Why CSO Alliance
Connecting CSOs
Communicating & Challenging
Confirming Crime
Collaborating Globally
News & Workshops
Contact us
Join now


Icon representing Maritime Information Warfare Conference 2019 -London -November 18-19
Maritime Information Warfare Conference 2019 -London -November 18-19

November 18th 2019
Icon representing CYPnaval Conference - October 2nd - Cyprus
CYPnaval Conference - October 2nd - Cyprus

October 2nd 2019
Icon representing CSOA First Response Report: Iran Seizes British Tanker
CSOA First Response Report: Iran Seizes British Tanker

July 20th 2019

A CSO approach to Cyber Crime -no repeat of Y2K.

July 8th 2016
The key to our approach is to work with, and support, Industry so that there is just one worldwide maritime cyber event reporting system and a clear message. The Guidelines issued have been well received, and it is clear there will soon be a myriad of advice and training packages for seafarers. The art is to avoid multiple systems so that if there is a desire to invest, or a need to obtain assistance, the owners are directed to credible, proven, cost effective programmes. 

The Threat and Risk

As an industry and community we need to understand the threat landscape. What is the motivation, resource and objectives of state sponsored players, the teenager hacker or a rogue employee?

As a company you will need to be able to assess the risks and in our experience, it is far better if this comes from the top down, and looks at all the aspects of  your enterprise. We ourselves had a cyber audit and it was a sobering and educational experience as we ran through what is called the three pillars of information security: confidentiality, integrity and availability of data.

Cyber crime reporting

With the owners we talk with, Cyber is handled by a wide range of employees, from the CIO to Risk Manager, Insurance responsible, CSO or a director, who may be slow in dodging the cyber task bullet. We see our role as ensuring that cyber crime has every chance of being reported.  We do this by carrying the crime field on our reporting form on the platform. Incidents can naturally be reported anonymously to avoid any external market repercussions.  
We have pilot projects running with a very significant Global provider, who is experienced in working with industry, and is keen that the data is shared for the benefit all and stored in a cyber secure facility. To encourage the reporting they are considering a free 24/7 immediate basic telephone and/or email support in the event of a Cyber hack. It is an overhead to carry, but an important investment. As a community if we cannot track it, how can we fight it?


In CSO Alliance we have a Cyber Group with a library of over 75 articles and supporting videos. We are supported by Chris Young of Fidra Films, a veteran of crew educational videos who is creating a free to consume series of short Cyber Crime Crew education videos. He is close to closing sponsorship for this venture.

International Maritime Cyber Conference, London 1 July

Over seventy delegates attended, and the central question addressed was: how can we learn lessons from each other? There is a need for timely accurate feedback on Cyber-attacks at sea, in ports and harbours and within the wider maritime community; in order to develop appropriate policies and tactics to reduce or eliminate the threat.

The Conference was summed up with a list of top ten tips for the industry.

Top ten tips to improve Maritime eResilience 

1.   The UN, Governments and Flag States should undertake a fundamental look at its methods of maritime cyber regulation as well as what types of regulations are needed and where.

2.   Shipping entities must retain an offline option for all the main services which interact with other trading parties  
3.   There is an urgent and progressive need to consolidate the existing awareness raising campaigns around maritime cyber security into one coherent set of messages along an international campaign.

4.   The effectiveness of the reporting channels for victims of cybercrime at sea need to be improved and made transparent.

5.   Larger maritime businesses need to be encouraged to support the smaller maritime businesses in their supply chains in order to adopt effective holistic and integrated cyber resilience practices.

6.   Law enforcement should have a central place in the UN’s Maritime Cyber Security Strategy and in particular law enforcement aimed at protecting the maritime business community. It should include a UN commitment to better survey and record the scale of cyber crime against the maritime community as part of the official international crime statistics.

7.   Governments need to commit more resources to enforcement against cybercriminals and take the cybercriminal threat at sea more seriously.

8.   Larger economic infrastructure providers such as financial intermediaries should be liable for losses as a result of maritime cybercrimes.

9.   On a general point and internationally, cyber resilience needs to be taught in schools alongside the other aspects of ICT.  Basic digital skills – including how to stay safe and secure online, should be embedded in the curriculum as a core part of the functional skills that every young person should acquire during their education.

10.  And in UK, the small business members of the maritime community  need to be able to use the  information provision and advice offered by the new UK National Cyber Security Centre.

There was much talk about  the continuing Sea blindness, and the emerging awareness  of the majority of the maritime population as not knowing what to do to improve their own business and ability to recover in the face of a cyber threat. Thus they are unaware and vulnerable to the maritime Cyber challenges that face us all.

The conference also discussed the technology/human factors balance with many delegates from all parts of the maritime community concerned about over reliance on automated systems at sea and that Cyber training, education and awareness emerged as the issue that worries seafarers and the delegates on the day.