Technology; great when it works, frustrating when it doesn’t. Our reliance upon technology, and in particular remote connectivity, has never been greater.

While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.

Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:

  1. 01

    Cyber risk does not affect the maritime sector

    An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.

  2. 02

    Nobody is going to target a business in the maritime sector and therefore I have nothing to worry about

    Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.

  3. 03

    We have invested significantly in network security controls and have therefore eradicated the cyber risk

    Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.

  4. 04

    Losses arising from cyber risk are covered under our traditional marine insurance policies

    This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.

  5. 05

    My hull and machinery policy includes a cyber-attack exclusion, but a cyber-attack can’t lead to property damage

    This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.

  6. 06

    I’ve looked at cyber insurance solutions in the past and concluded the cover was not relevant to my business

    While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.

Source: willistowerswatson


A9X Cyber Security, a Singapore-based dedicated maritime cyber security firm, has its work cut out as shipping’s easy target status has been reaffirmed this week with debilitating attacks on French liner CMA CGM and the International Maritime Organization (IMO).

“As the maritime industry continues to develop software and systems allowing online connectivity, automated vessels and leverage technology, some unethical individuals will continue to see this as increased opportunities to exploit onboard systems and any new vulnerabilities,” says Chris Blunt, co founder of A9X.

The software that A9X has developed addresses a number of different areas, with all of it grounded around remote installation and management.

With Covid-19, the ability for maritime companies to continually send IT professionals to remote sites is becoming both expensive and sometimes impossible, and there’s now less than three months to go until the IMO’s new cyber security rules kick in.

“Being compliant with the new IMO requirements will not allow vessel owners, nor managers to delay in addressing such issues, and our platform and software solutions allows for such threats to be handled promptly,” Blunt claims.

One of the biggest threats for maritime cyber security is poor Windows setups onboard, the A9X executive says.

“Many people are unaware that Windows is not secure out of the box and has 100 plus security vulnerabilities, coupled with the lack of maintenance, or to put it another way lack of patch management, and mis-configuration makes the onboard computers very exposed to cyber-threats,” Blunt warns.

In addition to its existing solutions, A9X is currently working on the development of two new solutions- a remote-updates and patch management for Windows – A9X Update and A9X Remote Cyber Auto-Fix, which is expected to improve the overall security of systems.

Blunt expects the two new software solutions to be available within the next six months.

Source: splash247


The International Maritime Organization (IMO) is the second major shipping organisation to be hit by a cyber attack this week.

The IMO’s public website and internal intranet services were unavailable but have since been brought back online. The interruption of services started on 30 September and was caused by a “sophisticated cyber attack” against the IMO’s IT systems, the organisation said in a statement.

IMO IT technicians have shut down key systems to prevent further damage from the attack. The IMO is working with United Nations IT and security experts to identify the source of the attack and restore the network systems.

This is the second reported cyber incident to hit the maritime industry this week and the fifth high-profile attack in 2020. Container shipping company CMA CGM announced on 28 September that it was dealing with a malware attack that affected its peripheral servers. The company suspected the attack may have caused a data breach, CMA CGM said in a follow-up statement on 30 September.

Transportation and logistics company Toll Group was attacked on 31 January and 12 May. The organisation had to shut down several systems across multiple business units, causing delays and disruptions to the business. The hackers subsequently published stolen Toll Group data on the dark web.

Mediterranean Shipping Co. also underwent a malware attack at its Geneva headquarters on 10 April. An investigation into the incident found that no data was stolen, and the attack only affected a limited number of physical computer systems.

Cyber security experts have suggested that distractions and increased reliance on digital services due to COVID-19, as well as untrained staff having to carry out diagnostics, software updates, and patches, may be behind a surge in attacks this year.

Ido Ben-Moshe, vice-president of business development for maritime cyber security company Naval Dome, said that remote working and an increase in remotely controlled, autonomous technologies will likely accelerate during and after COVID-19. “This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he concluded.

Source: safetyatsea


After disrupting the services of France-based CMA CGM, hackers reportedly targeted London based IMO aka International Maritime Organization, a federal organization that regulates shipping.

And because of the attack, the website of the company is down and not reachable.

The shipping related UN organization says that its internal systems and email services were restored back to normalcy after they were pushed to the database of Global Integrated Shipping Information System (GISS) and Virtual publication services and IMODOCS will be soon revived.

IMO has asked the IT staff of UN Council to probe down the incident and to identify the attack and enhance security of the systems.

What’s interesting about the attack is that it just occurred two days after a cybersecurity breach occurred on the database of CMA CGM.

Note 1- Although many media sources speculate that the attack on IMO was of ransomware variant, the shipping governing agency did not confirm it. A ransomware is a kind of malware that steals a portion of data and then encrypts a database until a ransom is paid.

