The Maryland Department of Transportation Maryland Port Administration (MDOT MPA) was awarded $1,158,589 in the most recent round of the Federal Emergency Management Agency’s (FEMA) Port Security Grant Program. The funding is designated to strengthen cyber security initiatives and closedcircuit television (CCTV) capabilities at the state-owned, public marine terminals of the Helen Delich Bentley Port of Baltimore.

Governor Larry Hogan said:

“Throughout the COVID-19 pandemic, the dedicated employees at the Port of Baltimore have continued to welcome the ships that maintain our supply chain and keep shelves stocked across our state. Our world-class Port is already among the most secure in the United States, and this funding supports our commitment to protect Port employees and the cargo that travels in and out of Maryland.”

For 11 consecutive years, the Port of Baltimore’s public marine terminals have received a top rating on an annual security assessment conducted by the U.S. Coast Guard. The Port of Baltimore was also recognized earlier this year by Security magazine in its listing of top U.S. sea and airports for ongoing security programs and initiatives.

MDOT Transportation Secretary Greg Slater said:

“Security is an essential part of day-to-day operations at the Port of Baltimore, and is critical for our workers and customers. Maryland’s recovery will depend on a vibrant port, and our focus on security gives clients confidence that Maryland is not only open for business, but is a secure place to conduct business.”

MDOT MPA Executive Director Bill Doyle said:

“The Port of Baltimore already has a stellar reputation in the maritime industry for its security program, and this grant will help us make it even better. This grant reflects FEMA’s confidence in our security initiatives, and we appreciate that support.”

Source: seawanderer

Commercial Port of Vladivostok in Russia has been announced as the latest supply chain stakeholder to join the TradeLens blockchain platform.

TradeLens was created by Maersk and IBM and launched in late 2018, using blockchain technologies to allow data and digitised documents to be securely exchanged between cargo owners, shipping companies, customs authorities, ports and terminal operators.

The platform can be used to speed up the process of exchanging documents such as bills of lading for cargo, sanitary certificates, or invoices for payment, while still maintaining security and certainty in the chain of ownership across the supply chain in the absence of paper copies by using the blockchain.

“We are now testing the system and transferring information about loading and discharge of cargo, and berthing of vessels to the blockchain platform,” said Anton Popov, director of the IT department at Commercial Port of Vladivostok.

“After complete integration of the system, we will be able to optimise work with regulatory authorities, reduce the time required for processing documents and receive updates from the sea carrier online.”

Source: smartmaritimenetwork

UK-based but globally-minded CyberOwl, a cyber curity startup whose platform helps to safeguard transport and infrastructure systems, has raised a further €2 million to help expand its business in the maritime sector.

CyberOwl, founded in 2016, provides early warning of cyber security breaches in assets such as ships, ports, industrial plants and infrastructure and sets out clear priorities on how to tackle them. Maritime security is a hot topic right now, with the International Maritime Organisation having ordered fleet operators to address their cyber security by 1 January 2021, due to increasing targets by cyber criminals and facing pressure from regulators. The startup, which is Coventry University spinout, has already been working with maritime operators in Greece, Singapore and Asia.

The recent funding round was led by 24 Haymarket, Mercia’s EIS funds, and the MEIF Proof of Concept & Early Stage Fund, which is managed by Mercia as part of the Midlands Engine Investment Fund. The latest investment will allow the company to expand its global client base and establish itself as a leader in cyber security for shipping lines and port operators.

The Midlands Engine Investment Fund project is supported financially by the European Union using funding from the European Regional Development Fund (ERDF) as part of the European Structural and Investment Funds Growth Programme 2014-2020 and the European Investment Bank.

CEO of CyberOwl, Dan Ng, said: “The world may be adjusting to a new reality but cyber attackers have had years of experience in remote working and thrive in chaotic environments like this. The Covid-19 crisis will put even greater pressure on maritime operators to manage their cyber risks. This round of investment puts us in a strong position to help them continue to secure their systems and comply with security standards.”

David Baker, Investment Manager with Mercia, added: “Mercia has supported CyberOwl from the early days and we are pleased to do so once again in this latest funding round. CyberOwl has made real progress in generating interest from businesses in the past year and is emerging as a leader in cybersecurity for the maritime industry. This further investment will allow it to capitalise on the opportunities created to date.”

