Effective cyber defences protect operators and cargo
The ability to make on-board data, including data from critical control systems and individual containers, available to the shore via satellite communication has a lot of appeal for container shippers. “Digitalization opens up new possibilities for the shipping industry, but its heavy reliance on computers, software and internet connectivity also makes it extremely vulnerable to cyber attacks,” says James Yeh, Executive Vice President at Taipei-based container liner company Wan Hai Lines Ltd. Extensive digital supply chains involving many parties pose significant cyber security risks, Yeh continues. “The maritime industry is not yet fully prepared for cyber threats, as cyber attacks and threats have evolved over time.” From ransomware attacks to data theft and from impairment of crucial control systems to denial-of-service attacks, many cases of cyber attacks have become known throughout the industry.
Similar to a burglar looking for the easiest way to break into a home, cyber criminals will try to identify the weakest point in the digital defences of a shipping company or vessel, explains Jan-Olaf Probst, Executive Vice President Business Development at DNV. Helping customers identify all potential vulnerabilities and the best combination of technologies and strategies to prevent intrusion is absolutely crucial. “This is where DNV’s comprehensive cyber security services can make a big difference,” Probst adds.
Cyber security unleashes the potential of digital technologies
However, cyber security should not be viewed solely as a response to threats or incidents but as a prerequisite for digitalization, explains Jarle Coll Blomhoff, Head of Section Digital Ship Systems – Ship Classification at DNV. “Only a cyber-secure vessel is a digital-ready vessel whose systems can be integrated and connected to land-based systems to improve operational and environmental performance in a safe manner,” says Blomhoff. “From remote engine maintenance to smart containers and automated navigation – DNV’s Cyber Secure class notation is an enabler for applying digital technologies on board, reassuring stakeholders that key measures have been taken to protect a ship’s systems against related cyber threats.”
Digitalization and cyber protection are thus two sides of the same coin. In tandem, both unlock great opportunities for ship operators and cargo owners to optimize business processes as well as ship operation. “Cyber-secure digitalization is about saving fuel, being more eco-friendly, having access to valuable data, optimizing supply chains and much more,” says Blomhoff.
Cyber-secure digitalization optimizes cargo planning and boosts competitiveness
“Customers need reliable and cost-effective services,” James Yeh points out. “Our digital processes integrate different systems to optimize cargo planning and maximize the benefit per slot unit. Our e-commerce platform allows customers to easily book slots, check ship schedules, and track cargo dynamically online at any time.” All these reliable, resilient and sustainable digital services can only be achieved when they are underpinned by a foundation of cyber security, he adds. “Effective cyber security management can be a company’s greatest competitive advantage. This is why our newly delivered ships have received DNV’s Cyber Secure notation.”
Smart containers are easily tracked, ensuring transparency
Secure, seamless container tracking is key to a reliable supply chain. Increasingly, container line operators opt for installing electronic tracking devices on their containers, says Jan-Olaf Probst. “A container has many points of interaction with IT systems along its journey. Smart communication devices go far beyond traditional tracking systems by making each individual container visible remotely at all times.”
For example, cargo owners can easily track the geolocation of their cargoes and relevant safety information such as temperature, humidity, door status etc., says Yeh. “What is more, the shippers can capture the cargo information provided by the cargo owner in a timely manner, and container information can be exchanged synchronously with ports, alliance shippers and other stakeholders.”
Container tracking devices create significant saving potential
The ability to account for the location and condition of containerized cargo at any time is itself becoming a competitive advantage for liner companies, says DNV’s Jan-Olaf Probst. “Smart containers can even be tracked when they have fallen overboard, which is an IMO requirement. Tracking devices let cargo owners locate the closest empty containers near their warehouses. They also tell cargo planners how full the container is and help optimize space utilization on board by making sure the space or weight capacity of every container is fully utilized.” This in turn optimizes the fuel costs per container transported, a factor cargo owners pay close attention to. And all that is possible only where the digital ecosystem has been sealed against illegitimate intrusion.
“There is dramatic saving potential in this technology,” Probst points out. “Making boxes smart in a secure way will help make the best use of the available capacity on board. A well-loaded vessel has a much smaller CO2 footprint per container than a partially loaded vessel, which translates to lower EU ETS costs. Furthermore, many liner companies are forming working groups to build blockchain solutions for smart containers that will reduce the enormous amount of paper handling associated with container transport.”
Addressing cyber security on land and at sea for comprehensive protection
Svante Einarsson, Head of Cyber Security Maritime & APAC at DNV, emphasizes that any cyber security strategy must cover all potential vulnerabilities. “It is important to take a holistic view and address cyber security both on board and on land in a combined effort to ensure comprehensive protection,” he says. “Cyber security requires a multi-pronged approach to protect the ship and its systems, the crew and cargo, the land-based IT infrastructure, and the containers.”
Most cyber attacks target land-based IT systems. This is why end-to-end security is so important. “While the Cyber Secure notation addresses on-board systems as part of classification services, DNV’s Business Assurance area offers ISO 27001 certification for the protection of the shore-side IT infrastructure,” Einarsson points out. “Our services also include penetration testing of ship and shore system as well as cyber emergency response enhancements and capacity. In addition, we assist customers with the development of documentation, strategies and procedures to tailor cyber security training. All this is crucial to prevent intruders from gaining access to ship systems through the IT infrastructure.”
Training is essential for people to handle cyber security risks successfully
“The Cyber Secure class notation follows up with the owner and operator to ensure that the crew on board are competent and that the organization has proper procedures in place to close all potential loopholes and protect the most critical systems, from navigation and communication to engine control,” Jarle Blomhoff explains. “Its holistic approach addresses people, processes and technologies: a training programme where people learn to act responsibly; defined procedures for interaction with systems; technical segregation of networks by digital ‘watertight doors’ between individual systems; an approved supplier network and approved equipment on board.” DNV Group’s 500 cyber security consultancy and managed detection and response experts provide both preventive (e.g. training) and reactive (e.g. exercises) services to address cyber security risks and comply with class and other regulatory requirements.
Efficient cyber security management and thorough crew training are priorities at Wan Hai as well, says James Yeh: “We actively invest in cyber risk education and safety to improve our cyber security management system and ensure safe navigation and smooth business operations.”
Source: DNV,
