The level of information and cyber security in maritime shipping is to be sustainably increased throughout Germany and internationally. The Federal Office for Information Security (BSI), the Employers’ Liability Insurance Association for Transport, Post-Logistics and Telecommunications (BG Verkehr) and the Federal Maritime and Hydrographic Agency (BSH) have announced an intensified cooperation and signed a corresponding administrative agreement in Hamburg on Tuesday.
Protect “floating data centers”
A year ago, the BSI warned ships and shipping companies to increase cybersecurity after the latter were among the victims of IT attacks with the “NotPetya” malware. The authority issued an initial guide to this. “Cyber attacks also take place on the high seas, because a ship is a floating data center,” the BSI is now warning. The navigation system used on board not only makes a large boat susceptible to interference, it also connects it to the Internet and thus represents a potential gateway for malicious hackers.
“Ships are an essential element of many important supply chains” and therefore also part of the federal strategy for critical infrastructures (Kritis), explained BSI Vice President Gerhard Schabhüser. They would therefore also have to meet “high standards” in the area of cybersecurity. On land, access systems, cargo handling, the control systems of the cranes and the Scada software used in many industrial control systems turned ports into highly networked IT systems.
The three supervisory institutions have therefore come together to use the agreement to sensitize the shipping companies in the German maritime sector to these issues, to support them in the performance of their tasks and to carry out joint relevant projects.
“We will analyze and assess cyber risks in shipping,” announced BSH President Karin Kammann-Klippstein. The aim is to introduce the appropriate technological protection standards. The partners of the agreement have published practical tips for shipping companies in parallel with the joint “ISM Cyber Security” circular. Checklists should follow. In addition, BSH and BG Verkehr become members of the Alliance for Cyber Security. By doing so, they vow to inform the BSI about IT security incidents in maritime shipping in order to build up a more detailed picture of the situation.