Shipping must not underestimate physical risk posed by cyber-attack

The physical risk to ships from cyber-attack might not be as well understood by shipowners as those threats posed to traditional back-office functions such as accounting, payments and banking, according to London P&I Club in its latest StopLoss Bulletin.

Philip Roche, partner at legal firm Norton Rose Fulbright, writes in the Bulletin that good cyber hygiene, up-to-date firewalls, penetration testing and staff training are routinely deployed in the shipping industry to counter the back-office threat. But he warns that the physical risk to ships themselves is less well-understood by owners.

“Although it might be said that the risk is currently low”, says Roche, “cyber-attacks potentially pose a serious risk to the overall operability of a ship because of the increasing use of onboard IT, even where there is no single network controlling numerous systems and where internet connectivity is low.

Roche acknowledges that cyber-attacks causing physical damage are still rare, not least because of the comparative invisibility of shipping to the general public, and the

existence of a number of far easier targets for cyber criminals. But he warns that, because ships’ systems are centrally controlled, because connectivity with the shore is continuous, and because maintenance and diagnostics are increasingly carried out via USB ports in equipment, the risk will only increase.