Mr Fabela agreed technology is advancing for both adversaries and defenders, but he emphasised the critical importance of humans in implementing cyber security and preventing attacks from breeching defences.
“AI has levelled the playing field and means anyone can get knowledge on anything in the world, but it does not give them experience,” he said. “Having the human in the loop is important for cyber security.”
AI can provide managers and seafarers with additional information faster to make more informed decisions, but humans provide context, intelligence and analysis to the data.
“Adversaries are adopting AI to access information, but defenders also have the ability by use AI to unlock new information, to grow knowledge and learn from an expanded information field to defend against these attacks,” said Mr Fabela. “AI is an accelerator to get information on regulations and local rules. Organisations do not have to start from scratch.”
He said AI can aid and test firewalls, detect intrusions, and be applied to training people. It is a “powerful defensive weapon” for companies and people to use against attacks. But it needs human input and interpretation.
“AI will know the what as it can get this off the internet and through machine learning, but it does not understand the how or the why,” said Mr Fabela. “Context is key, and it is what human operators bring. Humans have unique knowledge.”
He reminded webinar attendees AI is only as good as the information it is trained on and can be biased, so its information needs validation.
“AI is accelerating, and attackers are using it”
Mr Benmoshe provided insight into cyber threats, vulnerabilities and solutions from a ports perspective. He said IAPH published cyber resilience guidelines this year and emphasised how emerging technologies are impacting maritime.
These are quantum computing, AI, drones, internet of things (IoT), 5G connectivity, automation and green energy.
“AI is accelerating, and attackers are using it,” he said. “We must be aware of that in our organisations and access security risks and vulnerabilities by introducing emerging technologies.
Cyber security should be incorporated into technologies from the beginning to prevent issues in the future. Mr Benmoshe used the examples of GPS jamming and spoofing to demonstrate how a system designed without cyber risk knowledge has led to multiple incidents.
He said organisations need to conduct holistic cyber-security assessments when integrating technologies, such as in ports where more automation systems are being installed.
“Avoid misconceptions that non-IT systems do not require cyber-security assessments,” Mr Benmoshe said.
Webinar poll results
Attendees were asked to vote on a series of poll questions during the webinar. Here is a summary of the results.
When was the last time your organisation conducted a cyber security assessment of the OT infrastructure?
Less than 6 months ago: 56%
7-18 months ago: 20%
More than 18 months ago: 24%
Which system do you believe is most vulnerable to AI-enabled cyber attacks aboard ships?
Communication systems (email/VSAT): 67%
ECDIS and navigation systems: 22%
Propulsion and engine control: 7%
Ballast and cargo monitoring systems: 4%
How often is cyber awareness training conducted for crew and shore teams in your organisation?
Annually: 48%
Quarterly: 36%
Every 1-2 months: 8%
Never/Not yet implemented: 8%
What is the most important defence strategy for ships in 2025?
Segmentation of OT/IT networks: 35%
Continuous crew training and drills: 30%
Strong access control and vendor management: 25%
AI-based threat detection and automation: 5%
Blockchain-backed data integrity: 5%
(source: Riviera Maritime Media)