Note 2- IMO is an organization that takes care of safety, environmental concerns, legal matters, technical cooperation, maritime security and works towards efficacy of shipping in international waters. It has over 174 member states and 3 associate members and an assembly that governs 5 committees- namely the Maritime Safety Committee, the Maritime Environment Protection Committee, the legal committee, the Technical Co-operation Committee and the Facilitation Committee.

 

Source: cybersecurity


The Maritime and Port Authority of Singapore (MPA) was established on 2 February 1996, with the mission to develop Singapore as a premier global hub port and international maritime centre (IMC), and to advance and safeguard Singapore’s strategic maritime interests.

MPA is the driving force behind Singapore’s port and maritime development, taking on the roles of Port Authority, Port Regulator, Port Planner, IMC Champion, and National Maritime Representative.

MPA partners the industry and other agencies to enhance safety, security and environmental protection in our port waters, facilitate port operations and growth, expand the cluster of maritime ancillary services, and promote maritime R&D and manpower development.

 

As the head leading MPA’s efforts in driving cyber and data security in the maritime industry, you will play a crucial role in formulating and implementing national cybersecurity initiatives and planning operational responses to cyber threats and incidents for the Maritime sector.

You will formulate policies pertaining to the protection of the Maritime Critical Information Infrastructure (CII) and other important Maritime systems. This includes developing, governing and enforcing CII cyber and data security policies, standards and guidelines, including rolling out training, education and outreach programmes for MPA and the industry. To do this, you are required to keep abreast of the latest Government and industry cyber and data security practices and technologies as well as emerging threats and vulnerabilities for ICT and Operations Technology (OT) systems.

You will also formulate internal policies and processes to implement Government’s requirements for cyber and data security requirements and put in place governance processes and controls for the IT and Port Systems clusters to ensure that MPA meets the compliance requirements. Periodic compliance audits are also required to be carried out in accordance to national policies. To achieve this, you are also expected to govern the cyber and data security‘s software testing for MPA systems and implement the security operations and requirements at the IT infrastructure layer.

To enhance early detection capability, you will lead the Information Exchange Framework developed for the Port Authorities CIO Cybersecurity Network (PACC-Net) and improvise the Maritime Cyber Security Network (MCSN) Portal to ensure effective and safe communication, as well as informtion sharing among the maritime stakeholders. You will also be required to manage the operation of 24×7 Maritime Cybersecurity Operation Centre, including conceptualising and deploying new concepts of operation leveraging on advanced technologies and trained analysts for early Threat Detection, Monitoring, Response, Intelligence, and Information Sharing and Analysis for the Maritime sector.

You will establish the cyber incident response framework to ensure readiness to respond to cyber-security incidents. You will manage and conduct investigations to ensure appropriate follow up actions are taken to address any security gaps. You will also plan, conduct and participate in exercises to ensure preparedness at national and agency level to deal with any cyber security incidents.

You are expected to profile MPA’s cybersecurity capabilities and initiatives to gain mindshare within the government and industry.

Requirements

  • Relevant experience in professional accreditations such as CISM, CISSP, CGEIT and CISA; and
  • At least 8 years of experience in ICT /Operational Technology (OT) related role in the areas of cyber security governance, risk management, cyber security defence, cyber incident management and investigation in a complex IT/OT environment.
  • Prior experience with ICT Governance and ICT infrastructure architecture concepts and technical background on network and firewall deployment, and security for cloud architecture, will be preferred.
  • Source: careers

The global shipping industry sustained a second cyber attack within a week that’s raising concern about disruptions to supply chains already straining to move goods heading into the usual peak season for consumer demand.The International Maritime Organization, a United Nations agency that serves as the industry’s regulatory body, said in a statement Thursday it has suffered “a sophisticated cyber attack against the organization’s IT systems.” A number of IMO web-based services are currently unavailable and the breach is affecting its public website and internal systems, it said.

That attack followed the disclosure earlier this week by closely held CMA CGM SA, the world’s fourth-biggest container liner by capacity, that its information systems were compromised. The Marseille, France-based company said Thursday that offices are “gradually being reconnected to the network thus improving the bookings’ and documentation’s processing times.”

“We suspect a data breach and are doing everything possible to assess its potential volume and nature,” the company said in an emailed statement. CMA CGM is among the world’s five leading container liners that account for 65% of global capacity, according to Alphaliner data.

A ‘Headache’

A rash of cyber incidents has afflicted the shipping industry in recent years, the biggest of which was an intrusion that cost Copenhagen-based A.P. Moller-Maersk A/S about $300 million in 2017.

