Parts-Syllabus
Part B
EM201 Advanced Navigation and Maritime Cyber Security
Cyber Security
Maritime Cyber Security on ships
Maritime Cyber security and safety management:File sharing and copyright issues (international regulations in usage of pirated and pornographic material);

Maritime Cyber security and safety management:File sharing and copyright issues (international regulations in usage of pirated and pornographic material);

Of course. This is an excellent and highly relevant topic. The use of pirated and pornographic material on board vessels is no longer just an HR or IT policy issue; it is a critical component of Maritime Cybersecurity and Safety Management with direct ties to international regulations.

Here is a detailed breakdown of the issues, the relevant international regulations, and the implications for safety management.

1. The Core Problem: How File Sharing Creates Risk

At first glance, a crew member downloading a pirated movie or accessing pornography seems like a personal issue. However, in the interconnected environment of a modern vessel, these actions introduce severe risks.

A) Pirated Material (Software, Movies, Music, etc.): The Cybersecurity Gateway

The primary risk from pirated material is malware. Websites and filesharing (P2P, torrent) clients used to obtain pirated content are notorious vectors for:

  • Ransomware: Encrypts critical files on a computer or network and demands payment for their release. Imagine the ship’s cargo plan, stability calculations, or even navigation chart updates being encrypted mid-voyage.
  • Trojans and Backdoors: Create a hidden entry point into the ship’s network. This could allow an external attacker to access and manipulate onboard systems.
  • Keyloggers and Spyware: Steal credentials, such as login details for official systems (e.g., port clearance, maintenance reporting) or banking information.
  • Viruses and Worms: Propagate across the ship’s network, potentially infecting both administrative (Crew IT) and, in poorly segmented networks, Operational Technology (OT) systems.

The Safety Impact: If malware from a pirated file crosses from the crew welfare network to the ship’s operational network, it can compromise critical systems:

  • ECDIS (Electronic Chart Display and Information System): A corrupted ECDIS could lead to navigational errors, grounding, or collision.
  • GMDSS (Global Maritime Distress and Safety System): Compromise of communication systems could hinder distress calls.
  • Engine Control & Monitoring Systems: Manipulation could lead to engine failure or damage.
  • Cargo Management & Ballast Water Systems: Incorrect operations could lead to stability issues, structural stress, or pollution.

B) Pornographic Material: The Human, Legal, and Security Risk

The risks associated with pornography are multifaceted:

  • Legal & Regulatory Violations:

    • Port State Laws: Many countries, particularly in the Middle East and parts of Asia, have extremely strict laws against the possession and distribution of pornography. A crew member’s personal laptop, if inspected by Port State Control or local authorities, could lead to crew arrest, fines, and vessel detention.
    • Child Pornography: Possession or distribution of child sexual abuse material (CSAM) is a major international crime. This will lead to immediate arrest, lengthy prison sentences, and catastrophic reputational damage for the shipping company.

  • Hostile Work Environment:

    • The presence of pornography onboard can create a hostile and intimidating environment, particularly for female seafarers and those with different cultural or religious beliefs. This is a direct violation of the principles of the Maritime Labour Convention (MLC, 2006) and company HR policies. It can lead to crew conflicts, reduced morale, and a breakdown in team cohesion, which is a direct threat to safe vessel operation.

  • Distraction and Reduced Performance:

    • A crew member distracted by accessing or viewing such material is not focused on their duties, whether on watch, conducting maintenance, or performing safety checks. This cognitive impairment is a direct safety risk.

  • Cybersecurity Risk:

    • Websites hosting pornographic content are, like piracy sites, high-risk sources of malware.

2. Connection to International Regulations

This is where individual actions become a corporate compliance failure. The company is responsible for what happens on its vessels, and several international maritime regulations apply directly.

IMO Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems

This is the most important regulation in this context. It requires shipowners and managers to incorporate cyber risk management into their Safety Management System (SMS) by January 1, 2021.