Pat Hanlon, Board Director for Access to Finance at GBSLEP, said: “CyberOwl is a hugely ambitious business which has developed at an impressively quick rate and it’s fantastic to be able to provide them with this sort of support. At a time when organisations have had to rely on digital technology more than ever, CyberOwl is providing important support across the globe, and we’re excited to see the business go from strength to strength.”

Source: eu-startups.

Source: Riviera – News Content Hub – Why cyber security should start in the shipyard

Vestdavit deploys augmented reality to enhance remote support

Published on 03-08-2020 at 08:03

Vestdavit enhances its remote support offering with augmented reality software from Ubimax, a provider of wearable technology solutions. The platform, named “xAssist”, will be used in conjunction with head-mounted hardware “RealWear HMT-1”.

The platform will allow Vestdavit engineers to provide service when they are unable to work on site. After Sales Director Henric Collvin explains that the idea is not to replace Vestdavit technicians, but to ease the burden on them. ‘Our engineers are highly skilled professionals with many years of experience servicing marine davits, and there is no replacement for that. However, they cannot be everywhere at once, and it is often far more practical to provide remote support.’

For example, if a client requires a small adjustment to one of its boat launch-and-recovery systems, Vestdavit can send the RealWear HMT-1 along with the necessary spare parts. Equipped with the headgear, the customer’s in-house engineer can perform the maintenance task with visual and audio instruction from a Vestdavit expert, who can see what the on-site technician is doing through xAssist.

This, says Collvin, brings great flexibility: ‘We can provide remote support even if all of our specialist technicians are occupied. For instance, an engineer from our hydraulics or mechanical team will be able to guide the customer through any simpler tasks.’

The current global health crisis has exacerbated the need for this kind of service, explains Collvin, but Vestdavit was planning to adopt the Ubimax platform even before the Covid-19 outbreak. ‘Many companies are responding to the pandemic by investing in new technology, but remote maintenance had been gaining traction for some time. Customers are always looking for more efficient, cost-effective ways to operate. With xAssist, we maintain our usual service levels without having to send technicians to our client’s location. This reduces cost and saves time for both parties.’

Picture: Two point davit HN type (by Vestdavit).

A recent article published by NATO on July 29, 2020 highlights the growing focus of attention within NATO on maritime remote systems.

Michael Brasseur is a naval warfare expert at the US Mission to NATO. This former captain of two warships who has sailed and served all over the world, now works at NATO Headquarters in Brussels, Belgium. Together with experts from other NATO Allies, he is working to help enhance the Alliance’s technological edge on critical maritime capabilities.

“It’s my job to leverage NATO’s vast innovation ecosystem to ensure Allied sailors have the very best technology to accomplish their mission of keeping the seas free,” says Michael.

Michael and his counterparts in NATO member countries are looking for cutting-edge capabilities that can give Allied sailors a tactical advantage at sea. They have recently focused on the rapid advancements underway in maritime unmanned systems. “We are only just beginning to realise the game-changing capabilities these systems offer and I am focused on accelerating their development and integration into Allied navies,” explains Michael.

In October 2018, Michael helped launch a Maritime Unmanned Systems (MUS) initiative. Today, 14 Allies1 are working together to develop and procure maritime technology that will increase operational effectiveness, limit risk to human life and reduce operational costs, and Michael is at the heart of this initiative. Several other Allies have recognised the value of this fast-paced initiative and have expressed intent to join.

Ensuring free access to the seas

Maritime unmanned systems are drones above, on and below the water. Allied navies use them on many different occasions to enhance the capabilities of manned platforms. Working alongside traditional naval assets, these unmanned systems can also improve situational awareness, which is critical in ensuring free access to the seas.

“Seventy per cent of the planet is covered by water,” explains Michael. “Maritime unmanned systems are important because these systems, if harnessed correctly, can greatly improve our ability to understand the maritime environment, and thus ensure the seas remain open for commerce.”

At sea, mines, terrorist activities, smuggling and piracy are threats to NATO Allies’ ability to operate freely in maritime commons. The use of unmanned systems will enable Allies to be more effective in crucial capability areas, such as finding and tracking suspicious submarines or detecting mines.

“MUS, when teamed with manned systems, offer a means to detect, localise and neutralise a mine, without putting the operator in danger,” comments Michael.

