Gard published free materials to cyber security crew training

Gard published free materials to cyber security crew training

Across the global maritime community, ports, ships and offshore units are increasingly connected to and dependent on systems that makes use of a cyberspace (Internet). Failure to anticipate and prepare for a cyber incident onboard a ship or offshore unit may have significant consequences.

The easiest and most common way for cyber criminals to strike, is through negligent or poorly trained individuals. Some Gard Members and clients have been victims of cybercrime where hackers have accessed the e-mail accounts of their service providers and sent e-mails purporting to be from their shore side organisation or other thrusted providers. There is also a common perception among ship’s crew, doubting the importance of cyber security on their ship; claiming their ship is not connected to the cyberspace.

Cyber security requires proper trained staffing to gain the full value of technology investments and the related IT- and operational procedures. Creating an analogy between the cyber threats and the other dangers faced on the maritime adventure, is an effective way to engage people on this subject. 

Gard’s aim is, together with its partner in this project, DNV GL, is to create awareness and to build competence towards crew and others – focusing on daily tasks and routines, with an aim to de-mystify the cyber issues for “normal people”.

Based on the analysis of cases involving cyber security, Gard and DNV GL have produced a video and a presentation with some concrete recommendations for how the maritime industry can take to address them. The material is not intended to suggest any industry changes or rule changes, but rather changes in the way people behave and act. That said, cyber security is now also part of the ISM Code, effective from 2021, so this will in future be part of the regulatory agenda too.

Jarle Fosen, Loss Prevention Executive in Gard, stresses the importance that this cyber security awareness campaign is not intended to create fear and uncertainty:

"We do not want to present cyber security as the hooded criminal hacker, but rather show how easy one can fall victim to a social-engineered attack and the easy steps one can take to avoiding them by thinking before you click!  We want to influence a good crew behavior and attitude and teach them how to manage some of the risks."