UNCTAD wants maritime sector to adopt measures that help reduce vulnerability to cyberattacks

maritime sector

The maritime sector must assess and manage risks, enhance preparedness and adopt hybrid solutions that are flexible and agile, and arrive at balanced trade-offs, such as between nearshoring and reshoring and combining hybrid supply chain models, along with other measures to reduce vulnerabilities to cyberattacks, UNCTAD said in a recent report.

The report titled ‘​​Review of Maritime Transport 2021’ must also focus on mainstreaming supply chain resilience, and risk assessment. Preparedness can also be achieved by allowing for redundancy across suppliers, nearshoring, regionalizing their supply chains, dual-sourcing raw materials, backing up production sites, increasing inventory of critical products, strengthening supply-chain risk management, improving end-to-end transparency, and minimizing exposure to cybersecurity and other shocks, the report added.

The COVID-19 pandemic’s impact on maritime trade volumes in 2020 was less severe than initially expected but its ‘knock-on effects’ will be far-reaching and could transform maritime transport, UNCTAD said. The report identified that the long-term outlook of the sector will be shaped by a range of continuing structural trends, including changing patterns of globalization, the drive for more-resilient supply chains, changes in consumer spending and the growth of eCommerce, the need for environmental sustainability, the global energy transition, and the continuing uptake of digitalization.

UNCTAD also analyzed key international legal and regulatory developments that cover maritime sector and transport facilitation issues, particularly those related to COVID-19 which has created many problems for clearing goods through ports but also created opportunities for new and smart solutions.

Innovations in maritime transport involve online and automated systems that raise concerns about cybersecurity. However, shipowners and operators can also take advantage of recently adopted guidelines on how to maintain cybersecurity in their companies and onboard ships, taking into account the requirements of the International Maritime Organization (IMO), and other relevant guidelines.

The COVID-19 pandemic also highlighted several systemic weaknesses within the maritime sector, including delays in the documentation and related problems, which could provide an impetus for the more widespread use of secure electronic solutions that are already available and accepted by the market. However, with increasing reliance on electronic interactions, they will also have to manage any associated cyber-risks and enhance their cybersecurity systems.

BIMCO, an international shipping association, had last December published cybersecurity guidelines at a time when shipowners and ship managers are faced with a requirement to implement cyber risk management in their safety management systems (SMS) by the time of their first Document of Compliance audit after Jan. 1, 2021.

The guidelines called for awareness of the safety, security and commercial risks that present themselves due to a lack of cybersecurity measures, protection of shipboard IT infrastructure and connected equipment, a system for authentication and authorization of users, to ensure appropriate access to necessary information, and protection of data that is used in the ship environment. These actions work towards ensuring that the maritime sector has adequate protection based on the sensitivity of the information.

It also demanded the management of IT users make sure they only have access and rights to the information for which they are authorized. In addition, management of communication between the ship and the shore side, and development and implementation of a cyber incident response plan based on a risk assessment must be streamlined.

The International Association of Ports and Harbors (IAPH) released in September its cybersecurity guidelines for ports and port facilities that will help safeguard against cybersecurity risks while ensuring the continued business resilience of organizations. The document aims to assist ports and port facilities to establish the true financial, commercial and operational impact of a cyberattack, and make an objective assessment on their readiness to prevent, stop and recover from a cyberattack.

The UNCTAD report said that the maritime sector is increasingly taking action against these threats, but much remains to be done. Maintaining effective cybersecurity is not easy. It requires collaborative, top-down approaches that engage senior management, combined with bottom-up approaches working with other staff to identify vulnerabilities and risks unique to each operational environment, while balancing and managing such risks within acceptable limits.

Implementing cybersecurity helps to protect shipping assets and technology from cyber threats and makes economic sense. But inaction could also result in consequences. Shipowners who fail to comply with the IMO requirements risk having their ships detained by port control authorities – though enforcement should be uniform and equitable.

Failure to address cybersecurity may also result in potential contractual liability, UNCTAD said. Cyberattacks can cause damage, loss or misappropriation of cargos, with implications for liability in the context of contracts for the carriage of goods by sea, the report said. Arguably, a shipowner’s obligation to exercise due diligence, and provide a seaworthy vessel before and at the beginning of the voyage, may also include an obligation to conduct regular cybersecurity risk assessments, and address risks and reduce vulnerabilities through safety management systems, in accordance with IMO and industry guidance.

Recently updated industry guidelines offer shipowners and operators information on procedures and actions to maintain cybersecurity in their companies and ships while adopting cyber-risk management approaches that take account of IMO requirements and other relevant guidelines. Implementing cybersecurity helps shipowners avoid having their ships detained by port state control authorities, and also makes economic sense, and helps protect shipping assets and technology from increasing cyber-threats.