Why CSO Alliance
Connecting CSOs
Communicating & Challenging
Confirming Crime
Collaborating Globally
News & Workshops
Contact us
Join now


Icon representing Maritime Information Warfare Conference 2019 -London -November 18-19
Maritime Information Warfare Conference 2019 -London -November 18-19

November 18th 2019
Icon representing European Maritime Cyber Resilience Forum - London - October 31
European Maritime Cyber Resilience Forum - London - October 31

October 31st 2019
Icon representing CYPnaval Conference - October 2nd - Cyprus
CYPnaval Conference - October 2nd - Cyprus

October 2nd 2019

IMO Tackles Maritime Cyber Threat

June 3rd 2016
A recent meeting of the IMO’s Maritime Safety Committee finally turned its focus on an area that has been vexing the security community for some time but made little real impact with the merchant marine: cyber security.


While BIMCO recently announced a set of guidelines and best practice for shippers to work to, it seems that the subject of cyber and information security has yet to be taken seriously by the maritime community. Perhaps this is because incidents go unreported in the main, whereas land-based companies frequently hit the headlines over data breaches and distributed denial of service (DDoS) attacks.


Now the IMO hopes its own interim guidelines will assist shipping companies with Risk Management.


While incidents on board ships are a major concern due the networked nature of modern vessels, the reality is that the majority of incidents will occur on land, within shipping company offices. Frequently, the issue is outdated systems, poorly maintained software and lax information security regimes which allow outsiders or third parties access to critical systems.


Cargo manifest alteration for theft is a clear area of concern, but equally the “whale attack”, where a company is tricked into transferring money into third party bank accounts is a crime currently on the rise with land-based companies. This crime, also nicknamed ‘CEO fraud’ is a major issue, with firms being tricked out of millions of dollars a year and generally too embarrassed to publicly admit the crimes. The FBI estimates that over $2.3 billion was lost to CEO fraud and CEO email scams in the last three years.


The problem the shipping industry faces is that investment in computer systems often doesn’t bring an immediate or visible return on investment. New equipment and software is often expensive and hard to justify, particularly with a board who are unaware of the potential threats and legal liabilities of computer crime. However, the damage to a company’s reputation and shares can be equally hard to swallow; following their high profile hacking last year, TalkTalk lost an estimated £60 million.


It’s hoped the the IMO guidelines will be submitted to the next Facilitation Committee (FAL 41) next year, at which time the interim guidelines will be revoked. In the meantime, the IMO fully supports the guidelines recently drawn up by BIMCO.


CSO Alliance maintains a watching brief on all matters of cyber security and the maritime industry. These articles and documents can be found in our Cyber Group on the site.