Cherishing work and life

Michael loves his job for many reasons. “First, the opportunity to work with friends and Allies every day is a true joy,” says Michael. “On this project, I have developed strong professional and personal relationships that I will cherish for my entire life. I also really enjoy discovering new technologies and I get a lot of energy when I engage with academia and industry.”

Michael, a father of four, with two teenage sons who love physics, computers and artificial intelligence, think their dad is pretty cool working on all this high-tech. “My boys also think NATO is very cool!”

Many of Michael’s colleagues don’t know that he is also a survivor. “In 2016, following my tour as captain of USS Forth Worth, I was diagnosed with stage 2, classical Hodgkin’s lymphoma. It has certainly given me a completely different outlook on life. I cherish every single second, like these wonderful experiences at NATO, living in Brussels and working with friends and Allies across Europe.”

Testing drones in real-life scenarios

Each year in Portugal, Michael participates in testing Allied innovative maritime unmanned systems in scenarios such as search and rescue operations, harbour protection, and anti-submarine and naval mine warfare during exercise Recognized Environmental Picture, Maritime Unmanned Systems (REP (MUS)).

“REP (MUS) is the largest maritime unmanned systems exercise of its kind in Europe and achieved last year many critical firsts for NATO in terms of interoperability,” explains Michael.

Over 800 personnel from the Portuguese Navy, as well as from Belgium, Italy, Poland, Turkey, the United Kingdom, the United States, and the NATO Centre for Maritime Research and Experimentation contributed to the exercise.

Michael feels that we are at a key inflection point in history. “The pace of innovation has become exponential and our institutions need to move faster. We have made significant progress, but we have much more work to do, to improve, accelerate and scale this important initiative.”

Source: sldinfo

Information on the processing of personal data under the Operational Programme Infrastructure and Environment 2014-2020 (OP I&E 2014-2020)

Several entities serving as controllers within the meaning of the GDPR [Regulation (EU) 2016/679 of the European Parliament and of the Council of by 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) dated 27 April 2016 (OJ EU L No. 119, p. 1)] participate in the processing of personal data within the OP I&E 2014-2020. These entities make decisions related to the personal data being processed, i.e. what personal data are processed, for what purpose and in what way. Each controller is individually responsible for the protection of personal data and for informing the public about the way in which it processes such data.

Due to the fact that it is the Minister of Development Funds and Regional Policy – as the Managing Authority of the OP I&E 2014-2020 – who determines: what personal data, how and for what purpose will be processed in connection with the implementation of the Programme, the Minister acts as the controller of personal data processed in connection with the implementation of the OP I&E 2014-2020.

The Minister is the controller of both the data the Minister obtained independently as well as of the personal data obtained by other entities involved in the implementation of the Programme (i.e. by other controllers, who in this case also perform the function of processors [Processors are institutions (Intermediate Bodies and Implementing Authorities), beneficiaries and other entities involved in the implementation of the OP I&E 2014-2020, to which the Minister (or another authorised entity) entrusted the processing of personal data within the OP I&E 2014-2020]).

The Minister of Development Funds and Regional Policy is also the controller of personal data that the Minister processes as a beneficiary of projects co-financed from the funds of OP I&E 2014-2020.

The Minister of Development Funds and Regional Policy is also the controller of data collected in the Central IT System managed by the Minister, which supports the implementation of OP I&E 2014-2020.

I. Purpose of personal data processing

The Minister of Development Funds and Regional Policy processes personal data in order to implement the tasks assigned to the Managing Authority to the extent that it is necessary such an objective. Similarly, processors process personal data in order to implement the tasks assigned to them within the scope of OP I&E 2014-2020’s implementation to the extent it is necessary to achieve this objective.

The Minister and processors process such data, in particular, for the following purposes:

to grant support to the beneficiaries applying for co-financing and implementing projects;
to confirm the eligibility of expenditure;
to request payments from the European Commission;
to report irregularities;
to evaluate;
to monitor;
to control;
to audit;
to run reporting activities;
to run information-promotion activities.

II. Legal grounds for data processing

Processing of personal data in connection with the implementation of OP I&E 2014-2020 is carried out in accordance with the GDPR.

