“The virus attacks on maritime companies, municipalities and others show how vulnerable we can be, but also how important it is to have good training, competence and routines. It is important to be well prepared, both to prevent attacks and to handle them if they come,” said acting director general of Navigation and Shipping, Lars Alvestad.
Part of the safety management
As of 1 January this year, digital safety will be a part of the safety management in ships and shipping companies covered by the ISM Code. The Norwegian Maritime Authority will monitor the compliance, but the companies themselves are responsible for handling the risk connected to digital incidents.
“An increase in the use of digital systems and connections for ships and shipping companies mean increased vulnerability to digital incidents. When such incidents are not handled the right way, they may, in the worst-case scenario, jeopardise the safety of the crew and passengers,” said senior surveyor in the Norwegian Maritime Authority, Nils Haktor Bua.
Increased focus on digital security
The NMA will focus on digital security in the time ahead. At the beginning of the year, and as a part of this work, the NMA and the Norwegian Environment Agency presented a proposal for a strategy for maritime digital security in response to a request from the Ministry of Trade, Industry and Fisheries and the Ministry of Transport and Communications.
“The strategy points to a number of measures for increased digital security in the maritime industry. The shipping companies also hold much of the responsibility for the security in their digital systems. Many are doing a good job, but there are companies that need to focus more on this,” said Mr Alvestad.
Procedures and training
The fact that companies in different sectors are attacked, and that the attacks hit important digital infrastructure, shows how serious this is and the importance of having good procedures and training, both in the shipping companies and on the vessels.
“The Norwegian Maritime Authority is not in a position to say that this virus is currently threatening shipping companies in particular. However, we would like to remind all companies and vessels to be aware that attacks may hit them, and to keep an overview of their digital systems, lines of communication, dependencies and system vulnerabilities. Make sure that crew and personnel have the necessary training to detect and avoid attacks. Procedures must be in place and known so that they can be used if a digital attack comes. You should train for digital incidents the same way you train for other security incidents,” said Johan Stensen, ISM coordinator in the Norwegian Maritime Authority.
The risk scenario shows a steady increase in ransomware attacks on Norwegian companies. In 2020, The Norwegian National Security Authority (NSM) warned against an increase in these attacks.