From: JDSupra Business Advisor
Maritime Cybersecurity Inland and Offshore — Avoiding “Paid Spies and Secret Confidential Agents on the Water of the Devil” and “Mere Dead Reckoning of the Error-Abounding Log”
by Christopher Hannan | Baker Donelson
THE CURRENT STATE OF AFFAIRS
“I know not all that may be coming, but be it what it will, I’ll go to it laughing.”
– Moby Dick, Or The Whale, Herman Melville
As Rear Admiral Thomas of the USCG commented in May of last year, the USCG has “been encouraging industry to start tackling this issue because . . . if you wait until we have a real cyber incident, it’s going to be fast, painful and expensive.” Cybersecurity, even if it may not be specifically spelled out in the current regulatory framework, must be actively addressed sooner rather than later by all vessel operators inland and offshore – despite the inherent complexity and foreignness (for many) of the systems for which cybersecurity measures are most critical. And a recent 2015 “Crew Connectivity Survey” by Futurenautics, based on responses from over 3,000 mariners worldwide (most employed in blue water shipping, but with some offshore/inland respondents as well), revealed that nearly half (43%) of seafarers had been on a vessel that had experienced a cybersecurity incident. And yet, only 12% of the respondents had undergone any form of cybersecurity training.
Thus, the implications of kicking the cybersecurity can down the road are not mere administrative regulatory concerns. If and when the first major offshore/inland marine casualty occurs as the result of a cybersecurity breach/incident, the bottom line consequences of a potentially shoddy/non-existent cybersecurity program contributing to the casualty may be cripplingly expensive. First, many traditional marine insurance policies (hull & machinery, protection & indemnity, marine CGL, and see specifically the “Institute Cyber Attack Exclusion Clause (CL380)”) often exclude liability for damages arising from cyberattacks/risks. Additionally, and relatedly, if an involved company’s cybersecurity program is so ill-advised/non-existent, in the face of so many available industry standards and so much regulatory guidance/admonition about the importance of cybersecurity, it could arguably render a vessel “cyber unseaworthy” – which in turn might void any insurance coverage that might otherwise apply. Likewise, a non-existent/incompetent cybersecurity program could potentially constitute negligence necessarily within the privity and knowledge of the vessel’s owner, which could potentially void the owner’s right to invoke limitation of/exoneration from liability.
Hello! Can you please advise me where I can read reviews of companies that offer the right software to guide potential customers? I read on this site Getvoip Lead Management seems to be true reviews. What do you think about this site?