This commentary appeared in the print edition of the Jan. 6, 2020, Journal of Commerce Annual Review and Outlook.
Embracing technology in the maritime sector has provided enhanced tools to manage supply chain velocity, but this technology has increased business risks. Last year, I advised companies in the maritime sector to ensure that their cyber systems were rigorously assessed to detect and remediate vulnerabilities that could potentially disrupt international commerce.
I reiterate that advice with renewed urgency and with certain specific recommendations on how a transportation company of any size can embrace best practices with regard to this area. As a threshold matter, maritime transportation companies must equate the current cybersecurity threat with the physical security threats they faced in the post 9/11 world. The same layered approach to maritime security that was the hallmark of the Maritime Transportation Security Act of 2002 and its ensuing regulations must be applied to the cyber threat.
To do so, your company’s management should make a firm commitment to addressing cyber risk. Information technology (IT) professionals should be trained in matters relating to cyber security. There are programs that provide such training, and there are various advanced credentials that these IT professionals can obtain that will benefit your company. With the assistance of your IT professionals, the company should undertake a comprehensive cyber security assessment. Self-assessment tools are available. However, depending on the size and complexity of your systems, retaining a third-party cybersecurity assessment company might be advisable. Engaging a third-party assessment team would also make it easier to audit the company’s vendors and customers, which form a significant component of such an assessment, given the business necessity of information sharing. Thereafter, top-to-bottom employee training is advised to alert employees to the risks and how to avoid such risks. Unfortunately, employees can easily fall prey to email phishing scams and other enticements that can render a company vulnerable. Management should also be working with their risk managers to determine if cyber risk insurance would augment the company’s existing risk management program to temper the effects of an attack.
Cargo transportation companies should not be discouraged if they have not already embarked on a program of cyber security but should get on board quickly to prevent disruption to their businesses and to ensure the efficient transportation of cargo.