Over the past few years we have seen a steady rise in the level of automation on fish farms around the world. From life support systems, alarm call outs and automatic equipment switch-over, to remote feed operation, automated mortality removal and computerised water management systems.
As such, the need for proper cybersecurity and resilience in the aquaculture industry has increased. Farm owners should now be taking active steps to know where they are in terms of preparedness and vulnerability, both in terms of human training and in operational system terms. It would be even better if farm owners are actively managing their position to ensure that cyber preparedness is increasing, and vulnerability is decreasing.
What is cyber risk?
Cyber risk refers to an accident, incident, financial loss, business disruption or reputational damage through the failure or manipulation of an electronic system, which could be the result of a malicious attack. The risk of system failure is generally well known however unauthorised and malicious cyber-attacks are relatively new threats.
An increasingly digital industry
The number of tasks being carried out on both on- and offshore farms has increased, as the farms have become larger and more complex. In offshore farms these tasks include: net washing, mooring and other infrastructure inspections, health checks, fish movements, in-situ treatments and plankton sampling. The picture is the same in onshore farms: water testing and management, health sampling, vaccination, feeding, maintenance and checks on the mechanical systems. These tasks are labour intensive, and more staff are needed to be employed to run the system and ensure levels of husbandry are being maintained.
To counter this, systems have been developed to automate key aspects of farms. Offshore farms can be monitored and fed from shore bases and inland offices. Staff at large recirculating aquaculture system (RAS) sites have portable computers giving live environmental parameters, while pumps and other hardware can be adjusted with a simple tap on the screen. Sensors can also detect feed levels in hoppers and automatically deliver the correct type of feed to refill it. With the rise of technology some farms are now becoming more streamlined, allowing staff to focus on husbandry and system maintenance.
How will your company respond if staff are locked out of your systems? Do you have enough staff to keep the farm operational? Do the automated systems have manual overrides?
In 2017, the WannaCry ransomware virus shut down factories and businesses around the world until the attackers had been paid and, in 2018, a petrochemical plant was taken over by hackers, which resulted in a complete system shutdown. There have been countless reports of systems being compromised as a test of the hackers’ abilities. As well as direct malicious attacks, hackers can also target employees who may well be tricked into releasing sensitive data via phishing scams and compromised hardware.
In response to these increasing and potentially damaging threats, we recommend applying a six-stage cyber security process to your business; identify threats, identify vulnerabilities, assess risk exposure, develop protection and detection measures, establish contingency plans and respond to cyber security incidents.
James Simison is one of Sunderland Marine’s Risk Management Surveyors, providing bespoke technical advice and support to all of Sunderland Marine’s policyholders as well as conducting routine surveys of aquaculture facilities insured by Sunderland Marine.