By Samson Echenim
PwC Greece has addressed the crucial issue of cybersecurity for the shipping industry by organising an exclusive roundtable among COOs, CIOs and internal auditors of shipping companies. The roundtable offered the opportunity for PwC to raise awareness on the challenges shipping companies face with regards to cybersecurity, enhance PwC’s support to shipping professionals in their primary role of protecting their companies from cyberattacks and identify ways to raise the level of importance to the shipowners and boards of directors. It was also an opportunity to have shipping professionals express their thoughts on the way forward for shipping companies in building an effective cybersecurity programme.
Santos Equitz, shipping industry leader and George Kollidas, director, Technology Consulting at PwC Greece set an event agenda ensuring that the roundtable provided a forum to discuss openly the common themes and issues that shipping companies are facing when addressing cyber security risk. During the roundtable, Nicholas Karlsen, Senior Security Advisor, PwC Denmark, shared experiences from real life incidents within the maritime sector and discussed with the audience the ripple effects that these could have on shipping companies.
A number of insights resulted from PwC’s CyberSecurity Shipping Roundtable indicating that shipping companies need to adopt a holistic approach in managing cybersecurity as a business risk while it is of great importance that the identified cyber risks and threats are escalated to board and owner level and are treated with the proper attention. As there is a significant gap between C-suite’s understanding around cybersecurity and cyber risks and those involved in managing the organizations’ IT, bridging the gap is extremely important in order to ensure that management and boards can assess the risks and prioritize on immediate exposures or risks to the business and operations.
During the roundtable it was also highlighted that as ships become more and more digitized and more leanly manned, the requirements for cyber and information security are drastically rising and are becoming more complex. Thus, responding to the important issue of cybersecurity should be a vertical team effort within a shipping company, involving a wide range of functions from top management to legal, operations, compliance, risk, technology and audit departments.
On another issue, Operational Technology (OT) is one of the biggest challenges shipping companies face. Due to ship digitisation IT and OT environments on ships started converging and being interconnected. This convergence increases the IT surface of ships, opening new attack avenues that may impact the critical infrastructure operating the ship. In general, there is an abundance of OT technology that is unmanaged from a cyber perspective. This exposure should at a minimum be understood and then monitored. Event participants also discussed the importance of cyber resilient software in managing cyber risks. Software vendors developing applications for ships is an important link in the shipping industry landscape, and they should follow a well-defined approach in making their products cyber resilient. Regulatory bodies and policy makers have a key role to play in this initiative.
Also, awareness training of mariners to prevent ships being used as an entry point into corporate networks is worth considering. It is also a good practice to have an independent cyber readiness diagnostic performed periodically in order to benchmark the steps taken by the organisation to address cyber threats against best practices in the broader market and in order to test the defences and responses in place.
Santos Equitz, shipping industry leader, PwC Greece commented: “The crucial issue of cybersecurity for shipping companies was one of the topics highlighted by the Audit Committee Chairs of US listed shipping companies during the “Audit Committee Effectiveness: Going from Good to Great” roundtable organized by PwC in June 2019. Now, PwC is moving one step forward in addressing the cybersecurity issue for the shipping industry. The discussions that followed this exclusive roundtable, proved that cybersecurity is an emerging hot issue for shipping companies that needs to be urgently addressed both at a company and at a vessel level”.
George Kollidas, director, Technology Consulting, PwC Greece also said, “At PwC, we see cybersecurity as a top priority on the agendas of the shipping industry decision makers. Initiating awareness, raising the flag, informing the decision makers about potential cybersecurity threats, challenging shipping companies on their preparedness to a potential cyber attack and urging them to build an effective cybersecurity program, are all part of our role in helping shipping companies to address the importance of cybersecurity. Regulatory authorities should provide clear guidance in managing cyber risks across the entire ecosystem, from shipping companies to ports and software vendors”.
According to the participants, the event was of great value as it addressed the critical issue of cybersecurity for the shipping companies and offered the opportunity for an open dialogue where different views and experiences could be heard and shared among shipping industry professionals.