18 June 2020
Guernsey-based cyber insurance and risk management specialists Astaara has today launched a white paper in partnership with the British Ports Association aimed at highlighting the strategies to promote cyber security in ports.
The explosion in remote working and reliance on technology in maritime business continuity throughout the covid-19 crisis has boosted interest in cyber security and resilience in the wake of a fourfold increase in cyber-attacks in the maritime industry since February.
In one high profile attack last month, (9 May) computer systems at the Shahid Rajaee port in the strategically important Strait of Hormuz were attacked, creating traffic jams of delivery trucks and delays in shipments. It is understood that the attack came in direct response to a failed Iranian cyberattack on an Israeli water facility last month.
Whilst attacks from criminal groups are far more common than suspected state-based attacks or ‘hacktivist’ incidents, the overall upward trend is concerning and driving increased interest in security. The global cyber security market is expected to grow from £144 billion to £182 billion by 2021, although that will still be only around 10% of the value lost to cyber-attacks each year.
‘Now, more than ever, the advantages of digitisation should be capable of being realised, but only if the corresponding management resilience and recovery plans are in place and practiced to ensure those digital control systems and data flows are uninterrupted and uncorrupted,’ said Robert Dorey, CEO of insurance service and risk management advisory business, Astaara.
‘Processes need to be continually reviewed and updated as necessary, training provided, and new approaches to monitoring assessed and adopted.’
Mr Dorey added that marine companies were at increased risk of cyber-attacks, as scammers prey on the coronavirus disruption.
‘The Covid-19 restrictions mean that many activities, for example crew change, marine warranty survey or superintendent spot check will be done differently or just may not happen. This means that maritime business are more vulnerable,’ said Mr Dorey.
‘Criminals realise this and do not care about the human cost of Covid-19, or their crimes. They are not interested in the morality of their action. Instead they are interested in disruption and making money; they see Covid-19 as an opportunity.’
Remote working has been highlighted as a major risk for security, as the attack surface is broadened. Spoofing to misdirect payments long being a favourite of cyber criminals; classically, hackers will plant a virus, enabling them to monitor emails and change the text of a message from suppliers, adding a different bank account.
‘Covid-19 impacts the maritime industry like no other, principally due to complex supply chain relationships,’ said Mr Dorey.
Astaara white paper – ‘Managing Ports’ Cyber Risks’ – is launched today with The British Ports Association, as part of The Port Futures thought leadership programme. The paper looks at the ever more complicated business environment a of a port, with increasing regulation and risk.
The BPA programme was launched in 2018 to examine global emerging trends in the ports and shipping industries. This rolling programme of activity addresses key issues for ports over the next 50 years, including new technology and new applications of technology, infrastructure, and skills, as well as potential opportunities for and challenges to British ports that these issues present.
The British Ports Association (BPA) represents over 100 port members and over 80 associate members. Our port members own and operate over 350 ports, port facilities and terminals of all sizes across the UK, facilitating more than 85% of the UK’s maritime trade, 95% of which is carried by sea.
Mark Simmonds, Head of Policy and External Affairs at the British Ports Association, said:
“As key gateways for 95% of the UK’s international trade, ports are critical to the UK economy. The British Ports Association is keen to explore the benefits that technology can bring to our industry, whether through increased productivity or new ways of providing services. As port systems become ever more connected and digitalised, it is important that security and resilience is built in in to processes and training. Cyber security should be a board-level issue for all ports and we are committed to sharing and improving both Government policy and industry practice wherever we can. We hope this paper will serve as a useful reminder and guide for UK ports.”