Guidance on cyber-risk management beyond IMO 2021 compliance offered in Inmarsat report
A new report published by Inmarsat, the world leader in global, mobile satellite communications, highlights the role of the International Maritime Organization’s (IMO) 2021 cyber risk management code in providing a framework for cyber resilience but warns that there is more to combating attacks than compliance alone. Compiled by maritime innovation consultancy Thetius, Beyond Compliance – Cyber Risk Management After IMO 2021 encourages proactivity in preventing and mitigating the impact of cyber-attacks.
“Assuring data resilience and cyber security are key preoccupations for the shipping industry,” said Ben Palmer, President, Inmarsat Maritime. “The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts. Over the 12 months between May 2020 and May 2021, cyberattacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone. 
“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to cyber-risk management.”
One cornerstone of this approach is Unified Threat Management (UTM). By combining solutions such as firewalls, antivirus programs, content filters, and intrusion and detection systems into a single hardware and software package, Inmarsat’s Fleet Secure UTM streamlines the installation, configuration, administration, and maintenance of network security infrastructure. It thereby helps shipping companies, like Denmark-based Evergas, to raise security standards beyond regulatory compliance.
Evergas IT Manager, Poul Rævdal, commented “Regulations provide a good starting point, but it is important from our perspective to go above and beyond the guidelines, and Inmarsat’s comprehensive Fleet Secure solution facilitates a proactive approach to network security. Being able to unify the separate parts of our network security into a single solution and deal primarily with one supplier allows our IT team to focus on optimising the day-to-day support given to our ships and systems.”
Continuous development in seafarer training represented another key bulwark in shipping’s cyber security defenses. Inmarsat's Fleet Secure Cyber Awareness training programme contains everything the crew needs to know to be aware of vulnerabilities and suspicious online behaviour with best practice guidance this training module is offered free to all Fleet Secure Endpoint users.
Effective cyber risk management must consider multiple assailants and diverse lines of attack - targeted and random. Threat actors make continuous efforts to update strategies, by developing malicious coding, seeking out vulnerabilities in hardware and software, and by responding to human behaviour. Only by being proactive can shipping stay ahead of the cybercriminals.
1 Rising cyber exposure in Asia maritime shipping, Sabba Manyara, The Asset Publishing and Research Ltd, published January 2022