Lately, cyber incidents making global headlines have involved operational shutdowns and global logistical problem that have cost great financial losses. The monetary dents caused by such incidents could be damaging for economies. A recent report by Lloyds of London states that a serious cyberattack could cost the global economy more than GBP 92 billion.
What’s more, many of these incidents go unreported. The lack of sufficient data and analysis due to this means the industry is susceptible to further harm.
In response to this growing cyber threat, Wärtsilä and leading cyber security specialists Templar Executives have developed a strategic partnership and launched the International Maritime Cyber Centre of Excellence (IMCCE), which consists of the Templar Cyber Academy for Maritime (T-CAM) and a Maritime Cyber Emergency Response Team (MCERT).
While the concept of sharing cyber threat information between companies, in a collaborative manner, has been best practice in other industries, there has been no similar initiative in the maritime industry, so far. This makes the MCERT not only first-of-its-kind for the sector but also timely.
“We all know that the cyber threat we face in all aspects of our lives is increasing in line with the adoption of technology. However, the incidents that affected Maersk and the Port of San Diego brought the threat from cyber-attack into sharp focus for the maritime industry also,” says Mark Milford, Vice President of Cyber Security at Wärtsilä.
Commencing in 2018, the Wärtsilä Cyber Security Team and external partner Templar Executives developed the initial idea for the MCERT into a functioning start-up in just a few months. Established in less than a year, with hubs in Singapore and London, the pace at which the MCERT has been created and became operational is a phenomenon in an industry known for its traditional approach and long lead times.
“We adopted international cyber security best practices, refined over many years, and developed new elements unique to the requirements of the maritime industry,” says Milford.
These unique elements, Milford notes, give the MCERT an edge. It offers capabilities that will help ships owners and operators meet many of the IMO mandated cyber security requirements that come into effect on 1 January 2021.
Anu Khurmi, Managing Director, Global Services, for Templar Executives, says the MCERT was born out of the recognition that as the maritime sector becomes increasingly digital, cyber threat vectors are increasing exponentially.
“The MCERT has been established to provide response and capability to help enable cyber resilience across the entire maritime ecosystem including shipping, services, ports, refineries, terminals, support systems and leisure marine. It is also receiving support from marine insurers who recognise this changing risk landscape,” says Khurmi.
What has contributed to the growing popularity of the MCERT is the IMO’s resolution requiring cyber security risk management to be incorporated into the Safety Management System of ships, which has recently also been further codified by class societies and industry bodies. In the wake of this development, even many big customers of the maritime industry are keen on including the management of cyber risks in their contracts.
“Another potential game changer is the partnership we have established with leading insurance intermediary, Lampe & Schwartze, who have just launched a new, ‘Ship Owners Marine Cyber Cover’ to include exclusion Clause 380. In another ground breaking move we have also agreed that membership of the MCERT is mandatory in order to be eligible for this innovative policy cover,” explains Khurmi.
A key aim of the MCERT is to share information and prevent as many attacks as possible. To be able to do that, it reports on threats every day of the year.
“It is difficult to measure the serious harm that has been prevented. However, we would rather prevent an attack than report a serious incident suffered by a customer,” Milford says.
Also, from a broader perspective, the MCERT, both Khurmi and Milford note, recognises the necessity of a strategic and coordinated response not just to address the cyber risk to vessels on the water, but also to those likely to impact operations at corporate headquarters and other areas of the supply chain. This approach will ensure that no single aspect of the maritime ecosystem is left without support – from crew and vessel safety to safeguarding a company’s data and bank accounts.
However, the road ahead is a long one. Khurmi says a rather persistent ‘it won’t happen to us’ mindset still permeates the sector. She says the industry is still working out the threats and figuring out what to do in a cost-effective manner.
As a global maritime leader in smart technologies and complete lifecycle solutions, Wärtsilä wants to help the industry fully embrace the challenges of the 21st century.
“As our purpose is Enabling Societies with Smart Technology, the MCERT will play a part in living our purpose and enabling others to do so with an eye on the cyber threat,” says Milford.
“The MCERT is a solution by the industry for the industry,” he states.
“The MCERT is a direct response to this growing challenge. It provides an environment for all players to learn, collaborate and raise their game by proactively addressing the cyber threats to our industry,” she says on a concluding note.