Department for Transport
Protecting the maritime industry from cyber attacks
Transport Minister Lord Callanan yesterday launched new guidance on how shipping organisations can deal with cyber threats.
Good afternoon ladies and gentlemen.
It’s a real pleasure to be here.
This is my first experience of London International Shipping Week.
I’ve heard so many positive things about it.
So I’m delighted to be able to join you today (13 September 2017).
And to talk about an issue which has such profound significance in our modern world.
Cyber security is an increasing concern for many industries across the global economy.
And that certainly includes maritime.
Anything that threatens the reliability and performance of a shipping sector that carries 95% of our trade has to be taken seriously.
In some areas, maritime continues to rely on legacy systems using old software and aging operational technology.
There is also growing dependence on information systems with the development of new technologies — such as autonomous or partially-autonomous vessels.
This has the potential to make the industry more vulnerable to cyber attacks.
And the implications of such vulnerabilities could be highly damaging.
Poor cyber security undermines customer confidence and industry reputation, and could potentially result in severe financial losses or penalties, and litigation affecting the companies involved.
The disruption caused by a cyber attack – or a compromised system — could be significant too.
Just consider what a compromised ship system could trigger:
- physical harm to the system or the shipboard personnel or cargo — potentially endangering lives or the loss of the ship
- the loss of sensitive information, including commercially sensitive or personal data
- criminal activity, including kidnap, piracy, fraud, theft of cargo, or imposition of ransomware
Even if the problem is on a much smaller scale, it could play havoc with an industry that requires order and reliability to operate efficiently.
Cyber security is not just about preventing hackers gaining access to systems and information.
It’s also about protecting digital assets and information, ensuring business continuity, and making sure the maritime industry is resilient to outside threats.
That means not only keeping ship systems safe from physical attack, but also ensuring that supporting systems are robust.
So that in the event of an incident, appropriate practices and technologies are in place to limit any damage.
There is also the need for personnel security — guarding against the possible threat from insiders, either shore or shipboard-based.
Ship owners and operators need to understand cyber security and promote awareness of the subject to their staff and business partners.
In recent years the government has demonstrated how seriously we take the cyber security threat.
The 2015 National Security Strategy reaffirmed cyber as a Tier One risk to UK interests.
We have dedicated cyber security teams in a range of departments working with the industry, manufacturers, international partners and academia.
This includes officials within the Department for Transport.
We have a team that works with shipping industry partners, port operators and vessels traffic services (VTS) organisations.
And have cyber security teams working with other transport sectors — such as aviation, rail, and connected and autonomous vehicles.
Our aims are to:
- understand the cyber threat and the vulnerabilities for the transport sector
- mitigate cyber risks and take appropriate action to protect key assets
- respond to cyber incidents effectively and ensure that lessons are learnt
and promote cultural change, raise awareness and build cyber capability.
The government also established the National Cyber Security Centre in 2016 — again to work with the industry on this increasingly complex subject.
You will be hearing from the security centre in just a few moments.
All this preparation is time — and money — well spent.
Because in recent months, we have seen some high profile cyber attacks hit various part of the economy.
The NotPetya cyber attack in June (2017) hit many different organisations across the globe including some in the shipping sector.
It showed that the industry is vulnerable to these type of attacks.
And we may encounter many more in the years to come.
So we want to support the maritime sector to help you manage your cyber security risks.
That’s why I want to tell you about the Department for Transport’s new Cyber Security code of practice for ships.
You should have some hard copies with you, but it is also available on gov.uk from today.
This guidance is aimed at ship operators, ship owners and crew members.
Businesses of all sizes.
And it will help you:
- develop a cyber security assessment and plan
- devise the most appropriate mitigation measures
- ensure you have the correct structures, roles, responsibilities and processes in place
and manage security breaches and incidents.
It also highlights the key national and international standards and regulations that should be reviewed and followed.
The Department for Transport commissioned the Institution of Engineering and Technology (IET) to produce the code of practice.
It has also received input from experts at the Maritime Coastguard Agency, Maritime Accident and Investigation Branch, the MoD’s Defence Science and Technology Laboratory, and the National Cyber Security Centre.
The guidance will complement the work being done by the International Maritime Organisation (IMO) to raise awareness of cyber threats and vulnerabilities.
This code of practice explains why it is essential that cyber security be considered as part of a holistic approach throughout a ship’s lifecycle.
As well as setting out the potential impact if threats are ignored.
The code of practice is intended to be used as an integral part of a risk management system to ensure that cyber security is delivered cost effectively as part of mainstream business.
This latest code of practice follows on from last year’s publication of the well-received Cyber security code of practice for ports and port systems, which is also available on GOV.UK.
The ports code of practice was also written by IET, so both guidance documents are consistent in their approach.
We hope you find it of value, and encourage you to consider all the advice.
We will continue to work with you all and seek to ensure that the UK’s transport sector remains safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world.
Latest News from
Department for Transport
Highway Code changes set to take effect this weekend26/01/2022 16:10:00
Changes to The Highway Code, including the hierarchy of road-users and the 'Dutch Reach' are set to change from 29 January 2022.
The Highway Code: 8 changes you need to know from 29 January 202226/01/2022 15:10:00
Rules for all types of road users will be updated in The Highway Code to improve the safety of people walking, cycling and riding horses.
Prime Minister declares UK one of the most open countries in Europe and ready for an international tourism boom25/01/2022 13:29:00
UK is safe and open for visitors with no testing for fully vaccinated tourists
UK open for travel with all restrictions removed for eligible vaccinated arrivals25/01/2022 11:25:00
Changes to COVID-19 testing measures for travellers arriving in the UK from 4am 11 February.
Government supports aviation sector recovery with airport slot alleviation for summer 202225/01/2022 10:10:10
Move gives aviation sector flexibility and protects environment as airlines will not have to operate ghost flights to retain airport slots.
Olympic gold medallist and cyclist Chris Boardman to lead government's new active travel body24/01/2022 16:10:00
Active Travel England to create safer streets for cycling and walking to boost air quality and help improve the health and wellbeing of the nation.
North West on track to benefit from faster and more reliable train journeys as bill for next phase of HS2 to be laid in Parliament24/01/2022 15:38:00
Bill to extend HS2 from Crewe to Manchester, creating a new transport spine across the North West that will reduce journey times and boost local economies.
New executive agency Active Travel England launches24/01/2022 12:10:00
Active Travel England builds on government commitment to boost cycling and walking and deliver a healthy, safe and carbon-neutral transport system.
High Speed Rail (Crewe – Manchester) Bill and associated documents24/01/2022 11:33:00
Government confirms 4 technical refinements to the Western Leg of HS2 Phase 2b and sets out the strategic case for the HS2 Crewe-Manchester scheme.