By Jean-Marc ROUE, President of Armateurs de France
Nautical security and navigation equipment, telecommunications, energy production or propulsion systems… The world of maritime transport is not immune to the digital evolution, which is necessary for its profitability and competitiveness. But digitisation also increases risks, especially cyber risk: equipped with many digital technologies, ships, like other means of transport, are potentially new targets for cyberattacks. Without wishing to be alarmist, shipping companies are integrating this threat development into their systems, as they have always been able to do with other types of risk. Beyond their own awareness, shipowners must prepare their crews and all their fleet operating teams for possible cyberattacks, right from the ship design phase.
Armateurs de France, the professional organisation for French maritime transport and service companies, has tasked itself with building a framework to promote the development of the maritime economy and employment, in both metropolitan France and the overseas territories. Its principal mission in terms of cybersecurity is to make the entire shipowning community aware of cyber risks and thus ensure optimal safety and security of maritime transport and its logistics chain.
This desire was illustrated by a dedicated round table organised during the first edition of its Shipping Day, in Paris, on 10 April 2018, bringing together leading specialists on the issue. As early as 2015, Armateurs de France distributed best practice guides to its members, published by BIMCO and the National Information Systems Security Agency (ANSSI). In 2017, the organisation contributed to the development of the Maritime Gendarmerie’s “Guide to the Preservation of Traces and Indicators”, instructing companies on how to respond should they fall victim to a cyberattack. And since reinforcing security also means training crews in maritime cybersecurity, Armateurs de France has supported developments in the system of reference for the initial training of merchant navy officers, which included theoretical courses on cybersecurity, along with simulator role plays, since December 2017.
Armateurs de France also acts as a spokesperson for French shipowners in relaying their concerns to the national and international authorities, ensuring that maritime specificities are taken into account and regulations adequately amended. There is currently still no international regulation on the subject, but the International Maritime Organisation has already drafted a document titled “Interim Guidelines on Maritime Cyber Risk Management”, which marks the beginning of a major project. Industry professionals believe that cybersecurity must be debated at the international rather than the European level. Armateurs de France is therefore very attentive to the drafting of rules by the IMO in order, in particular, to verify that they are in line with the NIS (Network and Information Security) directive. This directive, intended to ensure a high, universal level of network and information systems security in the European Union, provides for Member States to have established network and information security strategies by November 2018, and organises cooperation between Member States. At the national level, Armateurs de France has contributed to the modification of Division 130 which, for the past year, has introduced a mandatory evaluation of cybersecurity provisions. Within each shipping company, this evaluation must assess the ship’s software and hardware mapping, determine sensitive elements on ships and organise system vulnerability management. It must report on measures taken by the company to protect its information and communication systems and be included in ship security plans.
“With their complex operating systems, ships are not easy targets. There is nevertheless a very real risk, and it is essential for shipowners to become aware of this and make their voices heard, to ensure that the regulations meet the specificities of our sector. Finally, we must not forget the ports, which are essential interfaces between ships and land and have also undergone extensive digitisation to automate some of their functions and increase efficiency. Creating interconnections between ports and port information systems has indeed led to increased vulnerability to cyberattacks. It is therefore essential to work together with all the sector’s stakeholders on these security issues.”