Cyber-risk-reality in Sørlandet

Beyond the buzz word...

To explore risk-readiness, attitudes and to address the main challenges, YoungShip Sørlandet
gathered representatives from BW Offshore, K-Line Offshore, Globetech and Gard, for a seminar
and panel debate on Cyber risks at Gard’s head office in Arendal on 30 October.
While press headlines constantly remind the industry of cyber risk imminence, global surveys point
to maritime industry as ill-prepared and slow to address the cyber issues, how do the maritime
companies at Sørlandet, operating on worldwide scale, perceive the cyber risk? Has it become
another buzz word the industry is threatened with?
The attendance could indicate that cyber security would not be the top risk priority for local
businesses, however an engaged audience from maritime tech companies, shipowners, offshore
business, marine surveyors and local port representative throughout the evening proved the
opposite. As an imminent risk it should be addressed and discussed sooner rather than later.
While the largest cyberattacks gain global attention and multimillion losses on company books, most
of the incidents taking place daily, go unreported. As attendants learned, maritime business is under
constant cyberattack.
- It is about time to start talking about what is happening openly and share the experiences, says
Jarle Fosen, Senior Loss Prevention Executive at Gard.
Stein Erik Andersen, CTO and founder of Globetech has a clear invitation to the industry;
- Cross-business experience -and knowledge sharing is crucial in order to reduce risk for
shipowners and management companies. Together we can help each other preventing cyber-
attacks and reducing the risk of breaches".

Though most of the incidents taking place go unreported and is not spoken about, there is a change
and companies are starting to share more on the subject showing a development in maturity. The
audience was fortunate to be able to listen to Operation Manager Lasse Dahl Nilssen from K – Line
Offshore that shared an incident that occurred last year:
- Communication blacked out on one of our vessels and we were without communication means for
a few days. We learned a lot and have made alterations within the organisations as a result of this
incident. A drastic approach was change of supplier, but we also needed increased training of crew
and onshore staff to reduce the risk of reoccurring events, Nilssen explains.
While real cases and illustrative examples brought by speakers, make it very real. The importance of
human factor in cyber security chain were highlighted throughout the evening.
- The element of human factors and errors are crucial, says Fritz Ekløff, Head of IT from BW Offshore.
- Awareness training is and will be critical in order to reduce risk for cyber incidents, and this
includes the entire organisation, onshore and offshore, he continuous.
With a comment from the audience Ekløff stated;

- Not using two factor identification is like driving without a seatbelt, you will be hacked.
It is 30 October, the end of cyber security awareness month and still a lot of questions from the
attendees. The evening proved too short to address all questions from the audience. This is a clear
sign that cyber security needs to continue to receive a high focus, and it was concluded that
more such events are necessary as the technology advances and cyber threats become ever more
advanced.
Participants reflected a uniform attitude, advising to be proactive rather than reactive to cyber risks.
To remain vigilant, cautious and be prepared by having good cyber safety routines, would enable
companies to stay cyber-safer.
Fosen states that it is important to understand that cyber security is complex and ever-changing. It is
impossible for all of us to be experts; even IT professionals sometimes fall victim to cyber fraud. The
most important thing Is to treat uncertainty the right way:
- Be prepared and thing and ask before you act, says Fosen.
- A ship will never be 100% cyber safe, so having a contingency plan and having back-ups, data logs
to track changes is very important when faced with a cyber crisis, he continuous.
Advance of technology implies that the cyber threats become more refined and we all together must
act as cyber security experts. Regular awareness campaigns and training of people were underlined
as crucial. We encourage everyone to report and share experiences related to cyber risk.
YoungShip Sørlandet would like to express a big thank you to all participants that supported the
incentive to create a local forum for addressing global risk attracting industry’s attention
worldwide.

Arendal, October 31.