InView Autumn/Winter 2015

More documents

Info

12 InView | An independent eye on insurance HOW TO STAY AFLOAT IN THE FACE OF CYBER ATTACKS Stringent digital security systems surround our airports and banks, but ports and vessels are highly vulnerable to cyber attack. Phil James examines this pressing issue. The marine industry is open to cyber attack due to a number of reasons which include the development of its digital security systems failing to keep pace with the technology being used in other areas of the transport sector. Further, and more worryingly, marine organisations are lagging behind the increasingly sophisticated systems being used by organised criminals and terrorists. This therefore raises the disturbing question of not ‘if’ our ports and vessels will fall victim to cyber attack, but ‘when’? There are numerous ways in which digital marine infrastructure can be penetrated. Bills of lading, manifests and transit orders can be falsified, resulting in serious financial consequences – not to mention the movement of cargoes such as drugs, weapons, human traffic and even ‘dirty bombs’. Fraudulent data can be inserted into systems to create the illusion of legitimacy to criminal and terrorist activities carried out by certain criminal organisations. Automatic Identification System (AIS) data is based on radio transmission, which is also relayed via the internet and is susceptible to interference. Another weakness in marine security arises out of electronic payment for bunkers. Like any digital financial transaction, it is susceptible to interference by cyber criminals. Unlike some digital financial transactions, the sums involved are always significant. The Port of Antwerp hacking incident in 2013 is a recent high profile example of a cyber breach. Drug smugglers planted an extraordinary array of disguised remote access devices on the Belgian port’s logistics systems as part of a major hacking attack. The attack is thought to have taken place over a two year period from June 2011. The organised crime group used hackers based in Belgium to infiltrate computer networks in at least two companies operating in the Port. The systems that controlled the movement and location of containers were breached. This allowed: ■■ ■■ the hackers to access secure data containing location and security details of containers, which in turn allowed the traffickers to hide cocaine and heroin among legitimate cargoes including timber and bananas shipped in containers from South America. It was then easy for the traffickers to steal the relevant containers before the legitimate owner arrived. © Copyright. Weightmans 2015. All rights reserved.
Issue 2 | Autumn/Winter 2015 13 The scale of the problem has been widely assessed by cyber security firms that have regularly demonstrated just how easy it is to penetrate marine security systems. This should serve as a wake-up call for the marine community to properly address its security problems – and there have been encouraging developments. Some ports are already refusing to accept cargoes from geographical high-risk areas. Ports can refuse or restrict access to their facilities if other ports and carriers cannot demonstrate that they have the required level of cyber security. This is common practice in the industry as a whole and there is no reason why the marine industry should be any different. Many in the industry are calling for radical reforms at the highest levels to ensure the marine sector introduces and maintains the same high security levels as, for example, the aviation industry. Ultimately this will require significant investment in training, physical infrastructure, governance and auditing. Thankfully, governments and insurers are increasingly taking action to address the marine industry’s vulnerability. In the UK, the Cyber Essentials Award allows businesses to show consumers that they have measures in place to defend against cyber threats, such as the recent GOZeuS and CryptoLocker malware attacks. Cyber Essentials has also helped to provide businesses with clarity on what amounts to good cyber practice. The Cyber Essential Badge provides reassurance that a company takes cyber security seriously – boosting its reputation and creating a competitive selling point. It is reassuring to note that the scheme is being backed by major insurers, reinsurers and market bodies. The UK government also requires suppliers bidding for high risk contracts to be Cyber Essentials certified. While this is not marine specific, it does point the way for the marine industry. Looking ahead, carriers and ports may have to produce a ‘Cyber Certificate’ to demonstrate that they can ensure the integrity of the cargos they carry, handle or store. It is necessary for organisations to protect themselves with cyber contracts, such documents are likely to become a standard part of the contractual framework of the future. Gone are the days when marine security meant fitting netting to ships’ bulwarks to repel pirates. Today’s cyber pirates can create havoc on an unprecedented scale. The maritime industry must adopt equally sophisticated defences – or risk paying a very heavy penalty. Phil James, Partner 0151 243 9849 phil.james@weightmans.com
Page 1 and 2: Autumn/Winter 2015 Issue 2 HOW TO S
Page 3 and 4: Issue 2 | Autumn/Winter 2015 3 INTR
Page 5 and 6: Issue 2 | Autumn/Winter 2015 5 CYBE
Page 7 and 8: Issue 2 | Autumn/Winter 2015 7 RECE
Page 9 and 10: Issue 2 | Autumn/Winter 2015 9 VIEW
Page 11: Issue 2 | Autumn/Winter 2015 11 Pro
Page 15 and 16: Issue 2 | Autumn/Winter 2015 15 Tec
Page 17 and 18: Issue 2 | Autumn/Winter 2015 17 In
Page 19 and 20: Issue 2 | Autumn/Winter 2015 19 Ins
Page 21 and 22: Issue 2 | Autumn/Winter 2015 21 Vic
Page 23 and 24: Issue 2 | Autumn/Winter 2015 23 Soc
Page 25 and 26: Issue 2 | Autumn/Winter 2015 25 5.
Page 27 and 28: Issue 2 | Autumn/Winter 2015 27 Mer

InView Autumn/Winter 2015

Create successful ePaper yourself

Delete template?

Save as template?