1. The legal basis for data processing is primarily the need to fulfil the obligations incumbent on the Minister of Development Funds and Regional Policy – as the Managing Authority of the Programme – pursuant to the provisions of Union law and national laws (Article 6(1)(c) of the GDPR). These obligations arise from the following legal provisions:

Regulation of the European Parliament and of the Council No. 1303/2013 of 17 December 2013 laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries fund, and repealing Council Regulation (EC) No 1083/2006;
Commission Delegated Regulation (EU) No 480/2014 of 3 March 2014 supplementing Regulation (EU) No 1303/2013 of the European Parliament and of the Council laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries Fund;
Commission Implementing Regulation (EU) No 1011/2014 of 22 September 2014 laying down detailed rules for implementing Regulation (EU) No 1303/2013 of the European Parliament and of the Council as regards the models for submission of certain information to the Commission and the detailed rules concerning the exchanges of information between beneficiaries and managing authorities, certifying authorities, audit authorities and intermediate bodies;
Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012;
Act of 11 July 2014 on the rules of implementing cohesion policy programmes financed under the 2014-2020 financial perspective;
Act of 14 June 1960 – Polish Code of Administrative Procedure;
Act of 27 August 2009 on Public Finance;
Act of 29 January 2004 – Public Procurement Law.

2. Processing is also lawful if one of the following applies:

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR) – this ground applies, inter alia, to personal data of persons running a business as a sole trader, with whom the Minister concluded contracts in order to implement OP I&E 2014-2020;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Minister (Article 6(1)(e) of the GDPR) – this ground applies, inter alia, to competitions and promotional campaigns organised by the Minister concerning the Programme.

III. Categories of personal data processed

The Minister of Development Funds and Regional Policy, in order to implement OP I&E 2014-2020, processes personal data, of, among others:

employees representing or performing tasks for entities involved in the service and implementation of the programme and projects, i.e. Intermediate Bodies and Implementing Authorities;
contact persons, persons authorised to make binding decisions and other persons performing tasks for applicants, beneficiaries and partners;
participants in trainings, competitions, conferences, monitoring committees, working groups, steering groups and information or promotional meetings organised under the Programme;
candidates for experts and experts involved in the process of selecting projects to be co-financed or performing tasks related to the implementation of rights and duties of competent institutions, resulting from the concluded grant agreements;
persons whose data will be processed in connection with the examination of eligibility of funds in the project, including in particular: project personnel, participants of tender commissions, bidders and contractors of public procurements, persons providing services under civil law contracts.

The types of personal data processed by the Minister include:

identification data, in particular: name, surname, series and number of identity card, date and place of birth, place of residence, place of employment / form of conducting business activity, official position, PESEL (Personal Identification Number) / NIP (Tax Identification Number) / REGON (Statistical ID), user identifier / user login;
data concerning the employment relationship, in particular: remuneration received and working time, occupation or education, length of service;
contact details, which include in particular: e-mail address, telephone number, fax number, correspondence address;
financial data, in particular: bank account number, amount of remuneration;
other data, for example: information about the real property (plot number, land and mortgage register number, gas connection number).

Data are obtained directly from data subjects or institutions and entities involved in the implementation of operational programmes, in particular applicants, beneficiaries and partners.

Where data are collected directly from data subjects, the provision of data is voluntary. However, the refusal to provide the data is tantamount to the lack of possibility to take appropriate actions, e.g. applying for funds under OP I&E 2014-2020.

IV. Data retention period

Personal data will be stored for the period specified in Article 140(1) of Regulation (EU) No 1303/2013 of the European Parliament and of the Council of 17 December 2013 and at the same time for a period not shorter than 10 years from the date of awarding the last aid under OP I&E 2014-2020 – also taking into account the provisions of the Act of 14 July 1983 on National Archival Resources and Archives.

In some cases, e.g. when the EU authorities control the Minister, this period may be extended.

V. Data recipients

The recipients of personal data may be:

the entities to which the OP I&E 2014-2020 entrusted the performance of tasks related to the implementation of the Programme, including in particular entities acting as Intermediate Bodies and Implementing Authorities, as well as experts, entities conducting audits, controls, trainings and evaluations;
institutions, bodies and agencies of the European Union (EU), as well as other entities to which the EU has entrusted the performance of tasks related to the implementation of OP I&E 2014-2020;
entities providing the Minister with services related to the operation and development of IT systems and ensuring communication, in particular IT solutions providers and telecommunication operators.