  • How it applies: The use of unauthorized software and the accessing of high-risk websites are identifiable cyber threats.
    • A company’s SMS must include procedures to identify, analyze, and mitigate these threats.
    • Failure to have a clear policy and technical controls against pirated material and high-risk websites is a non-conformity in the SMS.

The ISM Code (International Safety Management Code)

The ISM Code is the framework for the SMS. The failure to manage these file-sharing risks violates several of its core principles:

  • Section 1.2 (Objectives): To ensure “safety at sea, prevention of human injury or loss of life, and avoidance of damage to the environment.” Malware compromising an OT system directly threatens these objectives.
  • Section 6 (Resources and Personnel): The company must ensure crew are properly trained and understand the risks. This includes cyber hygiene training.
  • Section 7 (Shipboard Operations): The company must establish procedures for key shipboard operations. This includes an Acceptable Use Policy (AUP) for IT systems.
  • Section 10 (Maintenance): This includes the maintenance of software. Using pirated, unlicensed, and un-patchable software is a failure of maintenance and a known vulnerability.

The ISPS Code (International Ship and Port Facility Security Code)

While focused on physical security, the ISPS code’s scope includes security threats of all kinds.

  • How it applies: A cyber-attack initiated via a malware-laden file can be a security incident. For example, an attacker could disable security systems (CCTV), access the cargo manifest for piracy or theft purposes, or manipulate the Automatic Identification System (AIS) to create a “ghost ship.”

Copyright Laws (International Conventions)

  • Berne Convention & WIPO Copyright Treaty: These provide the international legal framework for copyright. While not maritime regulations, they are enforced by signatory nations. A vessel flying the flag of a signatory state or entering the waters of one is subject to these laws.
  • Enforcement: Organizations like the Business Software Alliance (BSA) can and do take legal action against corporations for using unlicensed software, resulting in heavy fines. Port State Control officers, particularly in the US and Europe, can ask to see software licenses for critical equipment (e.g., ECDIS chart software) during an inspection. A finding of piracy can be a ground for vessel detention.

3. Best Practices for Safety and Compliance Management

To mitigate these risks and ensure compliance, shipping companies must implement a multi-layered approach within their SMS:

  1. Clear and Enforceable Policy:

    • Develop a strict Acceptable Use Policy (AUP) that explicitly forbids the downloading and use of pirated material and the accessing of pornographic websites.
    • The policy must clearly state the consequences: disciplinary action up to and including dismissal, and reporting to legal authorities where required.

  2. Technical Controls:

    • Network Segmentation: Critically, the crew welfare/internet network must be physically or logically isolated from the ship’s OT network (ECDIS, engine controls, etc.).
    • Firewall & Web Filtering: Block P2P traffic, torrent sites, and known malicious/adult content websites at the gateway.
    • Endpoint Security: Install and maintain up-to-date antivirus/antimalware software on all computers onboard.
    • Restrict Administrative Rights: Crew should not have administrative rights to install software on company-owned computers.
    • Control of Removable Media: Disable USB ports or use managed USB solutions that scan for malware.

  3. Training and Awareness:

    • Conduct regular cyber hygiene training for all crew.
    • Explain the “why”—link the policy directly to vessel safety, job security, and personal legal risk (e.g., vessel detention, arrest). This is more effective than just stating a rule.

  4. Provide Legal Alternatives:

    • To improve crew welfare and reduce the temptation for piracy, companies should provide legal entertainment options, such as a regularly updated onboard library of licensed movies and music.

Conclusion

The management of file sharing and the prohibition of pirated and pornographic material is no longer a “soft” HR issue. It is a hard-edged safety, security, and operational requirement under the ISM Code and IMO cyber risk management guidelines. A single infected file can create a pathway to operational failure, leading to collision, pollution, or grounding. A single instance of illegal content can lead to vessel detention and criminal charges. Therefore, robust policies, technical controls, and continuous crew training are essential components of a modern and effective Safety Management System.

Maritime Cyber security and safety management:desktop security;Maritime Cyber security and safety management:phishing, risks regarding removable media;