Building that cyber safety net in Wilhelmsen Ship Management
Christina Cheh , Vice President - Risk Management & Systems
Hyper-connected systems that integrate human, physical and digital environments, carry risk of potential compromise. And one of the simplest ways to break a secure forcefield is human weakness.
Cyber security training for crew
Cyber security training for crew is a mandatory and high focus area to mitigate human error that may lead to cyber security breach. In WSM, we have established and enforced a cyber security policy, onboard cyber security awareness training, training videos and frequent periodic updates on cyber security measures.
Our training program comprises of the following elements:
- Raising the awareness of cyber security
- Kinds of threat that could breech cyber security and how it works
- Password policies to build a strong password
- What to avoid and look out for
- Preventive measure – best practices
The training is applicable to existing and new crew before on-boarding. Once on board they are presented with a list of do’s and don’ts as reminder of their training.
Besides training, we also launch campaigns on board to raise cyber security awareness with a core message that highlights cyber security is everyone’s responsibility. To reinforce the message, on-shore vessel IT specialists going on board for vessel visits will reiterate this manifesto to our crew.
Working closely with ship owners is the way to enforce and build strong cyber protection
Owners are as aware as ship managers that any breech of cyber security can lead to potential damage in the delivery line. In tandem with the reliance of automation and digitization onboard, we see growing risks and implications of cyber security breech.
We believe that working closely with ship owners is the way to enforce and build strong cyber protection. Forward leaning owners are more willing to invest in providing additional IT infrastructure onboard for risk management.
Cultivating the right culture
A robust cyber security framework can be easily compromised by end user vulnerability. Hence it is important to cultivate a culture on board and on shore focusing on protecting it.
To have the right culture in place, we need to create the right motivation for the seafarers and staff to learn. At sea, we lowered the threshold and language used in training materials so that seafarers can identify and relate to the importance of cyber security. We also carry out IT Penetration Tests and Security Assessments on board.
On shore, constant communication and security measures are enforced to drill in the importance of creating a safe digital environment.
The added bonus is that with all these learnings, seafarers and staff have made this applicable at home and at play for protecting their own cyber presence outside the workplace.
Upheaval of the maritime cyber safety
We look forward to having more guidance from regulators and class society since cyber security will become a concern when the industry goes full speed into connectivity and digital transformation.
As a whole, we must have internationally acknowledged guidelines of high standards to continue operating safely at sea in the digital environment. We note that IMO has included maritime cyber risk management into its list of Information Security Management Code but that is still being lobbied for adoption from 1 January 2021. Cyber security enforcement will need to happen within companies to protect ourselves from jeopardy.
As WSM continues to be the leader in making a digital shift, building a safe cyber security net through education and infrastructure will be constant priorities with technology advancements.