Sunday, 19 November 2017
CYBER RISK & CYBER SECURITY – How are we planning it at PSL?

Information technology has changed our world like never before, and has fueled unprecedented productivity and efficiency, in business, government and our personal lives.  Shipping is no exception, but lags behind other land-based industries in adopting Information and Communication Technology (“ICT”) in ship operations and management.

Cyber security threats in present times have increased in variety, frequency and sophistication — from a Trojan USB stick that introduces malware aimed at acquiring sensitive commercial information or an email with detailed vessel itineraries sent to a large group of unknown people or the full-scale subverting of a company’s IT system or the potential compromising of Automatic Identification System (AIS) and Electronic Chart Display and Information System (ECDIS) systems on board ships. The number of potential risk scenarios is significant and keeps growing. Fraudsters employ whatever hacking technology works, often tailored to specific targets of opportunity.

At PSL, after conducting a risk assessment and proper review, we have found that:

• Our present systems incorporated in Office environment and on board ships are “robust” enough and we have not come across any case of Cyber Crime as of date.

• We have a system of Firewall checks in Office and have permitted limited white-listed websites access on-board ships through Inmarsat Satellite internet system.  That minimizes, if not completely eliminates, the risk due to Cyber-attacks on-board ships.

• With regard to the most discussed topic on ship cyber-attack related references to AIS, ECDIS and Vessel Data Recorders (VDR) which are integrated as part of the Integrated Bridge System (IBS), our system setup on-board ensures that no data from these equipment is available or transmitted directly online as we do not allow a 24 hour online option for our fleet.

Nevertheless, in order to reduce vulnerability to both cyber accidents and cyber-attacks, and to ensure safe and efficient operations of our fleet, we are reviewing and addressing cyber security:

• At all levels of the company – from senior management ashore to the crew on-board, as an inherent part of the safety and security culture on-board each vessel;

• In company policies – by considering how to align cyber risks with the existing security and safety risk management requirements contained in the ISPS and ISM Codes; and

• In relevant on-board procedures – by including new related requirements in in-house training programs, day to day operations of the vessel and maintenance of critical cyber systems, if any, that may exist on-board.

In addition, we are also planning to carry out in-house training for all our joining staff so that they are aware of the risks involved and are suitably prepared to tackle the cyber-attack or security breach issues.

We are in the process of drafting the procedures and relevant checklist for addressing the Cyber Risks and Cyber Security issue, we are expecting to complete all the required procedure manual and checklist by end of the current year.

Until then, we have asked all our sailing staff to follow industry safe practices and provided them with the latest version of “Guidelines for Cyber Security Onboard Ships” and revert back with their feedback if they find any related issues onboard.

Email Fraud Alert:

There is an increasing risk of attempted fraud and other security threats noted been sent out via email. At times, fraudulent requests are seen to change bank account details of suppliers/creditors, in an attempt to redirect payments to other parties and not to the intended recipient or at times false payment due invoices are sent using fraudulent email domains, especially when such emails contain an attachment. We encourage everyone to be extra vigilant and learn to detect fraudulent email instructions - seemingly legitimate emails may contain fraudulent information.

Please note we treat any notice of bank account changes received only via email as suspicious. Urgent pressure to effect payment as soon as possible without verification of the changes will also be treated as suspicious and will not be entertained unless it is double checked and verified personally by a follow up phone call or cross verification.

Contact Us

...

Where we are

Precious Shipping PCL
No. 8 Cathay House,
7th Floor North Sathorn Road,
Silom Bangrak,
Bangkok 10500 Thailand
Tel: +66-2-6968800