Hello there! Welcome back to another week of all things tech in maritime. This week, I thought I’d share some fascinating cyber insights along with a few notable news stories you might be interested in this week.

This week, I spoke to Theofano Somaripa, Group CIO at Newport S.A., where she has spent more than four years spearheading the digitisation of both shore-based operations and vessel systems, whilst strengthening the company's cybersecurity posture across its international offices and fleet.

The maritime industry's shift towards low Earth orbit (LEO) satellite networks might seem like an obvious cybersecurity concern - more connectivity surely means more attack vectors. By giving seafarers more access to the internet, you increase the risk of phishing attacks, ransomware and every other flavour of cyber threat. 

However, Theofano challenges this assumption: "I don't think that Starlink would be the problem here, provided there is strict segmentation logic, role-based access control, and real-time asset monitoring."

Your IT budget has evolved from 'keep the lights on' to 'digital transformation.' But as technology becomes more critical to shipping operations, one question keeps getting harder to answer: Are we spending the right amount?

The Thetius IT Cost Benchmarking Club turns that question into clarity. We analyse your fleet's IT spending and anonymously benchmark it against industry peers. From vessel connectivity to shoreside systems, we'll show you where you stand. Better yet, we'll measure the performance of your IT investments against industry standards.

Because in today's maritime industry, knowing your costs isn't enough - you need to know everyone else's too.

Check it out here

"The IT networks are already protected, but the operational [systems] are not." Her unique perspective raises an interesting point.

Maritime's digital evolution is creating an unprecedented cybersecurity challenge that goes far beyond traditional IT networks. Theofano explained: "The problem will be the operational systems - systems on the bridge or smart systems now implemented on engines, smart pumps, ballast water systems and bridge AIS. All this equipment that wasn't supposed to be on the internet but nowadays they are. This will be the major problem for our industry in the next few years." When hackers can potentially access critical ship systems, the stakes shift from data protection to life preservation.

With the advancements in digital technology, ships are now more connected than they’ve ever been. This has paved the way for software vendors to expand their services and switch from outdated legacy offerings to integrated cloud-based platforms.

You’d think cybersecurity would be a top priority for these vendors, right? But Theofano’s experience tells a different story: "Vendor cybersecurity is one of the most underestimated risk vectors in maritime."

As a CIO, you can’t be afraid to challenge the cybersecurity of your vendors. Just because they provide high-tech software doesn’t mean they have the cyber protection in place to back it up. Theofano makes a point to investigate what protections any potential vendor has in place, "I always ask vendors critical questions like: 'What security controls are in place when your system operates over the internet?' and 'Have your systems been type-approved by any classification society for cybersecurity compliance?' These are non-negotiable standards for us."

Through one vendor audit, Theofano discovered that their security infrastructure was not up to scratch, which ultimately led to Newport S.A. switching to a new provider. Advice she recommends all CIOs follow: "Don't be afraid to switch if they won't enhance their systems."

In the case of Newport S.A., digital transformation was supported by senior management, making the decision to change vendors an easy one. But Theofano concedes this may not be the case for others: "I know from my colleagues that some are struggling to persuade management or owners to invest in digital solutions."

For CIOs, "Digital transformation is not just about deploying systems. It's about embedding a digital mindset across the organisation.” That’s the only way to evolve your digital ecosystem. Theofano’s advice? Start with the basics, identify a challenge and how technology may be able to fix it. "I started with listening. I understand how each department works and design technology around their pain points.”

But it’s important to remember that not every digital solution is safe. Cyber regulations in maritime are a grey area and without direct rules outlining cyber requirements, this may not be a priority for software providers. 

I usually try to think of a punchy, thought-provoking line to end each article, but this week, Theofano summed it up perfectly: "Many think cybersecurity is an IT job, but it’s the responsibility of all of us."

And that’s all she wrote…literally. I’ll see you this time next week, back in your inbox with another dose of industry insights. See you soon…Ailsa