1 minute read
The Endless Quest for Cyber Security
Thus, it was for Maersk, for example, which, although the victim of a huge cyber attack, was not actually targeted by the villains; neither were the three major ports and numerous associated businesses damaged as a result of the assault. That attack came through malware that originally infiltrated an accounting program in another country and, over time and through several hands, migrated into the Maersk organization as well as other large corporations. For an industry that is still “digitizing”, or coming to terms with the benefits, risks and realities of digital systems, safety in this new environment requires strange new thinking and a new kind of vigilance.
One of the ongoing efforts at the IMO is to forge a link between cyber security and the ISM Code – particularly with the Safety Management System onboard – and with port security as addressed in the ISPS Code. The first fruits of that effort were delivered in IMO Resolution MSC.428(98), adopted 16 June 2017, which encourages “Administrations to ensure that cyber risks are appropriately addressed in safety management
“Even though knowing all of your vulnerabilities and therefore being ‘one hundred percent safe’ is not possible, there are still many things that can be done to drastically lower the risk of successful attack,” Cordes adds. “For example, learning about attacks, evaluating your attack surface, raising awareness and keeping your software up-to-date will significantly lower the risks. Of course, these things must be repeated regularly, as becoming more secure is a process and not something you can achieve with a one-time effort.”
