)
  • The secondment of Danish Maritime Authority employees at the CFCS
  • The promotion of increased awareness through collaboration and knowledge sharing in the maritime sector
  • Specifying objectives and user-friendly recommendations for the maritime sector's players
  • Cultivating an IT security culture and awareness
  • A focus on standardised processes in relation to cyber and information security management
  • Ensuring sustained and robust cyber and information security preparedness in the maritime sector
  • Creating a joint contingency and warning plan for handling IT security incidents
  • The planning and implementation of common cyber and information security exercises