VI. Rights of data subjects

Persons whose data are processed in connection with the implementation of OP I&E 2014-2020 have the following rights:

to access their personal data and to receive a copy of the data (Article 15 of the GDPR) and the right to rectify the data (Article 16 of the GDPR) – Upon exercising this right, the data subject may ask the Minister, among others, whether the Minister processes his or her personal data, what personal data are processed by the Minister, and where the Minister has obtained them from, what is the purpose of the processing and its legal ground, and for how long the data will be processed. If the processed data prove to be outdated, the data subject may apply to the Minister with a request to update them,
the right to have their data erased (Article 17 of the GDPR) – if the circumstances referred to in Article 17(3) of the GDPR did not occur,
the right to demand that the controller restrict the processing of the data subject’s data (Article 18 of the GDPR) – Restriction of personal data processing causes that the Minister may only store personal data. The Minister may not transfer such data to other entities, modify or delete them. Restricting the processing of personal data is temporary and lasts until the Minister performs the assessment whether the personal data are accurate, processed in accordance with the law and necessary to achieve the purpose of processing.
the right to lodge a complaint with the President of the Personal Data Protection Office (Article 77 of the GDPR),
the right to data portability, includingthe right to receive their personal data in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Article 21 of the GDPR), where the processing both is based on a contract (is necessary to sign or to carry out a contract to which the data subject is party, according to Article 6(1)(b) of the GDPR) and is carried out by automated means (an outline is enough to save the data on the storage device),
the right to object to processing of personal data (Article 21 of the GDPR) – if the ground for the processing is the performance of public tasks of the controller (Article 6(1)(e) of the GDPR).

Filing an objection causes that the Minister will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The data are not subject to the process of automated individual decision-making, including profiling.

The United Kingdom has become just the second country, following the United States, to issue guidance for companies in the maritime shipping industry alerting them about common illicit and suspicious practices used to evade sanctions. The guidance further describes best practices for reducing sanctions risk exposure.

The Office of Financial Sanctions Implementation (OFSI), part of HM Treasury and the authority for the implementation of financial sanctions in the United Kingdom, issued the guidance July 27. It follows issuance of a similar advisory by the U.S. Departments of State and Treasury and the U.S. Coast Guard in May.

In its guidance, the OFSI warned, “illicit activity could occur across multiple sectors involved in the maritime industry.” Maritime insurance companies, charterers, unions, classification societies, oil companies and refineries, customs and port state controls, flag registries, and shipping industry associations are all exposed to financial sanctions risk.

The maritime guidance includes a discussion about high-profile sanctions regimes, include those in place for the Democratic People’s Republic of Korea, Iran, and Syria. It further advises companies refer to the relevant sanctions regulations to determine what restrictions apply in relation to any given regime.

Illicit shipping practices

“Individuals and entities with exposure to the maritime shipping sector should be aware of the non-exhaustive list of illicit practices below and ensure compliance and due diligence procedures take account of them,” the OFSI stated in the advisory.

Like the U.S. maritime sanctions guidance, the U.K. sanctions guidance goes into significant detail about common deceptive shipping practices, including:

Ship-to-ship transfers used to facilitate the illicit transfer of coal, crude oil, and petroleum products to evade sanctions;
Disabling or manipulating the automatic identification system (AIS) on vessels;
Cyber-attacks from cyber-focused military units tasked with generating income for the regime it reports to;
Bank accounts used as fronts to conduct transactions in violation of sanctions and facilitating illicit shipping practices;
Falsifying documentation accompanying maritime transactions; and
Physically concealing illicit cargo aboard a vessel.

Due diligence

The OFSI does not recommend any specific measures to mitigate deceptive shipping practices, only advising that each company “assess its own risks and put due diligence measures in place to manage these risks.” However, it does recommend a few general due diligence considerations, including the following:

Do your homework. “Companies conducting activity in or around high-risk jurisdictions should seek to have a robust understanding of the sanctions regulations in place, including the relevant obligations,” the OFSI said.