The Maersk incident “has clearly drawn the attention of scammers and cyber criminals who realized that the shipping industry is acutely exposed,” said Ken Munro, a security specialist at Pen Test Partners, a cyber-security company with clients in the maritime industry. “If shore-based systems aren’t available to book containers, ships can’t load and can’t generate revenue. Targeted attacks against shipping lines are therefore lucrative for ransomware operators.”

While it’s too soon to say whether the recent attacks will prove to be a brief irritant for global trade or a trigger of wider damage, logistics experts like Bloomberg Intelligence’s Lee Klaskow say the cyber threats are a “near-term headwind and headache for sure.”

The timing of the latest acts of cyber piracy is particularly bad for shipping liners that are still waiting to see some normalcy restored to their seasonal cycles.

The pandemic threw supply chains out of sync for everything from paper towels and face masks to trampolines and computer monitors, as consumers were forced to work from home and purchase necessities online.

The demand on shippers, which reduced capacity initially in anticipation of deep recessions caused by Covid-19 lockdowns, hasn’t really abated because e-commerce purchases have stayed strong and companies are restocking inventories.

As a result, the benchmark cost to move cargo containers across the Pacific has tripled since the start of the year.

Source: aljazeera


Issue

The historic aircraft carrier INS Viraat, beached at Alang on September 28, will continue to stay in its place until a team of workers start dismantling it.

 

Details

  • Usually, when a vessel is beached at Alang, it uses the force of high tide as well as its own engine power to glide on to the shore at speeds ranging between 15-20 knots.
  • Viraat has been secured by iron ropes that are tied to diesel-powered wrenches. This ensures that the vessel does not tilt or change its position during tides and ebbs.
  • The owners of Shree Ram Group which bought INS Viraat from an auction said their plots were “green ship recycling” yards which have certificates from Hong Kong Convention and European Union.
  • As it is a green yard, it is ensured that the ship is not broken down in the sea and the entire vessel is broken once it is dragged to the shore. Cranes are also used to ensure that the broken parts do not fall into the sea.
  • During high tide, the sea-facing wrenches which are connected with iron ropes fastened to the aircraft carrier will be switched on. These wrenches will slowly drag the warship to the empty space on the beach.
  • The ship will need a “cutting permission” from the Gujarat Pollution Control Board and the Gujarat Maritime Board before the dismantling can commence. This will be done after a physical inspection of the ship by different agencies post-beaching.
  • The oil in engines and other machinery have to be emptied. Old batteries have to be removed. Any flammable liquids including the left-over fuel in the tanks will have to be pumped out.
  • These tanks have to be cleaned and made free of any residue gases accumulated inside the fuel tanks.
  • Once the ship comes on the shore, an independent agency will prepare an Inventory of Hazardous Materials (IHM). This agency will go on-board, take all samples including the persistent organic pollutants (POPs).
  • This IHM acts as a guide and the ship breaker makes marking on board the vessel indicating the hazardous portions of the ship. Then the HAZMAT (hazardous material) team of the ship breaker will remove the hazardous substances before the breaking begins.
  • Once the cutting begins, hazardous substances like asbestos, batteries, and ozone-depleting gases will have to be tackled and disposed of safely.
  • Being a naval ship, it not only has a double hull made of steel plates that are several inches thick but also has multiple small compartments which take time to cut and dismantle.
  • Parts dismantled from ships at Alang are usually recycled or sold. As far as INS Viraat is concerned, automobile companies have already contacted the ship-breaker for the steel salvaged from the warship.

Download PDF

Source: currentaffairs


Completing an Inventory of Hazardous Materials (IHM), is only the beginning of compliance.

It is the ship owner’s responsibility to ensure continuous conformity of the Inventory.

If you have completed the Inventory of Hazardous Material (IHM) process for your vessel, congratulations you have completed an important step to future proof your vessel’s compliance to the following regulations:

Hong Kong International Convention for the Safe and Environmentally Sound Recycling of Ships (2009)
EU Ship Recycling regulations (SRR)
After completion of IHM survey, obtaining SOC from Class Society will be mandatory to remain compliant. Any Class Society that has the Flag State approval may issue the SoC.

It is the shipowner’s responsibility for the maintenance of Part 1 of the IHM process during the lifetime of the vessel. Continuity and conformity of the information should be confirmed, especially if the flag, owner or operator of the ship changes.

IHM renewal survey is required for every five years after the IHM initial survey. The requirements are as below:

Ship’s existing IHM certificate and IHM Part I;
The updated IHM (Part I), reflecting any change, replacement or significant repair of structure, equipment, systems, fittings, arrangements and materials since last survey;
Ship’s IHM Part I maintenance record, MDs and SDoCs reflecting the ship’s hazardous materials management since last IHM survey;
Our offering of IHM maintenance server (VSIMS) is designed to help ship owners and managers comply with HKC 2009 and EUSRR regulations.

