Why CSO Alliance
Connecting CSOs
Communicating & Challenging
Confirming Crime
Collaborating Globally
News & Workshops
Contact us
Join now

Profiled Supplier

  • Pen Test Partners LLP
    Penetration testing and security services
  • GAC Shipping
  • Navarino
    Navarino is the maritime industry's most advanced communications and connectivity company
  • Angel
  • Sec -Ex (The Security Industry Exchange)
    Sec-Ex is about efficiency; to save time and money.
  • Chenega International Consulting LLC
    Chenega International's specialization includes the provision of consultancy relating to the utilization of niche technology, security, analytical...
  • Weekly Threat & Activity Report
    Receive free weekly threat and activity reports on maritime security. Maritime news including piracy, armed robbery, terrorism, narcotics, and more!
  • HudsonTrident, Inc.

BIMCO releases second edition of The Guidelines on Cyber Security Onboard Ships

Updated Guide offers new insight and recommendations 
July 7th 2017
Updated Guide offers new insight and recommendations
The timing of the guide’s release really couldn’t be better, coming as it does in the wake of another NotPetya ransomware attack which significantly impacted Maersk recently and caused issues at a number of cargo terminals around the world.

While shipping as just one sector of business affected by the ransomware release, it is certainly one which has been accused of burying its head in the sand over information and cyber security in recent years. This, however, is now likely to change, as other companies see the ramifications of an attack. If further evidence of how an attack can impact the supply chain is needed, then Reckitt Benckisser (who manufacture a huge range of products from Nurofen to Dettol) have announced that the attack, although largely contained, could still see revenue growth drop by as much as 2%.

Commercial businesses have learned very hard lessons from malware attacks, as TalkTalk can attest. In February 2016, it was announced that the cyber-attack they suffered cost them £60 million and over 100,000 customers. It’s a salient lesson to any company which thinks it’s immune.

One reason the shipping and oil and gas sectors have been slow to adopt full cyber-security measures may well be the way some providers attempted to whip up fear over the last few years. Dire warnings of vessel controls being hijacked, or AIS tampering did little to help the cause, particularly since the most viable targets are generally on land, where the real money is. Why attack a ship’s systems when the officer server can easily be prised open by an SQL injection attack?

In the case of the NotPetya malware attack, a lack of clear upgrades to operating systems is certainly a factor, and the culture of allowing staff to bring their own devices to work and add them to company networks must be revisited. There are so many simple ways to ensure your systems remain robust, and the BIMCO guide helpfully lists many of them, as well as ensuring vessels, crew and cargo are kept safe at sea.

The second edition of The Guidelines on Cyber Security Onboard Ships is available as a free download at both the CSO Alliance and BIMCO websites.