Cyber-enabled shipping has arrived, and there is no doubt it is going to completely revolutionise the industry, but will this be for the better or the worse?
The market wants more cost-effective operations and better performance. However, in addition to being more cost effective, shipping must also be safer. Beyond the obvious benefits to human life and the environment that increased safety within the industry delivers, it also has a direct effect on reducing costs. This new level of connectedness presents the industry with both opportunities for improving safety as well as introducing new areas of risk.
Cyber security, for example, is becoming an increasingly important element in the risk profile of critical assets that are connected. The hardware and software that control processes, systems and equipment can be vulnerable to cyber attacks but connectivity should not mean that a vessel is less safe. Across the marine industry, there’s still huge variation in levels of awareness, and preparedness for, the increasing role of cyber technologies. Understanding the level of cyber readiness is the essential first step to identifying, mitigating and managing the risk.
It is not just the information and communications technology (ICT) that needs to be considered, but also the operational technology (OT) of a vessel and the interdependencies of these systems. LRQA has invested heavily in this area and has launched services to address the awareness of overall operational risk and software interdependencies. These services help the safe and secure integration of ICT and OT, taking into account all systems on board and – critically – on shore, how they are designed and installed, how they connect, and how they will be managed.
The cyber security landscape is a constantly changing one, as new threats and countermeasures emerge; and the regulatory framework is adjusted to reflect current and future needs. The greatest security vulnerabilities come from people; 90 per cent of cyber security incidents can be traced back to human error or intent. Good security outcomes are therefore underpinned by positive security behaviours, so training is vital to increase the overall awareness of cyber risks and ensure that the appropriate behaviours, awareness, attitudes and technical skills are embedded within a business.
There is no one ’magic’ solution and needs vary from business to business – LRQA's approach tailors the services delivered to each individual business, developing a fully bespoke management strategy. LRQA is also able to provide specialist awareness and technical training to embed cyber security within a company’s thinking and procedures so it seamlessly becomes part of business as usual.
LRQA doesn’t just develop services related to the risk of cyber-based technologies but also develops services related to their benefits, and offers services to help clients unlock the potential of their data, facilitating data-driven insight for driving better performance and safer, sustainable operations.
The opportunities that cyber-enabled shipping presents far outweigh the risks and by addressing these risks and building a safe and secure foundation, LRQA is helping its clients to realise the benefits to their business that are possible through digitalisation, as well as helping them prepare for forthcoming regulation.