The shipping industry is increasingly at risk from cybersecurity attacks, and a void in insurance policies makes it vulnerable, industry experts told CNBC.
Cybersecurity has come into focus across the economy as hackers become more powerful. In the meantime, ships have become more reliant on a range of electronic devices to operate.
“These include software to power the engines, complex cargo management systems, automatic identification systems (AIS), global positioning systems (GPS), and electronic map display and information systems (ECDIS),” said Matthew Montgomery, senior associate at the international law firm Holman Fenwick Willan CNBC via email.
“The added incentive for a hacker is that the shipping industry involves high value assets and the transportation of valuable cargo on a daily basis.”
GPS blocking or interruption of GPS systems creates significant problems. For example, in April last year, South Korea said around 280 ships would have to return to port after problems with their navigation systems, claiming North Korea was behind the disruption.
Professor David Last, strategic advisor to the General Lighthouse Authorities in the UK, which provides navigational aids for ships, recently carried out a series of tests to investigate the effects of GPS interference on shipping. In one experiment, a jammer was operated from a lighthouse and aimed at ships.
“The effect was profound. GPS receivers on ships at sea about 30 km from the horizon were badly affected, “he told CNBC during a phone call.
“Some GPS receivers just died. They wouldn’t provide any information. Interestingly, other ships’ GPS receivers lied. That is, they gave wrong positions. So we had ships that were actually in the sea and apparently crossed land. ”
In a second set of experiments, a GPS jammer was placed on a ship, causing several systems to fail, including navigation systems, emergency systems, clocks, and the automatic identification system that transmits the location of a ship to other nearby ships so that they can be displayed on the radar.
“We had ships that were in the wrong positions and ships that suddenly moved very gently without anyone noticing,” explained Last.
Losing these systems can become a major problem when visibility is an issue and on busy shipping routes such as the English Channel.
“When the weather is bad, when the fog is low and visibility is poor, they (the ships) rely entirely on GPS for their navigation,” he said.
“If GPS goes wrong, the risk of an accident is very high.”
Another cause for concern is the fact that many shipping companies may not be insured in the event of a cyber attack.
“Most ship insurance policies contain a cyber attack exclusion clause that excludes coverage for property damage and business interruption. This has left a potential risk for shipowners, ”said Montgomery.
According to Montgomery, the insurance market is responding to these loopholes and offering products that cover cybersecurity. However, the shipping industry needs to determine what risks need to be insured and how they can be mitigated.
“Some ship owners are now identifying the areas where they are exposed to cyber risk, developing and testing written information security and incident response plans, and leading their incident response team through simulated exercises (with the assistance of outside legal counsel) to determine where the gaps are, ”he said.
“Once a shipowner has active cyber risk identification and mitigation processes in place, they are likely to be in the best possible position to transfer residual risks through a cyber insurance policy.”