The International Maritime Organization (IMO) needs to set standards for the communication connections between ship and shore or else create a significant cyber security risk.

That was the central message delivered by Frank Coles, CEO of Transas, at the Shipping Insight Fleet Optimization Conference which took place in Stamford, Connecticut on October 18 to 19.

Cybersecurity is a highly-debated topic in the maritime industry. Coles opened by stating that compared to the highly regulated ship equipment environment, the connectivity environment is relatively uncontrolled in terms of maritime certification and compliance.

“The connected ship is like a long chain, with each piece linking to the next and at every point there is the opportunity for a failure,” he said. “It can be hardware or software or both and it can be a cyber virus penetration or simply a denial of service, either of which can cause damage.”

The essence of cybersecurity is a smart information technology system, process and procedures and therefore standardization and regulatory controls for the ship’s systems need to include connectivity.

“Before we get to unmanned ship discussions, we should recognize that although connectivity is not new, what is new is the connection in smart shipping,” said Coles. “There are international maritime standards for GMDSS [The Global Maritime Distress and Safety System] or AIS [The Automatic Identification System], but for the big data nothing exists. This means the cyber security risk is left to each satellite operator, each service provider and each hardware manufacturer.”

With the current growing demand and use of the fleet operations centers ashore, operating alongside the vessel monitoring services of the various government bodies, the security of connectivity is going to be very important, and the industry is going to need contingency plans in the event that the link is broken.

“This is where the human will become important, both on board and in the monitoring centers, as they will be able to communicate with each other and maintain a safe environment,” said Coles. “It is time for the IMO to apply the same standards of compliance used for GMDSS, ECDIS [Electronic Chart Display and Information System], and other bridge equipment to the standard communication networks and equipment. If these networks and the associated equipment is going to be used for operational, remote management, and technical decision, it must be cyber secure and compliant with a global set of international maritime standards. Until then we will have a cyber risk associated with a non-standard approach to connectivity.”