On June 26 and 27, George Margetis, Panagiotis Christias CISA, CISM, CDPSE, and Dragan Ćurin, representing Margetis Maritime’s Piraeus Head Office and Spit Office, had the pleasure of attending the Rendez-Vous ParisMAT.
Panagiotis Christias, the director of our cybersecurity department, participated in a round table discussion at a conference on the topic of “How the Maritime Ecosystem manages the Cyber Risk”. The panel included field experts such as Howard Potter, Fabien Caparros, Bernard Imperial, and Jean Bayon de La Tour CISM. The discussion focused on the challenges faced by the maritime industry in managing respective risks and the strategies that could be adopted to mitigate these effectively.
The maritime industry, like many other sectors, faces significant challenges in managing cybersecurity risks. The increasing reliance on digital technologies, interconnected systems, and the use of the Internet of Things (IoT) has introduced new vulnerabilities and threats.
Here are some challenges faced by the maritime industry in managing these risks and strategies that could be adopted to mitigate them effectively:
- Lack of Awareness and Training: One major challenge is the lack of awareness around the topic and the training among maritime industry stakeholders. Many employees and crew members may not be adequately educated about best practices. To mitigate this, organizations should invest in comprehensive cybersecurity training programs for their employees and crew members. These programs should cover topics such as phishing attacks, password management, and safe Internet browsing practices.
- Legacy Systems and Infrastructure: The maritime industry often relies on legacy systems and infrastructure that may not have been designed with cybersecurity in mind. These systems may have outdated software, lack regular security updates, or have inherent vulnerabilities. Upgrading and securing these systems should be a priority. Implementing strong access controls, regular patching, and network segmentation can help mitigate the risks associated with legacy systems.
- Third-Party Risks: The shipping industry relies on a vast network of suppliers, vendors, and service providers. However, these third parties may introduce cybersecurity risks if their systems and processes are not adequately secured. To mitigate this, organizations should conduct thorough risk assessments of their third-party partners, establish clear security requirements, and regularly monitor and audit their practices.
- Increased Connectivity: The proliferation of connectivity in the maritime industry, such as satellite communications, onboard Wi-Fi, and IoT devices, has expanded the attack surface for cyber threats. It is crucial to implement strong network segregation, encryption, and secure configurations for these interconnected systems. Regular vulnerability assessments and penetration testing can help identify and address potential weaknesses.
- Insider Threats: The maritime industry faces risks from insiders, including employees, crew members, or contractors who may intentionally or inadvertently cause harm to the organization’s security. Implementing strong access controls, monitoring user activities, and conducting regular awareness training can help mitigate the risk of insider threats.
- International Jurisdiction and Collaboration: The maritime industry operates globally, making it challenging to address cybersecurity risks that transcend national boundaries. Cooperation and collaboration among international stakeholders, including governments, regulatory bodies, and industry organizations, are essential. Sharing information, best practices, and threat intelligence can help enhance the industry’s collective ability to respond to these risks effectively.
- Incident Response and Recovery: Despite preventive measures, cybersecurity incidents may still occur. Having a well-defined incident response plan is crucial to minimize the impact of an incident. This plan should include clear roles and responsibilities, communication protocols, backup and recovery procedures, and post-incident analysis to identify areas for improvement.
In summary, the maritime industry faces several challenges, including lack of awareness, legacy systems, third-party risks, increased connectivity, insider threats, international jurisdiction, and incident response. By adopting strategies such as relative training, system upgrades, third-party risk management, network segmentation, strong access controls, collaboration, and incident response planning, the industry can effectively mitigate these risks and enhance its overall cybersecurity posture.
Every year in Paris, Comité d’Etudes et de Services des Assureurs Maritimes et Transports (CESAM) holds this conference for the French marine insurance market, providing us with the chance to network with a wide range of business leaders and professionals.
Margetis Maritime, recognizing the increasing needs of the shipping community in order to manage challenges, comply with regulations and continue their day-to-day operations, has developed its new Cyber Security division. The purpose of this team is to offer maritime companies a holistic way to structure their cyber security in the best and most cost-effective way. Through these services, each organization can identify its weaknesses, anticipate the potential impact that a cyber-attack can have, design its security architecture, and finally implement these plans in its daily operations both ashore and onshore as a unified policy.