Know the risk

Ines Nastali, DPC Editor

There is a growing dependence on data to drive development in dredging, which can bring real benefits such as geotagging stretches of the seabed that have been dredged, reducing the power consumption of a draghead, or even creating simulations of vessels for modelling scenarios. However, the accompanying downside is cyber risk – which formed the focus of DPC October’s question of the month, which assessed if people in the industry felt like they received sufficient cyber-security training.

While most of the respondents replied affirmatively, there is a lot of nuance to consider before the dredging sector can pat itself on the back for a job well done. The word ‘sufficient’ is open to interpretation and could mean anything from a one-hour online course to be taken once a year, to regular cyber training provided by specialist companies. In many cases, the lack of appropriate training only becomes apparent after a cyber vulnerability has been exposed – and most companies consider the human element to be the weakest link in the security chain.

A recent white paper by DPC sister publication Safety at Sea combines industry analysis with four years of results from its annual cyber-security surveys that were run in conjunction with shipowner association BIMCO. It confirms that this attitude towards employees is prevalent across the whole maritime industry.

I think that it is important that companies work hard to create an environment that steers clear of blame culture given that cyber risk is developing too fast for individuals to accurately assess the threat. Instead, the first step for dredging companies is to accept that they will inevitably be targets of a cyber attack in the future.

Companies must accept that the link between software systems and physical assets, such as vessel equipment, significantly increases cyber risk. Accordingly, the time to create a concrete plan to mitigate the impact is now. I urge you to read the report, which can be found on the DPC website, and to reassess if your company is truly sufficiently prepared for the coming cyber attacks.