With the amount of available capital still limited, shipping companies will prioritise investments in environmental technologies over cyber security, according to a leading maritime lawyer.
In a panel discussion during the Sea: The Future conference, Norton Rose Fulbright’s head of transport law Harry Theochari said vessel owners and operators would put cyber security on the back burner with new environmental regulations coming into force.
The two-year grace period for the Ballast Water Management Convention will end in September, while the IMO’s new, lower sulphur cap for bunker fuels will take effect from January 2020.
“If you are a shipowner right now, you got IMO 2020, you got to deal with sulphur emission and ballast water treatment. That’s going to roughly cost you $3.5m per ship [in general],” Theochari said.
The additional spending will come at a time when investments in shipping remain limited while shipping capital fell to $30bn in 2018 from $120bn in 2007, he said.
“Shipping has a huge lack of capital going in,” he said.
“The last thing on your (a shipowner’s) mind now is cyber, I am afraid…Environment will take front and centre stage".
However, according to some other panelists, what the industry needs the most is basic training for staffers to raise their awareness against cyber attacks — which only requires small amounts of spending.
“It’s not about spending money. It’s about ‘thought through’,” Bluevoyant Europe executive chairman Robert Hannigan said.
“It’s a cultural issue.” [This] does not cost a lot of money actually.”
According to a Gard survey in 2018, only 15% of seafarers received any form of cyber security training, while just 33% of them said the company they last worked for had a policy to regularly change passwords onboard.
“It’s very obvious we need to raise the awareness,” the Norwegian insurer’s chief customer officer Line Dahl said.
Sharpening industry focus
While the high-profile cyber attacks on AP Moller Maersk, BW and Clarksons have grabbed much of the industry’s attention in recent years, Hannigan argued that “getting the basics right is more important”.
Industry players have focused too much on high-impact events with low possibilities, while a rigorous approach reinforcing cyber security in day-to-day operations matter more, according to Hannigan.
Shipping companies risk going out of the business when not paying enough attention to their IT systems, no matter how good they are “at transporting stuff”, Hannigan added.
Theochari recognised the importance of cyber awareness but he pointed out the actual danger to shipping may not be severe as vessel operations are not yet fully digitalised.
“I think it’s incredibly hard to do some real damage…to today’s vessels,” Theochari said.
“They are very old fashioned, and they really do need seamen onboard.”
“If they were hacked, [they] will probably knew pretty quickly. They can just quickly switch off the systems and they will still have some navigation [abilities].”
According to an earlier IHS Markit shipping study, 69% of companies saw less than $5,000 in cyber-incident costs while 68% said they can recover from cyber attacks within hours.
However, Theochari warned the risks will heighten when autonomous shipping is developed further and more transactions are done within blockchain.
“Cyber will be critical when we have autonomous vessels…[when] somebody hacks onboard, you can just image what kind of damage it can do,” Theochari said.
“If you can hack into a blockchain…it’s going to disrupt the world trade for a very long time,” Theochari said.
“We are at a critical time ... these disruptive technologies are all going to fundamentally change the way we live and work.”
