Industry experts are of the view that a gap in insurance policies is leaving the shipping industry vulnerable and the industry is increasingly at risk from cybersecurity attacks.

As hackers become more capable, Cybersecurity has come into focus across the economy. Meanwhile, ships are more reliant on a range of electronic devices to operate.

“This includes software to run the engines, complex cargo management systems, automatic identification systems (AIS), global positioning systems (GPS) and electronic chart displays and information systems (ECDIS),” explained Matthew Montgomery, senior associate at international law firm Holman Fenwick Willan, said.

“The added incentive for a hacker is that the shipping industry involves high value assets and the movement of valuable cargo on a daily basis.”

Significant problems can be created by jamming or disrupting GPS systems. Claiming that North Korea was behind the disruption, after experiencing problems with their navigation systems, South Korea said that around 280 vessels had to return to port in April last year.

A series of trials to examine the effect of GPS jamming on shipping was recently run by Professor David Last, strategic advisor to the U.K.’s General Lighthouse Authorities which provides navigation aids for ships. Aimed at ships, one such jammer was operated from a lighthouse in one trial.

“The effect was profound. It strongly affected GPS receivers on ships out to sea to the horizon at about 30km,” he said.

“Some GPS receivers simply died. They wouldn’t provide any information. But interestingly other ships’ GPS receivers lied. That is to say they gave false positions. So we had ships that were actually in the sea that appeared to be travelling over land.”

Multiple systems,  including navigation systems, emergency systems, the clocks and the automatic identification system, which transmits a ship’s location to other nearby ships so they appear on radar, failed in a second series of trials where a jammer was placed on a ship.

“We had ships that were in wrong positions and ships that suddenly began to move very gently without anybody realizing it,” explained Last.

When visibility is an issue and on busy shipping routes such as the English Channel, losing these systems can become a big problem.

“When the weather is bad, when fog is down the visibility is low, they (the ships) depend entirely on GPS for their navigation,” he said.

“If GPS goes wrong, the potential for accidents is very high.”

Many shipping companies may be uninsured in the event of a cyber attack is another cause for concern.

“Most insurance policies covering ships include a cyber attack exclusion clause which excludes cover for property damage and business interruption. This has left a potential exposure for shipowners,” said Montgomery.

The shipping industry needs to identify which risks need to be insured and how to mitigate them even as the insurance market is responding to these gaps and starting to offer products which cover cybersecurity, according to Montgomery.

“Some ship owners are now identifying the areas where they are exposed to cyber risks, developing and testing written information security and incident response plans, and putting their incident response team through simulated exercises (with the assistance of external legal advisors) to see where the gaps are,” he said.

“Once a shipowner has implemented active cyber risk identification and mitigation processes, they are likely to be in the best possible position to transfer any remaining exposures through a cyber insurance policy.

(Adapted from CNBC)