The immense global dependency on the shipping industry makes it an attractive target for cyber criminals. While technical vulnerabilities in systems like AIS, GPS or ECIDS are the ones which may come first to mind, the complexity of the sector’s supply chain exposes it to many more attack vectors than those strictly connected to technology on-board ships.
A recently published report by the Cyber Risk Management (CyRiM) project, “Shen attack: Cyber risk in Asia Pacific ports”, elaborates on a scenario of a cyber-attack conducted on 15 major ports across Asia. The researchers estimated that a potential spread of the imaginary “Shen computer virus”, in its most extreme variant, could cause losses up to $110 billion.
Thijs Timmerman, Senior Manager Cyber Risk at KPMG explains: "These estimates show how paralyzing an attack on a relatively limited amount of ports can influence not only the maritime sector itself, but the global economy. It demonstrates the challenge of securing a complex supply chain and outsourced services landscape." In addition, it shows the need for identifying and investing in the development of essential skills and capabilities within maritime organizations.
KPMG works across the globe to assist maritime organizations in not only trying to prevent, but also being able to detect and respond in case of cyber incidents. This includes extensive training of personnel and performing incident simulations for training purposes. "Incorporating a cyber risk management mindset into the industry is no longer just an option, it is a necessity", says Thijs.