The threat to the marine sector – from malicious attacks on systems and organisations via information technology – is real, Bernard Twomey and Jonathan Earthy of Lloyd’s Register Marine explained while addressing the London Joint Hull Committee on Monday.
According to them, cyber losses may also be related to the use or misuse of systems which contain software as a significant component for their effectiveness and safety.
The Joint Hull Committee invited Bernard and Jonathan to discuss the risk issues in more detail, and how those issues impact/could impact vessel operation and safety specifically following their successful presentation on 16 April 2014 to the the Lloyd’s Market Association Marine Forum titled: ‘Cyber: Marine Risk and Potential Impact’.
This event was part of a broadening discussion on how the marine insurance industry could best address and manage these risks.
Cyber-attack is only one of several threats associated with the use of software as a technology in the marine environment. Examples of incidents arising from system complexity, software upgrade, inadequate requirements, unexpected behaviour and incomplete testing were used to demonstrate the potential risks.
Causes of problems include: poor software specification or definition of requirements, inadequate system integrity, ineffective installation, ineffective update/maintenance, malicious attack, corruption, lack of usability and insufficient or inappropriate training.
The consequences of these problems include: loss of control (failure of high integrity systems, ship and platform), reduced reliability or availability of any system, impact on safety (degraded/unknown margin of safety), high cost of ownership (poor ROI/productivity, high downtime, off hire time for repair), loss of data (both accidental and malicious), damage to ship systems, incorrect reporting of regulatory information and increased number of incidents (ship, cargo and environment).
LR’s Jonathan Earthy concluded: “cyber loss is real, here to stay and the technology needs to be better managed in order to contain the risks. Awareness raising and training are required. Loss prevention has a part to play. We also need better statistics on the causes and impact of cyber loss.”
The Joint Hull committee is considering the implications, if any, from a marine risk perspective arising from cyber-attack and similar events.
Press release, July 16th, 2014; Image:LR