The British government has announced a new cyber security code of practice for ships.

It warned that with the development of autonomous and partly-autonomous vessels, the industry is potentially “more vulnerable to cyber attacks”.

Speaking at the launch of the code of practice at London International Shipping Week, the Parliamentary Under-Secretary at the Department for Transport, Lord Callanan, said in some areas, maritime companies continue to “rely on legacy systems using old software and aging operational technology”.

“This has the potential to make the industry more vulnerable to cyber attacks.And the implications of such vulnerabilities could be highly damaging,” stressed the minister.

“Poor cyber security undermines customer confidence and industry reputation, and could potentially result in severe financial losses or penalties, and litigation affecting the companies involved,” added Lord Callanan.

He also warned that a cyber attack could result in “criminal activity, including kidnap, piracy, fraud, theft of cargo, or imposition of ransomware”.

Continues below…

Rolls-Royce demonstrates world’s first remotely operated commercial vessel

Rolls-Royce and global towage operator Svitzer have successfully demonstrated the world’s first remotely operated commercial vessel in Copenhagen harbour, Denmark…

Mayflower: the pioneering trimaran that will cross the Atlantic without crew

Shuttleworth Design, MSubs and Plymouth University are working on the Mayflower project, which aims to design, build and sail the…

UK government commits £6M to fund green technologies for maritime sector

The British government has announced it will invest £6 million to help fund innovative technologies and fuels to reduce maritime

Plans unveiled to build the world’s biggest sailing cargo ship

Lloyd's Register has announced it is joining the project to build the world's biggest sailing cargo ship - Quadriga

The concern is also that if a ship’s navigation system is taken over, it could be sailed off course, run aground or be programmed to hit another ship.

In June, the Danish shipping company, Maersk, fell victim to the NotPetya cyber attack, which is estimated to have cost the firm up to $300 million in lost revenue.

The ransomware attack prevented people from accessing their data unless they paid a certain fee in bitcoin.

Maersk lost up to $300 million when it fell victim to the NotPetya cyber attack. Credit: Łukasz Golowanow/Wikimedia Commons

Lord Callanan said NotPetya “showed that the industry is vulnerable to these type of attacks”.

The new ship cyber security code of practice is aimed at both small and large ship operators, ship owners and crew members.

It aims to help these firms to:

• develop a cyber security assessment and plan;
• devise the most appropriate mitigation measures;
• ensure the correct structures, roles, responsibilities and processes are in place and
• manage security breaches and incidents.

It also highlights the key national and international standards and regulations that should be reviewed and followed.

The new code was put together by the Institution of Engineering and Technology (IET), with input from the Maritime and Coastguard Agency, the Marine Accident and Investigation Branch, the MoD’s Defence Science and Technology Laboratory, and the National Cyber Security Centre.

The IET was also responsible for last year’s cyber security code of practice for ports and port systems.

The code aims to complement the work being done by the International Maritime Organisation (IMO) to raise awareness of cyber threats and vulnerabilities.