Abatis UK CEO, Kerry Davies, reflects on the liability of ship owners and operators.
The current, lamentable state of Cyber security in the maritime sector caused, it seems, by ship owners and ship operators’ unwillingness to spend any money on OPEX to improve the resilience of their ships, looks very similar to the state of affairs in the U.S. in the 1930s, when Judge Learned Hand stepped in to create judge-made Law around liability of ship owners and operators.
In the 1930s, a tugboat called T.J.Hooper was towing a barge of coal up the East Coast of the U.S. towards New York. It ran into a bad storm and the boat was sunk. Judge Learned Hand ruled that the tugboat operator was LIABLE for the loss because he had not fitted radio to the ship which would have warned of the approaching storm. The operator argued that it was not normal practice to have radios on tugboats but the judge ruled that the tugboat should have had what was then ‘readily available equipment’.
We are today in 2016, in a very similar situation, where equipment that can stop hackers and malware (such as Abatis) is readily available but is not being fitted. If we take the Judge Learned Hand lead, we should by now be making owners and operators legally responsible for providing adequate cyber resilience for their ships. With PERSONAL legal liability, these people will not be able to hide behind DOF Insurance or PI insurance.
If they do not meet minimum levels of resilience, the directors can be held personally liable and could be fined up to 4% of global turnover or 20m Euros, whichever is greater. The GDPR Law also allows for imprisonment for the most flagrant examples of disregard for this law.
NOW is the time to force operators and owners to wake up to the severe risks they are facing.
Kerry Davis, CEO, Abatis UK