As the cruise industry begins to restart business, it is not just coronavirus safety they have to worry about – there are also online viruses to protect against.
Cruise ship and ferry operators need to consider the safety of passenger data and company networks to ensure they are not infected by malware or open to hackers. Security obligations from IMO are soon to come into force, with cyber risk management expected to be in safety management systems on ships.
Cruise ship operators face considerable risks from hackers, as Carnival found out in August 2020 when it was forced to take remedial action as its networks were attacked. Ferry and cruise ferry owner Hurtigruten was also attacked in December 2020.
Inmarsat Maritime senior vice president for safety, security, yachting and passenger shipping Peter Broadhurst said the sector has considerable work to do if they are not yet on top of cyber security. “Passenger shipping is heading towards a new regime on cyber security,” he said.
Inmarsat has released a free-of-charge report covering the IMO obligations and their implications for cruise ship and ferry professionals, which enter into force next year. The report aims to support owners, managers and captains on compliance as they work to protect passenger ship cyber security.
“This is a significant publication for anyone investigating the fast-evolving threats facing cruise vessels and ferries at sea,” said Mr Broadhurst.
Cyber Security requirements for IMO 2021 provides insights into Inmarsat’s cyber security experience and examples of real cyber attacks on vessels. It offers guidance for compliance to cruise ship and ferry owners, managers, captains, engineers and technical officers.
The IMO resolution mandates that passenger ship safety management systems must be documented as including cyber risk management under the International Safety Management Code no later than the first annual audit after 1 January 2021.
This 40-page document highlights the way threats continue to adapt and evolve, reporting a fourfold increase in cyber attacks on maritime targets. It coincides with the maritime industry’s move to home-based working throughout the Covid-19 pandemic and when cruise shipping is beginning to bring ships back out of layup.
Inmarsat said the report also provides a comprehensive explanation of the often-misunderstood distinctions between antivirus software and network endpoint security.
Cyber Security requirements for IMO 2021 summarises industry exposure to date, identifies the vessel-specific vulnerabilities that have driven regulators to act and explores the precedents from outside and inside the maritime sector for IMO rule development.
Guidance for implementing Inmarsat’s Fleet Secure Endpoint for cyber security protection, monitoring and reporting to support operators’ IMO compliance is also included.
This secure end-point provides multi-layered network protection against phishing, spyware, botnets and more updates system status using software on end-user machines.