Consider AIS screening. Ship owners, charterers, insurers, flag registries, and port-state control entities may wish to consider “AIS switch off” clauses in contracts. “While AIS switch off does not necessarily confirm illicit shipping practices, it may be one of several indicators for consideration,” the OFSI said. “Due diligence could be enhanced, for example, through contacting vessels that have ‘gone dark’ by switching off their AIS. This is to better understand the cause of disconnection, noting such instances, and reviewing for trends.”

Consider subscription-based resources. Subscription-based resources may allow for checks on ownership structures, vessel flag information, details of home ports, and recently visited ports. “However, this information is also readily available online and can be accessed freely, which helps companies with limited resources to carry out a variety of checks to provide initial indicators of behavior,” the OFSI said.

Check validity of financial transactions. Suspected fraudulent letters of credit, bills of lading, loans, and other types of financial instruments should always be checked with the relevant institution for validity. Any person dealing with funds or economic resources owned, held, or controlled by a designated person (DP) or those operating on a DP’s behalf should immediately freeze the assets or funds and alert the OFSI.

Conclusion

Companies and sanctions compliance officers in the maritime industry should review both the OFSI maritime guidance in conjunction with the U.S. Global Maritime Advisory when determining what due diligence measures to put in place. Even companies with well-embedded enhanced due diligence measures in place should still consider conducting a review to ensure they’re accounting for all the deceptive practices highlighted in the maritime guidance documents.

Conversely, other companies whose due diligence practices are not as mature may find they’ll have to conduct a significant risk assessment to identify the red flags highlighted by the OFSI and get their due diligence processes up to par.

A client alert from law firm Eversheds Sutherland further recommends considering revisions to contractual clauses to ensure they address risks posed by, and offer protection against, deceptive shipping practices. Such provisions may include, for example, AIS-disablement provisions; corresponding termination rights to regulate vessel behavior in active transactions; and representations and/or warranties concerning the vessel’s past transactions, the law firm advised.

Breaches of financial sanctions come at hefty cost. Under the Policing and Crime Act of 2017, the OFSI has authority to impose monetary penalties of up to 50 percent of the value of the breach or up to £1 million (U.S. $1.3 million), whichever is higher.

The OFSI can also refer cases to law enforcement agencies for investigation and potential prosecution. Breaches of financial sanctions are considered a serious criminal offense and are punishable by up to seven years in prison on indictment or up to six months for a summary offense in England, Wales, or Northern Ireland, or 12 months for a summary offense in Scotland.

As law firm Clyde & Co. stated, “It is no coincidence that two of the world’s leading sanctions enforcement bodies have both issued guidance notes to the maritime industry within months of each other. Industry participants have been warned: There are now very clear expectations of what good sanctions compliance looks like.”

Source: complianceweek

CHICAGO, July 31, 2020 /PRNewswire/ — According to the new market research report “Maritime Satellite Communication Market by Component (Solutions and Services), Solution (VSAT and MSS), Service (Tracking and Monitoring, Voice, Video, Data), End User (Merchant Shipping, Offshore, Government), and Region – Global Forecast to 2025″, published by MarketsandMarkets™, the global Maritime Satellite Communication Market size is expected to grow from USD 2.3 billion in 2020 to USD 3.2 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 7.1% during the forecast period. Escalating the need for enriched data communication to improve operation efficiency, onboard security & surveillance, and employee/passenger welfare in maritime is driving the market.

Furthermore, the major factor driving the Maritime Satellite Communication Market is the need to attain improved connectivity between the land and sea operations and realizing benefits in faster repair times, preventative maintenance, fuel-saving, and real-time navigation.

Browse in-depth TOC on “Maritime Satellite Communication Market“

221 – Tables
42 – Figures
216 – Pages

Download PDF Brochure:

https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=113822978

Ka-band segment to account for the largest market size during the forecast period

This section studies the maritime satellite communication VSAT portfolio. Ka-band operates under frequency 26.5-40 GHz. It is an extremely high frequency, commonly used in HD satellite TV. It is used by the maritime industry to support marine VSAT services. Ka-band incurs significant implementation cost but relatively low maintenance. It is susceptible to rain fade. Inmarsat was the first company to provide Ka-band VSAT services. As more Ka-band bandwidth becomes available, other players also started using Ka-band to deliver their communication services.

