The maritime sector is rapidly becoming a key point of focus for cyber security. One of the greatest threats to life and property on board ships today is the invisible danger from inadequate cyber security. In a world where data drives everything and the ‘Internet of Things’ is gaining momentum, systems must be kept robust and secure. Maritime experts have identified a weak spot in our defences – board-level capability and appreciation of the importance of this invisible risk. At Lloyd’s Register Foundation, we understand the urgency of getting this right as part of our mission to improve safety and reduce risk.
We’re working with the Research Institute for Sociotechnical Cyber Security (RISCS) on a long-term project to drive up cyber security standards on the boards of private companies, particularly shipping companies. As society and industry grows increasingly more reliant on the internet of things, achieving board level awareness will lead to more efficient and safer shipping worldwide.
To exploit the benefits of digital technologies for the maritime sector, researchers on the project have developed a set of interventions that will support boardroom decision making on cyber security. The team is working closely with those in the National Cyber Security Centre (NCSC), who focus on supporting strong board decision making on cyber security. Together, we’re coming up with practical ways to help industry leaders make better decisions about cyber risk.
The maritime sector has particular challenges. Autonomous shipping, highly automated ports, and the connection of the global supply chain to critical infrastructure like land transport make this a dynamic ecosystem and one exposed to a wide variety of threats. Boards in the maritime sector need to consider the logistics of working across international boundaries and within different legal and regulatory frameworks. It also depends on the collaboration of international computer emergency response teams.
RISCS Director, Professor Madeline Carr, explains the challenge: “Boards have to address the issue of maritime cyber security when they are making decisions about investment and governance of risk. If they do not, the unique threats and vulnerabilities to shipping and sea transport may inhibit the uptake of technologies that could otherwise transform the movement of people and goods around the world.”
This will be particularly acute considering the rapid expansion of the ‘Internet of Things’, when vulnerability to cyber-risk will imperil safety-critical systems, risking loss of life.
The project has generated interventions to help improve board members’ understanding of the risk landscape in which they operate. These involve training, informing and educating board members and the wider industry training, information and education. This includes:
- Contributing to the nascent research literature on maritime cyber security and on board-decision making at times of uncertainty. Our work is freely available to everyone so get in touch if you’re interested.
- Translating our research findings into engaging, accessible guidance and information materials for boards to use,
- Table-top training exercises based on our research, which will support board-level decision making on cyber risk in the maritime sector. Our collaboration with cyber security specialists, Axelos, will ensure that this is delivered directly into boards
The findings from the project are now being delivered to postgraduate students at UCL and Coventry University. Many of them will go on to work in the maritime sector, providing trained and informed business leaders for the future. The teaching materials will also be made available to other institutions teaching in similar areas.