Smart Shipping | The Cyber Threats of a Crew-less Ship
13 February 2017 00:00
The adoption of smart ships and automated-unmanned vessels is seen as a new lease on life in many people's opinion, with some believing that the shipping industry is in significant need of such innovation.
The industry itself has slowed down in recent years, with firms such as AP Moller-Maersk announcing a full-year loss of £1.5b this month, only its second annual loss in seven decades. Now, many firms are announcing their innovative projects that will help the maritime industry cut costs for its businesses.
Rolls-Royce has just announced their plans to launch a fleet of crewless ships by 2020, aiming to cut sea transport costs by as much as 20%. Now, the hope of reducing costs and boosting profits is an attractive proposition (although potentially at the risk of 15m jobs...), but is the industry ready for the security challenges that will ultimately surface in this step of digitalisation?
The very nature of shipping often means the transporting of goods from a variety of industries and nations, meaning that the industry has a number of motivations for being targeted. The aim might be to steal information or to facilitate and transport illegal goods. The current risks to the increasing prevalence of smart shipping are the compromising of the integrity and reliability of the monitoring systems. These could be affected by cyber threats if the smart ship systems use the internet for data and information transmission. Smart assets are highly dependent on software and data quality, timeliness and integrity.
Cyber-enabled assets need security from these threats. I read an article awhile back, where ABS managing principal engineer George Reilly stated that “data architecture and data-gathering systems require safeguards and monitors. Software quality may affect data integrity. System and software updates must be managed by configuration and change management procedures, which include testing.”
Mr Reilly also pointed out that security should be added to the asset decision processes to protect system reliability and integrity, including confidentiality, data security, intellectual property security, integration checks and continuous monitoring. This should all be integrated into engineering risk assessments to ensure the whole system is tested and analysed for any issues. He concluded that cyber security should be integrated with systems engineering.