The excessive pressure and an ever-increasing demand to optimize the logistics management systems and operations and to improve connectivity, including digital connectivity, maritime shipping has become highly dependent on computerized systems and information and communications technology. Similar to other industry sectors that rely on such technology, computer systems on board vessels or marine facilities face the same risk of cyber attacks, including through hacking, malware, viruses, worms and denials of service, among others, and these can originate from hackers and criminals anywhere in the world. Cyber attacks are most likely to first target vulnerabilities along with a supply chain, including negligent users, wireless access points and removable media devices. Unauthorized usage of data or systems by authorized persons, such as ship or platform crew, can also have significant negative impacts.
Cybersecurity-relatedincidents may also arise from extreme weather events, includingclimate change-related events, which pose significant risks toindividuals and businesses, including ships and in ports and marinefacilities. In such circumstances, security measures need to be inplace to ensure that even in the event of partial or totaldestruction of facilities, data is secure and systems can resumeoperations as soon as possible. The illegal usage and/or failure ofinformation technology systems on board ships may disrupt the safenavigation and propulsion. Similarly, cyber attacks on other systemsand technologies used for container terminal operations and cargohandling, including inventory and container tracking systems, cancause significant disruptions to such operations. The offshorestability and the positioning of the offshore supply vessels can beequally vulnerable to cybersecurity-related impacts, either by modernpirates and smugglers through non-targeted malware, insider threatsand functions performed at the wrong time or under the wrongconditions. All such attacks have safety and security issue, withpotentially serious impacts on human life, the environment and theeconomy. Other cyber attacks may be aimed at stealing information, such as sensitive company data, which includes production and processing techniques or strategies for negotiating with trading partners. Along with the economic effect on companies directlyinvolved, such attacks may lead to national security, wider financialand other implications. Potential consequences and costs ofdisruptions from malicious cyber attacks have been compared to those caused by past major incidents involving the maritime transportsector. Cybersecurity is often considered as a technical issue forinformation technology specialists, which does not directly involveothers. In addition, risk assessments and management appear to focusprimarily on physical security in ships and ports, with inadequateattention to cyber security and the sharing of informationon mitigating cybersecurity threats. Inadequate awareness among key stakeholders, including Governments, port authorities, shipping companies and telecommunications providers, of the security challenges, vulnerabilities and threats specific to this sector, was considered one of the main causes of this situation. Other problemsthat were identified were the complexity of the maritime informationand communications technology environment and the fragmentation ofgovernance at different levels, whether international, regionalnational.