The video service segment to account for the largest market size during the forecast period

The video service segment of the maritime satellite communication service includes streaming of high definition photos & videos and online TV channel broadcast services. Video services enable the crew to get in touch with family through videoconferencing, get information & update on news, sports, and favorite TV programs, and many other services. Live video service can help onboard technicians to get live assistance from experts to resolve problems. High-quality live video transfer needs reliability and sufficient bandwidth.

Speak to Analyst:

https://www.marketsandmarkets.com/speaktoanalystNew.asp?id=113822978

APAC to account for the highest market share during the forecast period

The Maritime Satellite Communication Market in APAC is the largest in terms of market size. APAC is the fastest-growing region in the Maritime Satellite Communication Market. Many countries in the APAC region are likely to adopt maritime satellite communication solutions owing to high demands, specifically in the oil and gas, merchant shipping, mining, and passenger shipping verticals. The APAC region is implementing maritime satellite communication solutions significantly. The maritime satellite technology has been adopted in this region to incorporate advanced communication networks to communicate with employees, such as crew working at remote offshore locations.

The major Maritime Satellite Communication Market vendors include Inmarsat (UK), Iridium Communications (US), Thuraya (UAE), Hughes Network Systems (US), KVH Industries (US), Viasat (US), Speedcast (Australia), ST Engineering (Singapore), NSSLGlobal (England), Marlink (France), ORBOCOMM (US), Navarino (Greece), Network Innovations (Canada), GTMaritime (England), AST Group (UK), Isotropic Networks (Wisconsin), Norsat International (Ontario), Satcom Global (Canada), Intelsat (US), and Orbit Communication Systems (Israel).

Browse Adjacent Markets: Satellite Communication Market Research Reports & Consulting

Related Reports:

Nanosatellite and Microsatellite Market by Component (Hardware, Software & Data Processing, Launch Services), Type (Nanosatellite and Microsatellite), Application, Vertical (Government, Defense, Civil), and Region – Global Forecast to 2025

https://www.marketsandmarkets.com/Market-Reports/nanosatellite-and-microsatellite-market-130496085.html

M2M Satellite Communication Market by Technology (Satellite Telemetry, VSAT, AIS), Communication Network Device (Satellite IP Terminals, Satellite Modems, Gateways), Service (Managed Service, Data), Vertical, Region – Global Forecast to 2020

https://www.marketsandmarkets.com/Market-Reports/m2m-satellite-communication-market-33741729.html

About MarketsandMarkets™

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies’ revenues. Currently servicing 7500 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the “Growth Engagement Model – GEM”. The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write “Attack, avoid and defend” strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets’s flagship competitive intelligence and market research platform, “Knowledge Store” connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

According to Naval Dome, the maritime industry has seen a 900% increase in cyber-attacks since 2017

Better late than never seems to be the motto being followed by the International Maritime Organization (IMO), which issued a deadline of January 2021 to shipowners and operators to address cyber risks in existing safety management systems (SMS). In 2013, Trend Micro, a cybersecurity firm in Japan, demonstrated how the automatic identification system (AIS) used by ships to broadcast their identity and position, could be manipulated and compromised. Besides AIS, which continues to be unencrypted and loaded with security flaws, even the rest of the OT infrastructure used in the maritime industry hasn’t kept up with evolving cyber risks. Let’s take a closer look at some of the systems that can potentially come under attack.

Cyber Risks in the Maritime Industry

The shipping giant, Maersk, fell victim to the NotPetya malware in June 2017, which resulted in financial losses of up to USD300m. It brought 76 port terminals across the world, and its container ships at sea to a halt. COSCO shipping lines, and Austal (an Australia-based ferry and defense shipbuilder), were also hit by a cyber-attack in 2018.

When we’re talking about cyber risks in the maritime industry, we need to consider not only information security risks that compromise the confidentiality of data, its integrity, and availability but also risks to operation technology (ICS/SCADA) systems. Some of the systems that might get impacted are as follows:

Navigation systems (ECDIS, Radar, GPS, etc.) can be manipulated using jamming and spoofing techniques.
Communication systems (sat link, AIS, GSM, etc.) can be targeted by attacking the wireless link.
Loading and stability of the ship can be modified by manipulating the EDIFACT messages to destabilize ships, cause delays at ports, change price details, etc.
Global Maritime Distress and Safety System (GMDSS) sends or receives distress alerts from ship-to-shore, shore-to-ship, and ship-to-ship. According to IOActive, terminals running on the insecure ThraneLink protocol are prone to attacks.
Ship and crew networks are often not properly segregated and can be compromised via email, social engineering attacks, malware downloads, etc.
Sensors (temperature, pressure, level, current, anemometer, etc.) connected to the shipboard LAN, if compromised, can lead to misrepresented data on the ship’s Electronic Chart Display and Information Systems (ECDIS).
Third-party updates and remote access to service providers on the shoreside can also be one of the attack vectors.

