Going Lo-Fi At Sea May Mitigate Cyberrisk

Cyberthreats have become seaborne in recent years, and preventative measures are on the radars of governments and the shipping industry.

GPS and other electronic systems have proven to help ensure safe and accurate navigation, but they have also put digital bullseyes on ship decks. These technology upgrades have unwittingly exposed ships to cyberrisk because their signals are weak enough for remote perpetrators to jam.

When ships and crew members rely solely on GPS systems, they can be at the mercy of a cyberhacker seeking to provide wrong positions (or “spoof”), endanger the crew and their cargo, or hold the crew, cargo or sensitive information for ransom.

These risks are exacerbated by the fact that ships typically do not have automatic backup systems, and younger crew members are increasingly reliant upon the newer electronic navigation tools.

Allianz’s Safety and Shipping Review 2017 highlighted the growing threat of cybercrime in the sector, and noted the increasing level of activity in the last five years. For example, World Fuel Services fell victim to an online bunkering scam in 2014 when it agreed to participate in a tender for a large amount of fuel from what it believed to be the United States Defense Logistics Agency. Cybercriminals collected $18 million from that successful impersonation. In 2016, hundreds of South Korean vessels had to return to their ports after North Korea allegedly jammed their GPS signals.

The report noted that most maritime cyberattacks have been aimed at breaching corporate security, rather than taking control of vessels, but warned that such attacks could occur.

Captain Rahul Khanna, head of marine risk consulting at Allianz Global Corporate & Specialty, noted in the report that more, larger-scale attacks are imminent if the risks are not appropriately addressed. “We can’t put IT security on the backburner,” Khanna said. “Just imagine if hackers were able to take control of a large container ship on a strategically-important route. They could block transits for a long period of time, causing significant economic damage.”

The report also stressed that “crew education and identifying measures to back up and restore systems should be implemented” to reduce cyberrisk.

Looking Back For a Signal Forward
Some companies and governments have heeded the warnings and are identifying these indicators of attack. Preventative measures may lie in a maritime tool that had taken a backseat to the prevalence of GPS—a backup radio technology called Enhanced Long-Range Navigation (eLoran), which was developed in the United States in the mid-1990s. It has continental reach, emits strong signals via a low-frequency and relies on land-based transmitters that reveal a limited number of fixed positions. These once-limiting traits could be the automatic backup systems ships need in the event of jamming or spoofing.

On July 20, 2017, when the Department of Homeland Security Authorization Act (H.R. 2825) passed the floor of the U.S. House of Representatives, eLoran’s importance was stressed. The act includes a section titled “Backup Global Positioning System,” which features provisions for the U.S. Secretary of Transportation to initiate an eLoran system. H.R. 2825 proposes that eLoran be made available as a “reliable…positioning, navigation and timing system,” with the purpose of providing “a complement to, and backup for the Global Positioning System to ensure availability of uncorrupted and nondegraded positioning, navigation and timing signals for military and civilian users.”

Reuters this week reported that South Korea’s Ministry of Oceans and Fisheries is looking to establish the technology in a test form by 2019.

Time will tell if eLoran is the most practical and cost-efficient method to mitigate cyberthreats at sea. It seems if companies want to mitigate maritime cyberrisk now, the first steps would be to look to the technology of the past and turn on the radio.

Aquisition Integration for Logistics and Cargo Insurance

chess-game
During my 36 years in the marine insurance industry, one of the most common issues has been failure to properly integrate acquisitions into cargo logistics insurance programs—which can result in gaps in cargo insurance coverage. Old habits die hard, however, and this is particularly true in logistics operations.

When an organization acquires a new company, there is a choice. The buyer can allow the acquisition to continue to operate independent of its logistics program (rarely is cargo insurance left independent) or fully integrate them into the buyer’s logistics and cargo insurance programs. The most common occurrence is full integration into the buyer’s logistics and cargo insurance programs for cost savings and continuity.

If the independent logistics option is chosen for the acquisition, it is still critical to perform a detailed gap analysis of the logistics SOPs (Standard Operating Procedures) used by the acquisition to assure their program does not present unique exposures not currently considered or addressed in the buyer’s program. The most objective and effective gap analysis should be performed by an outside consultant working with the buyer’s designated logistics representative.

