Cyber Risks – Vulnerability for Ships and Safe Navigation
The increased use of computerized systems for ship navigation has without doubt enhanced the safety and security of vessels at sea. However, this has made possible a new kind of threat being the cyber risks that may interfere with these navigation systems. Although there have been no reports of marine casualties caused directly by cyber threats, the cyber risks are on the top of the agendas for the safety and security of vessel at sea. Still, the legal aspects of these threats are to be addressed.
The increased use of computers onboard ships may potentially bring a massive rise in the threat levels as these systems are vulnerable to cyber risks. For example, the Automatic Identification System (AIS) is a global system that identifies and tracks vessels in real time by transmitting the position, speed and heading of a vessel, among other information. The AIS is mandated by the International Maritime Organisation (IMO) in all passenger- and commercial vessels over 300 metric tons. As experiments, it has been reported that researchers have been able to break into this system and alter data in real time. It is clear that hostile persons or entities with criminal and/or political motives could try to exploit this vulnerability, which again potentially could lead to marine casualties or the paralysis of maritime traffic at a certain location.
Still, there has yet been little legal analysis of how incidents caused by cyber risks should be dealt with. For example, in timecharter parties, off-hire periods may be caused by cyber risks, but this particular cause has yet to be addressed by the standard form for charterparties frequently in use for shipping and oil service activities.
With regard to marine insurances, the cyber risks are frequently excluded by Hull & Machinery insurers. In P&I insurance there are yet no general exclusions for cyber risks, but the sums available may be limited. In exceptional cases, a cyber attack launched by persons or entities for political, social or religious motives may be regarded as a war risk, and could therefore, depending on the particular circumstances of such a case, be coverable under a war risk insurance. But also in marine insurance, the legal implications of a casualty caused by cyber risks, has yet to be analysed further.
Today, the cyber risks to ships and their safe navigation are mainly addressed on the safety and operational level, as these risks are clearly present, although there has not been reported any serious incidents caused by these risks alone. With regard to the legal aspects of cyber risks, the analysis has yet to come, but it is hoped that the legal issues will be more thoroughly addressed and analyzed before a serious marine casualty occurs where one would have to determine the legal effects of cyber risks being the main cause of maritime liabilities.