AIS, used for collision avoidance and traffic monitoring, receives the location data from GPS (or any location-sensing technology) and then broadcasts this information to nearby ships and onshore receivers. GPS manipulation and spoofed AIS data can make ships appear or disappear and create ‘ghost’ ships that could ultimately lead to collisions or unplanned changes to a ship’s route to avoid one. They can also cause a distorted view of commodity flows, supply and demand at ports, impact trading models due to false data, etc.

Figure 1: Working principle of AIS; Image Source: https://aulanautica.org/wp-content/uploads/2015/03/TEMARIO-PY-140.jpg

The shipping industry has been known to be vulnerable to GPS jamming and spoofing attacks. South Korea reported the return of 280 vessels to port due to problems in their navigation system in 2016, while, more recently, in 2019, spoofing attacks on hundreds of vessels were carried out in China.

Even without manipulating signals, sending phishing emails, or hacking into these systems using various channels, an attacker can collect a lot of information about their target merely by searching the internet. This information can be put to good use in the later stages of an attack.

Leveraging OSINT to Gather Ship Data

OSINT refers to Open Source Intelligence that relies on publicly disclosed resources to gather information about an entity of interest. The information collection process is carried out passively without any direct contact with the target. Public resources such as blog posts, social media sites, discussion boards, etc. are typically used though more specialized tools such as Shodan, Maltego, etc. can also be deployed.

Shodan is a powerful search engine for IoT devices. It can not only find VSATs, comm boxes, etc. but also list open ports on these devices and
vulnerabilities based on their technology stack. The screenshots below are from a Very Small Aperture Terminal (VSAT) device that discloses information such as the exact location of the ship, the vessel’s name, etc. Entering the latitude and longitude information on Google Maps pulls up the image of the ship on sea, nearby ports, etc.

Figure 2: VSAT Dashboard of a Ship

The user login and administration screens can also be accessed. A simple google search can be used to find the default credentials (admin/1234, in this case). Considering that most of these devices do not use SSL certificates, do not update their software versions or run on outdated hardware components, there is a fair chance that many of them would not have changed the default login credentials.

Figure 3: Login Screen

Figure 4: A CommBox with network config information revealed by hovering over the VSAT tab.

Figure 5: Vulnerability list and open ports from a VSAT on Shodan

Other details such as the flag under which the ship is sailing, call sign, IMO number, other vessels close to it, etc. can also be found using websites like MarineTraffic, VesselFinder, etc. They also feature a live tracking map that plots all the ships out on the sea and whose details can be obtained by clicking on an arrowhead.

Figure 6: Ship Details

Any malicious actor can launch an attack by sending phishing messages or emails to the crew currently working on these ships. Most of them have access to emails, messaging apps, or can be found via social media. The crew network is not always properly isolated from the ship network, and a foothold can potentially be gained via this channel. At the very least, there is a decent chance to phish the credentials used by the target crew member, especially if additional OSINT is done. MyShip is one such networking platform for seafarers running over an unsecured HTTP connection.

Figure 8: MyShip Portal

Figure 7: Crew member listing

Wrapping Up

According to a study done by Futurenautics in 2018, just under half of the active mariner respondents claimed to have sailed on a vessel compromised by a cyber-attack, and only 15% of seafarers received any form of cybersecurity training. These numbers are indicative of a general lack of awareness on safe security practices that can be improved through training and workshops. What will prove challenging is discontinuing obsolete components and upgrading systems to patch vulnerabilities, given that a ship’s operation technology can have dire physical impacts from accidental or malicious modifications.

Source: hackernoon

Newer Posts

Older Posts

Port of Baltimore strings cyber security through a federal grant

Port of Vladivostok joins TradeLens

CyberOwl nabs €2 million to increase global maritime cyber security

Why cyber security should start in the shipyard