Big data

NonPetya Aftermath: What Have We Learnt?

Big data

Digitalization has become the new normal and a means of survival for companies in the maritime world, which is being transformed by the relentless development of technology. It is a vast topic covering from digital certificates on board ships to making ships’ navigation fully autonomous.

Players across the board, in what has been described as a very conservative industry, are looking into the opportunities of the Internet of Things and Artificial Intelligence to boost their performance and cut costs.

However, one year after the cyber attack that rocked the maritime world, proving it can happen to the very best, the importance of cyber security has come to the forefront.

Pantelis Skinitis
Pantelis Skinitis, Image Courtesy: ABS

World Maritime News spoke with Pantelis Skinitis, Business Development, ABS Advanced Solutions about the current state of play and lessons learnt about the importance of cyber security following the NonPetya attack in June 2017, which cost Maersk Line around USD 300 million.

In terms of cyber security, the need is real, he says, whether looking onboard the ship or ashore.

“The growth in communication and data transfer means that all businesses must think about cyber security in a holistic way.”

Commenting on the current situation in the market, Skinitis said that there is still not enough emphasis on the relationship between Operational Technology and Information Technology and the risks that flow from system upgrades and non-compatibility as well as from malicious risks.

“Based on numerous interactions with clients, it became evident to ABS that the conversation around recognition and response to maritime cyber risk needed to change. It required a new model that gives asset owners a clear picture of the sources of risk and tools to guide their mitigation actions and create a safety culture,” he explained.

“To do this, risk needs to be defined in a straightforward way that can be observed and measured, specifically defining the individual risks inherent in marine operating systems giving cybersecurity managers some ‘engineer­ing knobs to turn’ in order to reduce them.”

One of the positive outcomes from the recent developments is that the awareness is growing fast that this is not something that is going to go away.

“Indeed as digitalisation increases in shipping, the risk from OT/IT issues or from cyber-attacks can only grow without proper management. The many stakeholders involved in building and operating vessel now and future all need to fully understand how to design assets and systems that shift cyber-risk away from a defensive approach to a risk-based proactive method of thinking about maritime OT and IT risks,” he added.

ABS is looking at how better use of data and analytics, reporting and sharing of information can help drive safety from the individual mariners to the company level.

“The next phase is voyage performance where there are huge opportunities to collect, analyse and act on data captured from the vessel that can demonstrate regulatory compliance and also feed into greater operational efficiency. There are much wider opportunities too – in areas such as the interface between the ship and the port and integration of the supply chain, that promise to deliver much larger gains in efficiency in future,”
Skinitis said.

Commenting on the other side of the equation, there are some obstacles that remain in the minds of the shipowners, who believe they don’t need to change the way they operate their fleet or that their customers will be asking more from them in future.

“However, they are fewer in number every day,” he added.

Image by WMN

Can you ever be perfectly protected?

Digitalization of operations has a great potential to drive down cost for industry players. However, the question arises where do we draw the line between cost-reduction and cyber-attack risks?

“It’s a mistake for any organisation to believe that it is ‘perfectly protected’ from cyber attack and certainly there should be no correlation between cost reduction and cyber security. The fact is that cyber security means continued investment – but not just in systems. We know that people are key to good cyber hygiene whether in an office or onboard ship. Training and awareness  with easy to follow procedures need not be expensive but they can help to stop the easy access for hacking, phishing and spoofing for example,”
he replied.

Speaking on the way forward for achieving cyber resiliance, Skinitis said that for today’s maritime risk practitioner, the main challenge is creating a model that calculates risk for operating systems based on factors that can be counted, measured, computed, compared, and modeled against a Cybersecurity Management System.

With these issues in mind, ABS recently joined forces with the Stevens Institute of Technology to redef­ine the traditional cyber risk model as a mathematical equation in terms that are countable, observable and easily understood.

“The result is a new model,” Skinitis continues, “the FCI, for Functions, Connections and Identities – which enables a risk-based cybersecurity approach driven by specific quantifiable risks and that spotlight a specific area for remediation.”

“By dividing up the software critical Functions, such as navigation or other equipment, the Connections, whether isolated, or in a shared network, or with internet access to and from shore and Identities, such human or machine, trusted or untrusted, ABS can provide owners with a simple comparison of their fleet, ship by ship, indicating where improvements need to be made most urgently,” he said.

When asked about the claims that the industry might be getting ahead of itself with digital solutions for problems that don’t actually exist, Skinitis said that these arguments have been a common part of the process throughout the history of technological evolution.

There is a ‘hype’ we are hearing in the industry today that talks about what some new technologies might be able do, whether or not the case is proven, he added.

“Digital solutions are easier to apply than strong leadership and management practices, and that is one reason they are quickly applied.  Therefore, people naturally look for digital solutions both appropriately and inappropriately.  As the problems to which technical solutions are applied become better defined, the arguments tend to be resolved.

“The reality is that there are still big improvements the shipping industry can make to increase safety, reliability and efficiency using data tools. Whether these result in concepts such as full vessel autonomy depends on the true level of demand as well as on the safety case that surrounds it.”

How far away are we from an age of “autonomous shipping”?

“In terms of small vessels, sailing in coastal and inland waters, not far away at all. The pilot and pioneer projects currently underway will be in fruition in a relatively short time span provided the demand remains. This reflects not just the size of the vessels concerned but also the conditions in which they are likely to be sailing,” Skinitis said.

Nevertheless, he believes it’s less likely that we will see many such ocean-going vessels in the near term for regulatory, safety and market-based reasons.

“The noise around autonomous ships also overlooks the fact that vessel have been operating with increased autonomy – in the form of automation – for many years and this is something that will continue as the fruits of digitalisation begin to ripen.

“Will it result in autonomous ships? Perhaps, but given the technical and regulatory barriers and the need for public acceptance, its is likely that while crews continue to shrink in number, the need for skilled personnel ashore and at sea will remain,” he pointed out.

Interview by Jasmina Ovčina Mandra; Image Courtesy: ABS