Jordan Wylie, Communications Officer, Be Cyber Aware at Sea Campaign, gave a presentation at the 2017 SMART4SEA Conference & Awards, entitled ‘’Is Online the New Frontline?’’ where he highlighted the importance of the human factor in managing the cyber risk at sea. With most cyber and information security breaches on board being a direct result of human error, Mr. Wylie informed the audience that awareness and training should be the starting point for all ship owners as we advance further into the digital era of shipping. Mr. Wylie spoke about the Be Cyber Aware At Sea campaign and demonstrated that ship-owners do not need to invest huge amounts of capital to start mitigating this emerging risk, they just need to change their attitude towards cyber and address the challenges from the board room through to the engine room, he stated that online is the new frontline and fortune favors the prepared.
Back in 2009, I left the British military after nearly 10 years of service and since then I have spent the last seven years in the maritime sector, when in 2010, I found myself on a vessel transiting the High Risk Area of East Africa. At that time, a Somali pirate action group managed to board our vessel while we were waiting to go into Mogadishu, as part of a global aid programme. I was the leader of an ‘un-armed’ security team for the vessel as due to a Flag State restriction, we were not allowed to carry weapons on this particular vessel because the carriage of arms was prohibited by the Flag. Many people used to say to me ‘What’s the point in having a security team onboard if they don’t have any weapons, firearms or ammunition?’. However, we were there to train, to advise, to educate and to make sure there was a plan in place for the crew in case the vessel got attacked or hijacked, in the worst case scenario.
When I got the phone call and agreed to take that job, I realized quite quickly, how dangerous a job would be boarding a vessel that was going to set off the coast of Somalia with a low freeboard too! In the worst case scenario, the pirates were to attack us or illegally board our vessel (which they did). My task was to make sure, well in advance, that the crew onboard understood the pirates’ capabilities, tactics and procedures and also to train the crew for what to do in the worst case scenario, which actually happened. Our vessel came under attack in mid-2010, with Rocket Propelled Grenades, therefore, I had to take the crew down to the citadel. On this particular occasion, the pirates boarded the vessel for over 24 hours. So, I had to take the crew in the citadel, where we stayed for the many hours, and at some point, during this time, I decided to make the decision to climb up the funnel of the ship and contact the European Union Naval Forces in the region and, luckily for me, I was able to gain contact. Thus, the Naval Forces sent a helicopter, which eventually scared the pirates off and all crew was able to go up on the bridge. This story highlights the fact that the crew performed exceptionally well, but only because they had been trained properly in advance and they were well aware of the procedures and the plan we had worked hard on prior to the incident.
Seven years on from now, the world has changed significantly. We are now very much immersed in what we are calling the ‘digital area’ of marine operations and, although pirates are still active, there is a new growing threat, the cyber threat – which is a lot more difficult to defend against. In my experience, where Maritime Safety Security and Risk Management are concerned, the fortune always favors the prepared. It is for this reason, I launched last year an initiative called the “Be Cyber Aware at Sea” campaign www.becyberawareatsea.com
Seafarers are very committed and extremely dedicated professionals and when they are trained, they can do incredible things. But they are human beings of course and just like the rest of us, in their daily lives, they get stressed, fatigued, tired and get emotional. If they are not trained properly on how to do something, they will do what we all do: they will make mistakes. However, the problem is that in the maritime or offshore sector, consequences of mistakes can be extremely severe. Lack of awareness and education has the potential to cause damage to property, loss of life and also pollute the environment. Cyber is also an interesting subject for the industry, as technology for operational and informational purposes is at the core.
The Human element has been long identified as a significant factor in the majority of marine safety incidents attracting a lot of the industry’s attention. However, when it comes to improvements for security and safety, cyber risk should be no exception as well. Cyber security is listed as an imminent threat to most nations and businesses. But why is it not considered the same in shipping?
I would not like to scare people and I’m also not encouraging people to invest large amounts of money in cyber- risk management. For me, it’s about developing people, who are actually the greatest asset on board, but potentially also the biggest vulnerability. Technology has a very important role to play in shipping and in terms of cyber risk. The more communications and connectivity we have onboard, the more vulnerability we must deal with, from the risk managers perspective.
For the last two years, as well as running a training business in the maritime sector, I have been studying for a master’s degree in maritime security, which I finished last year. I spent two years studying my thesis was entitled “Cyber Security; The Unknown Threat at Sea?” trying to answer the following two key questions: What does the shipping company understand about maritime cyber security threats? ; and How do they manage those cyber security threats?
During my research, I spoke to ship security officers, company security officers, persons responsible for the security on land from a fleet perspective, and I also spoke to the IT departments or the head of IT departments. The result was quite astonishing for me, as a risk manager:
- 67% of the CSO’s told me that ‘cyber security is not a serious threat’. More often and not, they told me ‘to speak to IT department is not my issue’.
- 91% of the SSO’s said that ‘they don’t have the training, the education, the knowledge, the skills set to deal with the cyber threat’.
- 100% of CIOs said ‘we do not provide cyber security training onboard’
- 53% of CIO’s said ‘we provide IT security policies onboard our vessels’
These findings were the catalyst for the ‘Be Cyber Aware at Sea’ campaign, which is a free global awareness campaign to help educate seafarers and help ship-owners and marine industry stakeholders to help inform and educate them on human factors and measures that can be taken to reduce more than 80% of cyber and information security related incidents.
Be Cyber Aware at Sea focusses on people, using innovative, simple and easy to understand techniques and messaging to help aid understanding in a non-technical language. There’s a free website you can visit: www.becyberawareatsea.com including lots of useful resources, posters or industry guidelines that have been released by different industry stakeholders to download and also videos. Our onboard messaging campaign which’s been very popular has catchy and simple messages so as people to be made aware. This is very important because cyber is often seen as a technical subject that people are difficult to comprehend, so using very simple and inventive messages, we’ve allowed the shipping industry to understand and get concerned. If you want to keep up-to-date with all cyber related issues, you may join our newsletter ‘Phish & Ships’
Just like what I learned from the coast of Somalia seven years ago, seafarers are incredibly special people, who when they are trained properly, they can do extraordinary things. Therefore, I believe that we all have the responsibility to inform and educate them on the maritime cyber threat which is a real threat that continues to grow and evolve. Online is very much the new frontline, which is why we should all Be Cyber Aware at Sea!
Above text is an edited article of Jordan Wylie’s presentation during the 2017 SMART4SEA Conference & Awards
You may view his video presentation by clicking here
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
About Jordan Wylie, Communications Officer, Be Cyber Aware at Sea Campaign
Jordan Wylie is an experienced maritime security and risk management professional whose career started with 10 years’ service in the British Military as an intelligence and reconnaissance specialist, before entering the private maritime security sector in 2008. Jordan has provided maritime security consultancy services to many of the world’s largest ship owners and is a retained consultant by several flag states, providing guidance on piracy, terrorism, organised crime at sea and the maritime cyber security approach. Jordan has trained over 10,000 seafarers globally and also completed over 100 missions on board as a security team leader during the height of Somali based piracy. Jordan holds a BA (Hons) in Marine Risk Management and an MA in Maritime Security where his much talked about thesis subject was; ‘Cyber Security; The Unknown Threat At Sea’, which was also the catalyst for the free to join global maritime and offshore cyber awareness campaign that he and his team are driving throughout the shipping industry – BE CYBER AWARE AT SEA www.becyberawareatsea.com Jordan is the founder of JWC International, a specialist marine consultancy provider, the President of the Security & Risk Management Alumni and a Non-Executive Director at the Company Security Officers (CSO) Alliance.