New digital technologies, supported by developments in connectivity and the ability to transfer data in greater volumes between ship and shore, promise significant gains for ship and fleet performance. However, the deepening of onboard and onshore interconnectedness and the mixing of shipboard IT and operational technology (OT) systems also opens up new avenues for security compromises. In the evolving digital landscape, cybersecurity is an increasingly critical element for the safe operation of vessels.
“It’s certainly something that we take extremely seriously,” Craig Smith, senior cybersecurity specialist at Seapeak, tells The Naval Architect. “From a reputational point of view, it is imperative that we do everything in our power to safeguard our maritime operations, team and clients from the increasing threats posed to our industry.”
Employing approximately 2,400 shore and sea staff globally, Seapeak (formerly Teekay LNG Partners) is one of the world’s largest independent owners and operators of liquefied gas carriers, providing services primarily under long-term, fee-based charters through its interests in 46 LNG carriers, 20 mid-size LPG carriers and six multigas carriers.
The company has signalled plans for expansion by entering into an agreement with Jaccar Holdings to acquire Danish shipping company Evergas. Once completed, the US$700 million deal will add two Very Large Ethane Carriers and eight multigas/LNG carriers to Seapeak’s fleet, all of which are on fixed-rate time charters to chemicals giant Ineos. Copenhagen-based Evergas also controls six LPG carriers under leases ending in 2024.
In addition, Seapeak has an order worth US$1.1 billion in place with South Korea’s Samsung Heavy Industries for the construction of five 174,000m3 M-type, Electronically Controlled, Gas Admission (MEGA) propulsion LNG carriers. Scheduled for delivery in 2027, the vessels will operate under a fixed-rate time-charter contract with US energy major ExxonMobil.
The complexities associated with the vessels in Seapeak’s fleet make them particularly vulnerable to high-impact attacks, another reason that cybersecurity needs to be front and centre of the company’s thinking, says Smith.
It is estimated that 95% of cybersecurity breaches are due to human error so it is no surprise that a big focus for the company is cybersecurity awareness training of crew members as well as all the shore staff. “You can have all of the top of the range tools and spend millions on technology but if your crew and staff aren’t educated, that can all be compromised in seconds,” Smith notes.
He adds that crew training is moving away from the “classic, boring video presentations” to a more gamified process that includes phishing tests and simulations. “It’s not practical for me or someone else to go aboard every vessel to do sessions so we are getting the crew to take the lead with their training. Gamifying the training improves crew engagement and outcomes,” he explains.
Seapeak recently achieved a landmark in maritime cyber security when one of its LNG carriers obtained Maritime Cyber Baseline accreditation from cybersecurity experts Infosec Partners, making it the world’s first seagoing vessel to meet the requirements of the certification scheme.
Launched last year by Infosec Partners in collaboration with the IASME Consortium, the Maritime Cyber Baseline scheme ensures that cyber security plans meet the IMO’s Maritime Cyber Risk Management guidelines. It is open to all ship types and is a way for operators and owners to counter emerging cyber threats, reduce the likelihood of a cyber-attack disrupting day-to-day operations and reassure supply chain partners and flag and port authorities that a vessel has suitable cyber security controls and processes.
“Previously, you would get cyber certifications that were done for typical office and shore locations. Infosec have a proven track record in delivering cyber security to the maritime industry,” says Smith, explaining why Seapeak chose to take part in the scheme.
To carry out the certification process Infosec Partners’ assessors undertook extensive remote audits and testing of the vessel’s IT and OT environments, ensuring that all cyber security systems and controls put in place can detect, block and respond to known cyber related threats to prevent a successful breach from occurring.
“It’s not a simple process, there’s quite a lot to it, but it is nicely streamlined and we had a lot of good support from the Infosec team,” says Smith.
More than 50 different companies and organisations were consulted during the development of the Cyber Maritime Baseline scheme including departments of NATO. One of its strongest supporters has been the Royal Institution of Naval Architects itself, and a special ceremony was held at RINA’s London head office to present Seapeak with its certificate.
“RINA has a deep desire to help the maritime industry improve cyber security across the constantly changing maritime landscape,” comments RINA chief executive Chris Boyd. “We fully support the Maritime Cyber Baseline scheme and congratulate Seapeak on being the first to receive this award. It’s an important step forward in demonstrating IMO compliance and in improving the cyber security posture of their fleet.
“Cyber security for the maritime industry must be taken very seriously, and it’s critical that we as an Institution champion such initiatives that help our community stay up to speed with all the challenges facing the maritime industry.”
“We see the certification as a real positive, it sends a strong message on Seapeak’s commitment to having a secure fleet,” concludes Smith.