fbpx

Marine cyber risk case studies

Understand the Risk
GET A QUOTE NOWSee our Cover Portfolio

While cyber risk is a given in the maritime sector and incidents are aplenty, there is a lack of publicised cyber cases on vessels as Organizations are trying to protect their reputation. Nevertheless BIMCO alongside cybersecurity experts has prepared a list of case studies as part of their latest cybersecurity guidelines which can be found below.

Want to have more in depth understanding of the risks?

 

We understand the risk

Incident: Unrecognised virus in an ECDIS delays sailing

A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus.  The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship’s master and officers.  A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus.  The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totalled in the hundreds of thousands of dollars (US).

 

Incident: Crash of integrated navigation bridge at sea

A ship with an integrated navigation bridge suffered a failure of nearly all navigation systems at sea, in a high traffic area and reduced visibility. The ship had to navigate by one radar and backup paper charts for two days before arriving in port for repairs. The cause of the failure of all ECDIS computers was determined to be attributed to the outdated operating systems. During the previous port call, a producer technical representative performed a navigation software update on the ship’s navigation computers. However, the outdated operating systems were incapable of running the software and crashed. The ship was required to remain in port until new ECDIS computers could be installed, classification surveyors could attend, and a near-miss notification was issued as required by the company. The costs of the delays were extensive and incurred by the shipowner.

This incident emphasizes that not all computer failures are a result of a deliberate attack and that software without updates is prone to failure and could fail. More proactive software maintenance to the ship may have prevented this incident from occurring.

 

Incident: Navigation computer crash during pilotage

A ship was under the conduct of a pilot when the ECDIS and voyage performance computers crashed. A pilot was on the bridge. The computer failures briefly created a distraction to the watch officers; however, the pilot and the master worked together to focus the bridge team on safe navigation by visual means and radar. When the computers were rebooted, it was apparent that the operating systems were outdated and unsupported. The master reported that these computer problems were frequent (referred to the issues as “gremlins”) and that repeated requests for servicing from the shipowner were ignored.

 

Not publicised via BIMCO:

Stuxnet found on a drillship
“Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program. Although neither country has openly admitted responsibility, the worm is believed to be a jointly built American/Israeli cyberweapon.”
Stuxnet targets Siemens specific SCADA and PLC systems used by ITAN in their Nuclear program and the vessel affected had the bad fortune to use  the same model PLCs.
The infected system caused significant damage to the Drill and its control systems on the vessel making it inoperable.

1

Evaluate Risk

Starting with a Risk Assessment you are at the position to understand how your company can handle cyber risk and what needs to be done to mitigate the risk. 

2

Mitigate the Risk

Understanding the risk and the exposure of your organization to cyber threats is the first step into mitigating that risk. Our team can work closely with you to decide on the correct strategy and tools. 

3

Choose your Cover

Cyber hull cover, incident response, Loss of hire with a multitude of options according to your exposure and risk appetite. Ability to be covered against any cyber peril. 

4

Peace of Mind

With a correct risk mitigation strategy and proper cover you can rest assured that you are prepared whatever happens.

secure

Contact Us