News / 13-09-2022 / London

“Our vision is that the UK in 2030 will continue to be a leading responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace in the support of national goals.” 

In its recent “National Strategy for Maritime Security”, a report published in August 2022, the UK Government recognised that one of the challenges impacting on maritime security is malicious cyber activity, which has grown in terms of severity, intensity and complexity. Consequently, mitigating risks against cyber threats within the maritime industry remains more important than ever and will continue to be critical as the industry becomes increasingly automated.  

The report confirms that the Government continues to assist the maritime sector to build resilience against a range of cyber threats including cyber espionage, cyber-crime, hacktivism and ransomware. As a result of the increasing use in the UK maritime sector of technological advances in the management of ports, logistics, supply chains, the rollout of 5G networks and the consideration of autonomous shipping, there has been a growth in ransomware attacks. This means the sector must better understand the threats in order to take appropriate mitigating steps to reduce the impact of successful cyber-attacks. 

The report highlights a number of ransomware attacks in the international maritime sector that took place throughout 2020 and 2021, including a malware attack on MSC in April 2020, a ransomware attack on CMA CGM in September 2020 and two ransomware attacks on Toll Group, the Australian logistics company, in 2020. 

The UK Government emphasises its ongoing support to organisations in terms of offering advice and guidance on cyber best practice. Among other things, in February 2022 the Government published a new National Cyber Security Strategy aimed at ensuring that Government, Critical National Infrastructure, organisations and citizens better understand the cyber risks they face and their obligations to manage them. The National Cyber Security Centre (NCSC), the national technical authority for cyber threats, provides advice and guidance on risks through information sharing platforms and technical assistance in the event of a cyber-incident. It offers access to a range of free cyber security tools and services, including tools that help organisations test and practice their response to a cyber- incident, as well as spot malicious activity on their network.  

The report also mentions the Network and Information Systems (NIS) Regulations, which came into effect in 2018 and which support organisations in building a stronger foundation of cyber security and resilience. The Government, through the Department of Transport as the competent authority for regulating the maritime sector, will use the Regulations to drive up standards of maritime cyber security and help the sector become more resilient. 

The report additionally indicates that the Government intends to update the 2017 Cyber Security Code of Practice for Ships and work with the IMO to agree international standards and agreements. The Cyber and Information Security section contained within the Port Facility Security Instructions will also be updated. The Government will furthermore focus on training the workforce in specialist cyber skills and other knowledge required by those engaged in relevant work programmes. 

Comment 

In 2019, the UK Government published “Maritime 2050 – Navigating the Future”, which set out its long-term vision for the UK’s maritime sector for the following 30 years. Also in 2019, the Government strengthened the UK’s maritime security capabilities by establishing the Joint Maritime Security Centre which works with stakeholders across Government to develop a “Whole System Response” to maritime security threats.  

This new National Strategy for Maritime Security is the latest, and a most welcome, step in the Government’s future strategy for the UK maritime sector and is intended to help the UK get closer to the security ambitions set out in “Maritime 2050.”