The Department for Transport (DfT) has released a new cyber security code of practice for vessels, which Callanan said will help firms develop cyber security assessments and plan, mitigation measures and manage security breaches.
“Anything that threatens the reliability and performance of a shipping sector that carries 95 percent of our trade has to be taken seriously,” Callanan said last week during London International Shipping Week.
A large issue is that “In some areas, maritime continues to rely on legacy systems using old software and aging operational technology,” said Callanan. On the other hand, “There is also growing dependence on information systems with the development of new technologies — such as autonomous or partially-autonomous vessels,” Callanan said. Both sides have the potential to make the industry vulnerable to cyber attacks, he said.
Referencing the cyber attack in Europe against Maersk Line and other industry firms earlier this year, Callanan stated that “appropriate practices and technologies” need to be in place to limit damages. He stated that the 2015 National Security Strategy and the National Cyber Security Center “reaffirmed cyber as a Tier One risk to U.K interests” and U.K. teams work to build cyber capabilities.
As a result, the DfT commission the Institution of Engineering and Technology to produce the cyber code of practice, with input from the Maritime Coastguard Agency, Maritime Accident and Investigation Branch, and others.
“The guidance will complement the work being done by the International Maritime Organisation (IMO) to raise awareness of cyber threats and vulnerabilities,” said Callanan.
While the code of practice is not law, it was created to be used in conjunction with ship security standards and with the IMO.