A risk management representative is not required but may wish to attend. The consultant must have extensive experience in logistics audits as well as a clear understanding of implications of the terms and conditions of the cargo policy. This team will create a gap analysis report that details variances from best practices and the key drivers in the buyer’s logistics program that are critical to the marine cargo insurance program. This also allows the buyer’s cargo program to be adjusted for any unique requirements of coverage by the acquisition to assure there are no coverage gaps.

Importance of SOPs
It is worth a moment to address SOPs for logistics and security for shipping and storing goods in the due course of transit. Formal SOPs are critical to assure compliance, and proper measurement of compliance. SOPs also provide continuity of logistics’ programs so learned processes and shipping lane specific issues are not lost when there is a change in personnel.

In instances when the buyer decides for full integration, the process is much the same as described above for the independence option for logistics by the acquisition. The most important difference is that the gap analysis details the variances between the acquisition and the buyer’s logistics program SOPs and rates the findings into levels of importance for timely adoption; critical, second tier and third tier variances. The critical issues require adoption as soon as possible while the other variances can be corrected over the course of time.

It is important to complete a followup audit(s). If there are critical issues, a followup audit might be completed after the buyer has been advised that the critical variances have been finalized, to independently confirm compliance has been obtained if deemed appropriate. Regardless, a one-year audit is recommended to examine all the variances in the gap analysis to determine the level of compliance to correct all originally identified variances.

Again, old habits and processes die hard. You will often hear, “We always did it this way.” It is important during the gap analysis to integrate local issues required as needed, as long as it does not compromise the goal of the SOP. The integrations, especially acquired foreign companies, can be difficult, involving politics by other units of both companies outside of the logistics, security and risk management units. It is critical that senior management of both the buyer and the acquisition company have “full buy-in” on the integration process to overcome the political infighting that can develop.

The best analogy of this process would be a chess game—complex and variable with many moving, interrelated parts.

June Commercial Insurance Rates Up 1%

The composite rate for commercial insurance placed in the United States rose to minus 1% in June from minus 2% in May, according to MarketScout. One of the most significant changes was rates for transportation accounts, which moved from minus 2% to plus 1%. Rates for every industry class, except habitation and transportation, moderated by 1%. Habitational rates were unchanged at minus 2%.
Industry class chart-1

Industry class list

“Insurers are getting tired of cutting rates,” said Richard Kerr, chief executive officer of MarketScout. “There are still pockets of very competitive business; however, it is beginning to look like insurers are willing to maintain the rate reductions of the past few years and not cut rates even further.”

Coverage classifications business owners policies (BOP), umbrella and professional liability all moderated by 1%, compared to the prior month. EPLI rates were up 1% and commercial auto rates moved from flat to plus 2%.
coverage class list
By account size, medium ($25,001 to $250,000) and large ($250,001 to $1,000,000) accounts moderated to minus 1% and 2% respectively. Rates remained the same for all other account sizes.

Account size

Competition Drives Commercial Rates Down 4% in January

The composite rate for property and casualty business placed in the United States measured minus 4% in January. Rates dropped from minus 2% in December 2015 to minus 5% in January 2016, MarketScout reported.

“Commercial property insurers are getting ready to scratch each other’s eyes out as they fight for market share,” said Richard Kerr, CEO of MarketScout. “We see nothing to PC Trendsprevent commercial property rates from dropping further.”

In addition to commercial property, business interruption, BOPs, professional liability, and D&O coverages were all more competitively priced in January compared to December 2015. Umbrella/Excess liability and workers compensation rates actually increased slightly over the same period, he said.

Transportation companies were assessed rate decreases of 4% in January 2016 versus 2% in December 2015. Rates for manufacturing and energy accounts were slightly higher in January 2016 than in December 2015. All other industries remained unchanged.

By accounts size, rates for small and medium sized accounts (all under $250,000) were more competitive in January 2016 than in the prior month. Large and jumbo accounts (over 250,001) were assessed rates slightly higher in January versus December.

Summary of the January 2016 rates by coverage, industry class and account size:
Coverage2 Industry3 Account