We believes in staying a step ahead, using data and record collection in the simplest and most economical way possible without any disruption to the day to day managerial operations.

The VS software (VSIMS) not only collects the MDs and SDoCs when items are delivered on board but it also tracks their location onboard till they are finally off landed and providing a clear audit trail of the 15 elements of the hazardous materials identified in the regulations.

At any time a clear snapshot of the vessel can be provided showing how they came on board, how they moved and their current location on board.

A historical data will also be maintained showing how and with whom they were off landed thus providing a circular record with a cradle to grave approach.

READ MORE !!

 

CLICK TO READ


The JMS Yachting management team and the crew of 90m motoryacht DAR have announced the successful certification of the Inventory of Hazardous Materials (IHM) list on board. The certificate was issued by Lloyd’s Register under the authority of the Government of Cayman Islands.

As of 31 December 2020, the EU Ship Recycling Regulation requires that any ship of 500gt and above, of any flag calling at an EU port or anchorage, maintains a Certificate of Compliance (if EU flagged) or Statement of Compliance (if non-EU flagged) supplemented by a verified Inventory of Hazardous Materials (IHM) on board.

This aims to regulate the ship-recycling industry to ensure that end-of-life vessels are dismantled safely, with minimum impact to human health and the environment. The Certificate of Compliance means, among other things, that the vessel shall only be sent to recycling facilities included in the European List of Ship Recycling Facilities at the end of its life.

The IHM then provides ship-specific information on the actual hazardous materials present on board in order to protect health and safety and to prevent environmental pollution at ship-recycling facilities. “It was a lot of work for such a large vessel, but I’m glad we delivered well ahead of the deadline,” commented Rob Pijper, operations director at JMS Yachting.

Many flag states have delegated the authority for the verification of compliance to their respective classification societies, such as Lloyd’s Register. But, with IHM compliance taking some time to achieve and only a matter of months left until the regulations come into force, there is growing concern that many superyachts are ill-prepared for the onset of these regulations.

Source: superyachtnews


Ship recycling

Worldwide hundreds of outdated ships are scrapped every year. The recycling occurs mostly in recycling facilities or yards. A lot of times, these ships are beached (driven onto a flat sandy beach at high speed) for subsequent manual dismantling often without any regards to environmental or occupational health and safety standards.

Ship Recycling Convention will set global standards

The International Convention for the Safe and Environmentally Sound Recycling of Ships, or Hong Kong Convention, is meant to address these problems. This Ship Recycling Convention was adopted by the International Maritime Organization (IMO) in 2009 but so far has not entered into force because the agreement has not been joined by enough member states. The convention contains regulations for shipowners, ship builders, manufacturers, suppliers and for recycling yards.

The Hong Kong Convention will apply to all new and existing sea-going vessels with a gross tonnage of 500 or more.

The new convention introduces two key components to be considered in future:

  • Ship-specific Inventory of hazardous materials which lists all hazardous materials such as asbestos, PCB, ozone depleting substances and antifouling paints containing TBT as well as their location and approximate amount.
  • Authorization of recycling facilities. Sea-going vessels may only be recycled by authorized yards complying fully with all environmental and safety requirements of the Hong Kong Convention.

The convention will enter into force two years after ratification by at least 15 states representing more than 40 per cent of the gross tonnage of the world’s merchant shipping. The convention was adopted in May 2009 but has not yet entered into force. This is where you can find the current status of this and other IMO conventions (under the heading “Summary Status for each Convention”).

bild abwracken

EU Regulation already implements some of the requirements

For all ships

  • On international voyages and
  • Flying an EU flag and
  • With a size of 500 GT or more,

Regulation EU 1257/2013 on ship recycling on the recycling of ships applies and it contains among other things the following requirements:

  • These ships may only be recycled on authorized recycle yards on the EU list of recycle yards.
  • These ships must carry a ship-specific Inventory of Hazardous Materials/IHM stating as a minimum the hazardous materials on board (structure and equipment) listed in Annex II as well as their location and the approximate amount.
  • These ships must hold a Certificate on Inventory of Hazardous Materials.
  • Existing ships only require the Inventory of Hazardous Materials and the associated certificate from 31 December 2020.
  • The Inventories of Hazardous Materials and the associated certificates are approved by the respective Flag State.
  • The ships intended to be passed to be recycled must have a Ready for Recycling Certificate.

Further information can be found in  ISM Circular 03/2019.

Ships flying a flag of a non-EU State that call on a European port are required to carry an Inventory of Hazardous Materials as well as a Document of Compliance.

Source: deutsche-flagge


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED