Cybersecurity in Maritime...just another business risk we have to manage


By Constantine Komodromos
April 28, 2018

In the last few months, the discussion on cybersecurity and cyber attacks is emerging in the Maritime industry. I felt that there is merit in the discussions however this is something that is not a risk that only our industry is faced with but something that every industry is facing, not to mention that every one of us using any device connected to the internet is facing. It is a business risk that we should start managing if we are already not doing so. 

A few days ago I happened to read an article in MIT Technology Review that proves that it is just a cultural issue and purely matter of managing our business risks. Read the summary and find the article of WIRED for more information:

"GitHub just suffered the world’s biggest DDoS attack."" It barely blinked. The positive of the story is that risks can be managed.

"The site, which many developers use to store code, was knocked offline briefly this week by hackers who flooded it with fake traffic.

Terror-bytes: According to Wired, the attack peaked Wednesday at a whopping 1.35 terabits per second of data; the largest previous assault, launched in 2016 against a company called Dyn, hit 1.2Tbps.

Beware the memcrash: The attackers exploited memcache servers that companies use to speed up their web applications. Thousands of these machines have unsecured internet connections, and hackers use them to boost fake traffic.

Knight in shining code: Github routed its traffic flood to Prolexic, an automated anti-DDoS system run by Akamai that filtered out the attack. The whole thing was over inside 20 minutes. Chalk one up for the good guys."

So, instead of resisting change and finding excuses that the digital world has risks we should all start considering our overall digital strategy and start asking questions about: What is my digital strategy? How am I managing/mitigating my digital risks? How are my service providers managing their own digital risks? Are digital risks covered by the company's contingency plan?

After you start asking these questions more and more questions will arise and you will soon realize that indeed this is a matter of a holistic risk management culture which now needs to address the digital part as well in a similar manner you do with your Hull and Machinery risk, or with your Protection and Indemnity risk or your Directors Liability risk etc and this does not mean just Insuring the risk but also how you protect the organization operationally.

Digital is the new reality so let's embrace it, and simply embed in our corporate cultures the same mentality we apply when managing any other of our business risks.