BIMCO Archives - Page 14 of 15 - SHIP IP LTD

BIMCO And ICS Publish New Cyber Security Guide For Crew On Board.

The digitalisation of maritime operations and the reliance on technology and network connectivity for daily onboard and on shore operations means that shipping is vulnerable to the threat of cyber incidents.

To help crew prepare, both on the bridge and in the engine room, the new “Cyber Security Workbook for On Board Ship Use” includes several checklists of how to protect, detect, respond and recover from a cyber incident, and thereby offers a practical and easy to use guide for the master and the officers.

BIMCO is continuously raising awareness to shipowners on issues such as the cyber threat and helps lead the work by issuing industry guidelines to assist companies in formulating their own approaches to cyber risk management onboard. Based on contributions by BIMCO, IMO recently decided to identify cyber risks as specific threats, which companies should try to address to the same extend as any other risk that may affect the safe operation of a ship and protection of the environment. Guidance on these issues can be found in the Guidelines on Cyber Security Onboard Ships.

To protect multimillion-dollar floating assets, cyber risk should be managed as any other risk that may affect the safe operation of a ship and jeopardize the protection of the environment. The new workbook gives an easy introduction to incorporating cyber security into the ship’s management system.

“Cyber security risk management is not just an IT issue. Managing the complex interactions between technology and humans correctly will be key to avoid a cyber incident, and to recover from them, should an incident happen,” says Aron Frank Sørensen, Head of Maritime Technology and Regulation at BIMCO.

“I see the workbook as a valuable tool that will help officers manage cyber risks while carrying out their daily routines on board,” Sørensen says.
Source: BIMCO

 


Maritime Cyber security

The University of Plymouth has created a cyber security research lab that focuses on challenges faced by the shipping industry.

The £3 million ‘Cyber-SHIP‘ lab will complement the university’s existing maritime facilities which includes a simulator dedicated to training professional sailors.

The lab is a transformational step towards developing a national centre for research into maritime cyber security, according to Professor Kevin Jones, the executive dean for science and engineering and principal investigator for the project.

Jones believes that the lab will support a range of research and training that cannot be achieved with simulators alone. These will also facilitate the development and delivery of new maritime cyber provision for graduates, postgraduates, and industry.

“Cyber attacks are a Tier1 National UK threat. But, although the maritime sector is advancing technologically, it is not well protected against cyber or cyber-physical attacks and accidents,” he said.

“Worth trillions, it has an unmatched reach across international waters, which exposes people and goods to a diverse range of factors, putting the shipping industry at high risk. As such, this facility has never been more timely.”

The lab has been developed in partnership with shipping equipment manufacturers, port operators, shipbuilders, classification agencies, and insurance companies. Some of the areas it will look at include the cyber risk of autonomous ships, maritime cyber risk assessment, and the scope and impact of evolving tech on international shipping.

The project, which has been funded by Research England will last for three years with the hope that it will be self-sustaining by then. It aims to bring together a host of connected maritime systems currently found on an actual ship’s bridge. Cyber security experts will then assess these systems for vulnerabilities and identify the technology and skillsets needed to make them more secure.

The lab will feature cutting edge maritime technology including radar equipment, a voyage data recorder, an electronic chart display and information system, an automatic identification system, and communications devices.

 

SOURCE ITPRO


Cyber Adversaries Targeting Commercial Vessels

This bulletin is to inform the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels. Cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority such as: port @ pscgov.org. Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC) in accordance with Title 33 Code of Federal Regulations (CFR) §101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network.

As a reminder, suspicious activity and breaches of security must be reported to the NRC at (800) 424-8802. For cyber attempts/attacks that do not impact the operating condition of the vessel or result in a pollution incident, owners or operators may alternatively report to the 24/7 National Cybersecurity and Communications Integration Center (NCCIC) at (888) 282-0870 in accordance with CG-5P Policy Letter 08-16, “Reporting Suspicious Activity and Breaches of Security.” When reporting to the NCCIC, it is imperative that the reporting party notify the NCCIC that the vessel is a Coast Guard regulated entity in order to satisfy 33 CFR §101.305 reporting requirements. The NCCIC will in turn forward the report to the NRC that will then notify the cognizant Coast Guard Captain of the Port (COTP).

The Coast Guards urges maritime stakeholders to verify the validity of the email sender prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, vessel representatives should try contacting the PSC authority directly by using verified contact information. Additionally, vessel owners and operators should continue to evaluate their cyber defense meaures to reduce the effect of a cyber-attack. For more information on the NCCIC’s services, cyber-related information, best practices, and other resources, please visit: https://www.dhs.gov/CISA.

The Coast Guard applauds companies and their vessels for remaining vigilant in the identification and prompt reporting of suspicious cyber-related activities. Questions pertaining to this bulletin may be directed to the Coast Guard Office of Commercial Vessel Compliance’s Port State Control Division (CG-CVC-2) at PortStateControl@uscg.mil.

DOWNLOAD THE BULLETIN

 

 

 


Final preparations are underway for a 12-metre-long ship to set sail from Canada and attempt the world’s first transatlantic crossing without a crew.

 

TOLLESBURY, England: 

Final preparations are underway for a 12-metre-long ship to set sail from Canada and attempt the world’s first transatlantic crossing without a crew.

The USV Maxlimer, an unmanned surface vessel, is bound for the south coast of England and will conduct deep sea surveys on the way, guided by a skipper in a control station in Britain. The voyage is expected to take about 35 days.

The ship was built by Sea-Kit International, which develops vessels for the maritime and research industries, for the Shell Ocean Discovery XPRIZE, a competition to autonomously survey the sea bed.It can launch and recover autonomous underwater vehicles but has the potential to operate in different roles with different cargo.”(It is) almost like a utility pick-up vehicle of the sea, it’s robust, it’s adaptable, it’s got a huge range,” said SEA-KIT International Managing Director Ben Simpson.

The vessel is operated by a hand-held remote control when in harbour and when at sea it can stream live data to the controller via multiple satellite links.

“What is now available through technology is very, very similar to what you have on the bridge of a ship and in many ways, I would argue, even more comprehensive,” said James Fanshawe, a director of SEA-KIT.”The controller here in this station can actually see all the way round on the horizon near real-time and in many ships it’s quite difficult to actually even see what’s behind you from the bridge of that ship,” said Fanshawe.

COMMENT

The company said it sees a future for unmanned vessels as they can remove humans from harm’s way.The team said ships that do not need to accommodate people also have significant economic and environmental benefits.”You don’t need a bridge, you don’t need a galley, you don’t need water supplies, you don’t need air conditioning and suddenly the size of that vessel becomes a fraction of the size of vessels currently being used offshore,” Simpson said.The combination of size and hybrid diesel-electric propulsion cuts fuel use by around 95 percent, the company said.

 

SOURCE READ FULL ARTICLE


Singapore, Airbus Helicopters’ Skyways unmanned air vehicle has successfully completed its first flight demonstration at the National University of Singapore (NUS). The drone took off from its dedicated maintenance centre and landed on the roof of a specially designed parcel station where a parcel was automatically loaded via a robotic arm. Once successfully loaded with the parcel, the Skyways drone took off again and returned to land, demonstrating its automatic unloading capability.

This inaugural flight demonstration follows the launch of the experimental project with the Civil Aviation Authority of Singapore (CAAS) in February 2016 to develop an urban unmanned air system to address the safety, efficiency, and sustainability of the air delivery business in cities such as Singapore. The collaboration was subsequently extended in April 2017 with Singapore Post (SingPost) becoming the local logistics partner to the project.

Airbus Helicopters is the overall Skyways system architect and provider, contributing its capabilities in drone platforms as well as its concept of future parcel delivery. This concept involves systems and structures that allow drones to land, dock with secure structures, discharge or take on payloads, and then fly off to other destinations.

“Today’s flight demonstration paves the way positively to our local trial service launch in the coming months. It is the result of a very strong partnership among the stakeholders involved, especially the close guidance and confidence from the CAAS,” said Alain Flourens, Airbus Helicopters’ Executive Vice President of Engineering and Chief Technical Officer. “Safe and reliable urban air delivery is a reality not too distant into the future, and Airbus is certainly excited to be a forerunner in this endeavour.”

Airbus Helicopters is at an advanced stage of the Skyways project. The research and development phase is progressing well, with equipment and facilities installed at the NUS campus. Various tests are already underway, and the unmanned air system will be demonstrated in the university when the trial service commences this year. Campus students and staff will be able to make use of Skyways to have small parcels between 2kg and 4kg delivered to designated parcel stations within the campus, which is the size of 150 football fields.

“The Skyways project is an important innovation for the aviation industry. CAAS has been working closely with Airbus on the project, with an emphasis on co-developing systems and rules to ensure that such aircraft can operate in an urban environment safely and optimally. For Singapore, this project will help to develop innovative rules to support the development of the unmanned aircraft industry in Singapore. We are pleased with the good progress that Skyways is making and look forward to deepening our partnership with Airbus,” said Mr Kevin Shum, Director-General, CAAS.

“The urban logistics challenge is complex and an ecosystem of parcel lockers and autonomous vehicles will be a key piece to solving this puzzle,” said SingPost Group Chief Information Officer, Alex Tan. “The trial service that is taking off later this year will be an important step forward for SingPost in our efforts to develop solutions for the future logistics needs of Singapore and other cities of the world.”

“Project Skyways aligns with NUS’ vision of serving as a living lab to pilot innovative technologies and solutions. The NUS community is very excited to be the first in Singapore to experience this novel concept of parcel delivery by drones – an endeavour that could redefine urban logistics,” said NU Senior Deputy President and Provost, Professor Ho Teck Hua. “Students from the NUS Faculty of Engineering also have the opportunity to gain valuable experience as interns with Airbus for this project. We look forward to working closely with Airbus, CAAS and SingPost to carry out the campus-wide trial.”

An experimental project aimed at developing a safe and economically viable aerial unmanned parcel delivery system for use in dense urban environments, Skyways is one of a number of innovative Urban Air Mobility projects currently being researched at Airbus. These also include the Racer high-speed helicopter demonstrator, as well as the Vahana and CityAirbus autonomous flying vehicle concepts.

About Airbus
Airbus is a global leader in aeronautics, space and related services. In 2016 it generated revenues of €67 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats and business aviation products. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as one of the world’s leading space companies. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.

SOURCE READ FULL ARTICLE


Overview

BIMCO’s Documentary Committee has agreed a new standard Cyber Security Clause that requires the parties to implement cyber security procedures and systems, to help reduce the risk of an incident and mitigate the consequences should a security breach occur.

In the wake of recent costly cyber security incidents involving large shipping companies, cyber security has become a major focus in the maritime industry.

BIMCO has taken a lead position on cyber security issues through its active role at the International Maritime Organization and by co-authoring the “Industry Guidelines on cyber security onboard ships”. The development of the BIMCO Cyber Security Clause has been an important part of this initiative.

The clause has been written by a small drafting team, led by Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm, and will be published towards the end of May.

“I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident,” says Inga Frøysa.

Sharing relevant information

The clause is drafted in broad and generic language which allows for it to be used in a wide range of contracts and in a string of contracts for easy back-to-back application. It is hoped that the clause will assist parties in obtaining affordable insurance for their cyber security exposure, as the clause introduces a cap on the liability for breaches.

“It was very important to the subcommittee to impose an obligation on the parties to keep each other informed if a cyber security incident should occur, and to share any relevant information, which could assist the other party in mitigating and resolving an incident as quickly as possible,” Frøysa says.

This is done through a two-fold notification process. Firstly, through an immediate notification from the party who becomes aware of an incident to the other party. Secondly, through a more detailed notification once the affected party has had the chance to investigate the incident.

The clause also requires the parties to always share subsequent information, which could assist the other party in mitigating or preventing any effects from the incident.

The level of required cyber security will depend on many elements such as the size of the company, its geographical location and nature of business.

The clause takes this into account by stipulating that the parties must implement “appropriate” cyber security. The clause also requires each party to use reasonable endeavors to ensure that any third-party providing services on its behalf in connection with the contract, has appropriate cyber security.

SOURCE BIMCO


Maritime cyber risk management: boiling the ocean or storm in a tea cup?

 

Is the shipping industry’s most valuable commodity also its biggest risk?

As one of the world’s oldest industries, the shipping industry has capitalised on its capability to move assets around the world for thousands of years. Whether for trade, military or tourism, there are more than 50,000 ships world-wide that currently navigate our waters and facilitate both thriving economies and promote nation state security.

Know your risks and implement security measures

Our recent maritime report has explored the cyber security challenges that the maritime industry is facing now and will likely face in the future. With the increasing trend of attackers turning their attention to ships and shipping operations, more needs to be done to identify cyber risks at sea and mitigate them – a method to begin this process is to perform a risk assessment. Traditionally, a business might perform a risk-assessment periodically, say on a yearly basis, to identify what security risks need addressing, and follow this with implementing the right measures to protect against these risks occurring.

But what happens when your risk profile is constantly changing? All variables such as a ship’s cargo, employees and geography can change drastically within 24 hours as a ship makes its journey across the world and participates in trading. The main inputs to assessing risk are therefore constantly changing, significantly more than your standard business who needs to implement cyber security measures – so how is it feasible to have confidence that ships are implementing the right security in such a unique situation?

What are the key changing risk factors?

We have identified the main factors impacting cyber security that are associated with the constant movement of trade ships as follows:

  • Route: A ship relies on multiple navigation technologies to get it safely from point A to point B without damaging it, its cargo or risking life onboard. But what if malware could ever so slightly change measurements over time, à la Stuxnet. This would have little impact in the Pacific; but in the Panama Strait it would be catastrophic and the perfect attack for criminals to launch in order to then loot a ship.
  • Cargo: A ship will be carrying multiple cargos of different market value during its route and over time. These cargos may also have different value to different territories and groups.  Cargo systems can be compromised providing intelligence to criminals who can subsequently target specific cargo ships and resell on the black market. For example, pharmaceuticals would be an attractive target due their high value on the black market.
  • Piracy: There are certain areas of the world which may be at higher risk of attack from piracy, such as the seas that border Eastern Africa. Not only could the cargo training systems be tracked to identify when ships are carrying precious cargo like gold; we understand that pirates could also manipulate systems and spoof the position of ships in distress. This would result in a longer period of time for them to carry out their physical attacks.
  • Ports and business operations: Shipping staff may engage with multiple ports and succumb to various operational processes each time, notably payment and administration regarding docking. Threat groups have been known to track ships and spoof emails to shipping companies to request payment for their upcoming or previous docking. This has resulted in ships losing money as they have been unable to distinguish what is the legitimate process for these payments – made harder when a ship uses many ports over a short period of time.

READ FULL ARTICLE


Maritime Cybersecurity Operations Center opens in Singapore

The Maritime and Port Authority of Singapore (MPA) has opened a new Maritime Cybersecurity Operations Centre (MSOC), to provide early detection, monitoring, analysis and response to potential cyber-attacks on the port state’s critical maritime information infrastructure.

The MSOC will be operated by ST Engineering at its Singapore Hub, and will conduct 24/7 monitoring and correlate data activities across all maritime Critical Information Infrastructure (CII) systems.

MPA says that the facility will have the capability to detect and monitor cyber-attacks by analysing activities in the IT environment, recognise anomalies and threats, and then initiate a response using a range of technology systems.

Key data linkages will also be established between MSOC and Singapore’s Port Operations Control Centre, in order to respond to cyber incidents in a more collaborative manner.

“Cyber threats come in many forms and have been rising steadily across the globe. As the world’s busiest transhipment hub, it is important that we safeguard our maritime and port critical infrastructure to prevent a major disruption to port operations and delivery of services,” said Niam Chiang Meng, Chairman of the Maritime and Port Authority of Singapore (MPA).

In addition to setting up MSOC, MPA has also introduced other initiatives to strengthen the cybersecurity readiness of the maritime sector, having collaborated with the Singapore Shipping Association and Singapore Polytechnic to develop a new Maritime Cybersecurity (Intermediate) Training Course for maritime personnel.

The one-day course, to be rolled out in first half of next year, will be built upon an existing basic course to allow participants to further expand their knowledge of cyber risk management and counter-measures from a practitioner’s perspective.

Other new cyber initiatives include a Maritime Cybersecurity Research programme that has been created as a collaborative effort between MPA, the Singapore Maritime Institute and other local institutes of higher learning, which will focus on the protection of shipboard systems from cyber threats, and an expansion of the existing Port Authorities Roundtable initiative to encourage greater sharing of intelligence relating to maritime cybersecurity.

SOURCE FULL ARTICLE


BIMCO has co-sponsored a proposal at the 43rd session of the Facilitation Committee (FAL 43) held at the IMO Headquarters on 8-12 April, putting anti-corruption formally on the IMO agenda going forward.

 

This week, a maritime corruption paper was presented at the 43rd session, including a request to the International Maritime Organization (IMO) to make maritime corruption a regular work item.

The paper received solid support from 23 countries and international organizations, including BIMCO who attended the meeting, and it was decided that the IMO will work on a maritime corruption guidance expected to be completed by 2021.

“We are very pleased that the IMO will now discuss the issue of maritime corruption in the FAL Convention and that the IMO will now come up with guidance to help our members by addressing corruption,” says Aron Sorensen, Head of Maritime Technology & Regulation at BIMCO.

“No less than 23 countries and international organisations supported the anti-corruption paper, marking a new step towards a stronger fight against corruption in our industry,” Sorensen says.

To assist its members, BIMCO has developed an Anti-Corruption Clause for Charter Parties that addresses the situation by providing market users with a regime for responding to unlawful demands for gifts.

 

SOURCE READ FULL ARTICLE


BIMCO : The Guidelines on Cyber Security Onboard Ships

Cyber threats are constantly evolving which requires a regular review of all cyber related processes on board ships to allow for successful protection against cyber attacks. We are pleased to announce that today various maritime industry organisations published a revised third version of the “Guidelines on Cyber Security onboard Ships”. The document provides guidance to shipowners and operators on how to assess their operations and develop procedures to strengthen cyber resilience on board their ships. The Guidelines will continue to be updated regularly to mirror the evolution of cyber security threats and to outline new measures to mitigate against dynamic cyber risks.

Key updates in Version 3.0 include:

  • the requirement to incorporate cyber risks in the ship’s safety management system (SMS);
  • more detailed information related to the risk assessments of operational technology (OT);
  • increased guidance for dealing with the risks in the ship’s supply chain;
  • cases studies of verified cyber incidents onboard ships to highlight and illustrate potential problems.

Version 3.0 of the Guidelines can be downloaded HERE


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED