Across the global maritime community, ports, ships and offshore units are increasingly connected to and dependent on systems that makes use of a cyberspace (Internet). Failure to anticipate and prepare for a cyber incident onboard a ship or offshore unit may have significant consequences.
This 20-minute video for crew awareness and training can be downloaded here.
The easiest and most common way for cyber criminals to strike, is through negligent or poorly trained individuals. Some Gard Members and clients have been victims of cybercrime where hackers have accessed the e-mail accounts of their service providers and sent e-mails purporting to be from their shore side organisation or other thrusted providers. There is also a common perception among ship’s crew, doubting the importance of cyber security on their ship; claiming their ship is not connected to the cyberspace.
Cyber security requires proper trained staffing to gain the full value of technology investments and the related IT- and operational procedures. Creating an analogy between the cyber threats and the other dangers faced on the maritime adventure, is an effective way to engage people on this subject.
Gard’s aim is, together with our partner in this project, DNV GL, is to create awareness and to build competence towards crew and others – focusing on daily tasks and routines, with an aim to de-mystify the cyber issues for “normal people”.
Based on our analysis of cases involving cyber security, Gard and DNV GL have produced a video and a presentation with some concrete recommendations for how the maritime industry can take to address them. The material is not intended to suggest any industry changes or rule changes, but rather changes in the way people behave and act. That said, cyber security is now also part of the ISM Code, effective from 2021, so this will in future be part of the regulatory agenda too.
Jarle Fosen, Loss Prevention Executive in Gard, stresses the importance that this cyber security awareness campaign is not intended to create fear and uncertainty. "We do not want to present cyber security as the hooded criminal hacker, but rather show how easy one can fall victim to a social-engineered attack and the easy steps one can take to avoiding them by thinking before you click! We want to influence a good crew behavior and attitude and teach them how to manage some of the risks."
Any company can be vulnerable to cyber risks. At Gard we strive to protect the interests of our Members and clients in the best possible way. We are developing an internal Information Security Management System to protect the confidentiality, integrity and accessibility of our organisation's information through measures relating to people, processes and IT systems.
Further information can be obtained from the cyber security awareness information package or training seminars available free of charge to GARD Members and clients.
Gard’s Members and clients will already have received this information package in an email from Gard. If, as a Member or client of Gard, you cannot trace receipt of this material, please contact firstname.lastname@example.org to obtain your copy.
The content available to download: