CONSULTANCY Archives - Page 2 of 3 - SHIP IP LTD

Specialist insurer Beazley has created an innovative marine cyber insurance product to meet the rapidly developing needs of vessel owners and operators.

Should a cyber incident impact a vessel’s operational capabilities, Beazley Cyber Defence for Marine provides insurance for physical damage and loss of hire.

At the heart of the product are risk management services designed to reduce the likelihood of a cyber incident occurring and demonstrate compliance with forthcoming International Maritime Organization (IMO) guidelines. By 1st January 2021, vessel owners and operators must have incorporated measures to manage cyber risk into their existing risk management processes, which have traditionally focused on the physical risks to safe shipping operations.

There are three elements to the risk management services included within Beazley’s product: a self-assessment questionnaire; a cyber security workshop; and an on-board cyber survey.

The product has been launched at a time when operational technology has become more digitalised. New challenges have also arisen out of greater interconnectivity between shore-based and on-board systems, including those responsible for navigation, propulsion and power control. A breach of an operating system on board a vessel could, for example, lead to a grounding or collision.

The cover, which focuses on the operational technology of vessels, complements Beazley’s other marine products and existing cyber cover for information technology systems. It can be bought on a standalone basis or as part of a package.

Richard Young, Beazley’s head of hull and war, said: “Ship owners and operators are dealing with the increased threat of cyber-attack as well as the impact of human error and increasingly interlinked vessel operating technology and IT systems. Our preparation services reduce the risk of an incident occurring and the indemnity provides owners with clear cover and limits. Should the worst happen and a cyber incident impacts the smooth running of vessels, clients can be confident they are protected with affirmative cyber cover.”


BIMCO and INTERTANKO have jointly published Q&As addressing the contractual implications owners and charterers should keep in mind when chartering ships fitted with scrubbers. The Q&As highlight the key charter party clauses and concepts which should be reviewed for both time and voyage charter parties.

“We are pleased to have worked with BIMCO to provide advice and assistance for owners who have chosen this route to 2020 compliance. We will continue to develop the Q&As as experience of scrubber use develops,” said Michele White, General Counsel at INTERTANKO.

BIMCO’s Head of Contracts and Clauses, Grant Hunter, adds:

“We regularly receive questions about chartering issues relating to scrubber-fitted ships. These Q&As jointly produced with INTERTANKO will offer many useful answers as well as guidance.”

The Q&As consist of three parts. The first part deals with the implications of using scrubber-fitted ships under time charter parties, the second part deals with voyage charter parties and the third part addresses general considerations such as enforcement, fines and prohibition of open-loop scrubbers.

The main focus is on time charter parties as it is expected that this is where the use of a scrubber will have the greatest impact.

BIMCO and INTERTANKO have individually published clauses addressing the coming into force of MARPOL Annex VI Regulation 14 and 18 dealing with the reduction of sulphur oxide emissions from the current 3.50% m/m to 0.5% m/m. However, these clauses do not deal with the special operational, technical and commercial requirements of scrubbers installed on ships.

In early 2019, a BIMCO and INTERTANKO working group discussed whether there was a need for a dedicated “scrubber clause”. The working group concluded that, for the time being, no “scrubber clause” should be published. This is because the scrubber is, once installed, a “normal” piece of equipment and does not require any special status or special legal regime. The existing standard clauses (such as off-hire, drydocking and maintenance) will work in a time charter context in cases when the scrubber is not working.

 

The Q&A document is available to download from the BIMCO and INTERTANKO websites:

BIMCO: https://www.bimco.org/BIMCO-INTERTANKO-Scrubber-QA

INTERTANKO: https://www.intertanko.com/info-centre/intertanko-guidance


Overview

BIMCO’s Documentary Committee has agreed a new standard Cyber Security Clause that requires the parties to implement cyber security procedures and systems, to help reduce the risk of an incident and mitigate the consequences should a security breach occur.

In the wake of recent costly cyber security incidents involving large shipping companies, cyber security has become a major focus in the maritime industry.

BIMCO has taken a lead position on cyber security issues through its active role at the International Maritime Organization and by co-authoring the “Industry Guidelines on cyber security onboard ships”. The development of the BIMCO Cyber Security Clause has been an important part of this initiative.

The clause has been written by a small drafting team, led by Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm, and will be published towards the end of May.

“I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident,” says Inga Frøysa.

Sharing relevant information

The clause is drafted in broad and generic language which allows for it to be used in a wide range of contracts and in a string of contracts for easy back-to-back application. It is hoped that the clause will assist parties in obtaining affordable insurance for their cyber security exposure, as the clause introduces a cap on the liability for breaches.

“It was very important to the subcommittee to impose an obligation on the parties to keep each other informed if a cyber security incident should occur, and to share any relevant information, which could assist the other party in mitigating and resolving an incident as quickly as possible,” Frøysa says.

This is done through a two-fold notification process. Firstly, through an immediate notification from the party who becomes aware of an incident to the other party. Secondly, through a more detailed notification once the affected party has had the chance to investigate the incident.

The clause also requires the parties to always share subsequent information, which could assist the other party in mitigating or preventing any effects from the incident.

The level of required cyber security will depend on many elements such as the size of the company, its geographical location and nature of business.

The clause takes this into account by stipulating that the parties must implement “appropriate” cyber security. The clause also requires each party to use reasonable endeavors to ensure that any third-party providing services on its behalf in connection with the contract, has appropriate cyber security.

SOURCE BIMCO


Maritime cyber risk management: boiling the ocean or storm in a tea cup?

 

Is the shipping industry’s most valuable commodity also its biggest risk?

As one of the world’s oldest industries, the shipping industry has capitalised on its capability to move assets around the world for thousands of years. Whether for trade, military or tourism, there are more than 50,000 ships world-wide that currently navigate our waters and facilitate both thriving economies and promote nation state security.

Know your risks and implement security measures

Our recent maritime report has explored the cyber security challenges that the maritime industry is facing now and will likely face in the future. With the increasing trend of attackers turning their attention to ships and shipping operations, more needs to be done to identify cyber risks at sea and mitigate them – a method to begin this process is to perform a risk assessment. Traditionally, a business might perform a risk-assessment periodically, say on a yearly basis, to identify what security risks need addressing, and follow this with implementing the right measures to protect against these risks occurring.

But what happens when your risk profile is constantly changing? All variables such as a ship’s cargo, employees and geography can change drastically within 24 hours as a ship makes its journey across the world and participates in trading. The main inputs to assessing risk are therefore constantly changing, significantly more than your standard business who needs to implement cyber security measures – so how is it feasible to have confidence that ships are implementing the right security in such a unique situation?

What are the key changing risk factors?

We have identified the main factors impacting cyber security that are associated with the constant movement of trade ships as follows:

  • Route: A ship relies on multiple navigation technologies to get it safely from point A to point B without damaging it, its cargo or risking life onboard. But what if malware could ever so slightly change measurements over time, à la Stuxnet. This would have little impact in the Pacific; but in the Panama Strait it would be catastrophic and the perfect attack for criminals to launch in order to then loot a ship.
  • Cargo: A ship will be carrying multiple cargos of different market value during its route and over time. These cargos may also have different value to different territories and groups.  Cargo systems can be compromised providing intelligence to criminals who can subsequently target specific cargo ships and resell on the black market. For example, pharmaceuticals would be an attractive target due their high value on the black market.
  • Piracy: There are certain areas of the world which may be at higher risk of attack from piracy, such as the seas that border Eastern Africa. Not only could the cargo training systems be tracked to identify when ships are carrying precious cargo like gold; we understand that pirates could also manipulate systems and spoof the position of ships in distress. This would result in a longer period of time for them to carry out their physical attacks.
  • Ports and business operations: Shipping staff may engage with multiple ports and succumb to various operational processes each time, notably payment and administration regarding docking. Threat groups have been known to track ships and spoof emails to shipping companies to request payment for their upcoming or previous docking. This has resulted in ships losing money as they have been unable to distinguish what is the legitimate process for these payments – made harder when a ship uses many ports over a short period of time.

READ FULL ARTICLE


cyber-1654709-696x392.jpg

GDPR TMSA Cyber Security

 

Tanker owners should be prepared for new EU and IMO cyber security regulations as they must already comply with maritime security requirements under OCIMF’s TMSA 3, writes Martyn Wingrove

There are increasing amounts of cyber security-related regulations that shipping companies will have to comply with, but tanker owners are already ahead of the game. Ship operators will need to include cyber in ship safety and security management under the ISM Code from 1 January 2021.

Before that, they need to be aware of cyber and data security regulations, including the EU general data protection regulation (GDPR) and the EU directive on the security of networks and information systems (NIS).

Much of the requirements under these forthcoming or new regulations are already within Oil Companies International Marine Forum (OCIMF)’s third edition of the Tanker Management and Self Assessment (TMSA) best practice guidelines. This came into force on 1 January this year, with a new element on maritime security and additional requirements of key performance indicators and risk assessments.

Regulation changes were outlined at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, which was held in London on 15 June. The event was held in association with Norton Rose Fulbright, whose head of operations and cyber security Steven Hadwin explained that “data protection and cyber security needs to be taken seriously from a legal point of view.”

Data, such as information on cargo and charterers, could “become a considerable liability”. If data is lost “then GDPR could be in play” said Mr Hadwin. Regulators “could impose a fine of up to 4% of that organisation’s global annual turnover.”

PwC UK cyber security director Niko Kalfigkopoulos explained the legislation and reasoning behind the NIS Directive, which went into full effect in May this year.  “These regulations have teeth” he said because of the potential size of fines and damage to a company’s reputation from being a victim of a cyber attack. This is one of the reasons why boardroom executives should be aware and understand what is required for compliance.

Class support

During the summit, class societies provided cyber security guidance as they collectively attempted to define cyber secure ship notations. Lloyd’s Register cyber security product manager Elisa Cassi said shipping companies should have a third party monitor their IT network and the operational technology (OT) and employ staff to “stop people sharing data or compromising procedures”.

Tanker owners “need to identify any compromise before an attacker tries to penetrate”, Ms Cassi explained, noting that shipping companies need to “investigate the vulnerabilities through analytics and machine learning”, understand the behaviour of potential threats and use predictive analysis.

ABS advanced solutions business development manager Pantelis Skinitis said shipowners need to change passwords on operational technology, such as ECDIS and radar, as some remain unchanged since they were originally commissioned on the ship. He also advised owners to verify vendors and service engineers and that their USB sticks are clean of malware.

ABS has created cyber safety guidance for ship OT, particularly for ships coming into US ports and terminals. In its development, ABS identified the risks, vulnerabilities and threats to OT. “Managing connection points and human resource deals with the biggest threat to OT systems on board,” said Mr Skinitis.

DNV GL has developed new class notations covering cyber security of newbuildings. It has also produced an online video for instructing shipping companies to become more aware of cyber threats. During the summit, DNV GL maritime cyber security service manager Patrick Rossi said ship operators should set up multiple barriers to prevent hackers.

These should include firewalls, updated antivirus, patch management, threat intelligence, intrusion detection, emergency recovery and awareness testing. OT should be segregated from open networks, only official ENC-provider USBs and update disks should be used and cleaned of malware before being inserted into ECDIS and these systems should be segregated from the internet.

Cyber regulations and guidance for shipping

EU General Data Protection regulation (GDPR) came into effect from 25 May 2018

IMO – Resolution MSC.428(98) – from January 2021 cyber security will be included in the ISM Code

TMSA 3 – cyber security was added to tanker management and assessment in January 2018; EU directive on the security of networks and information systems (NIS Directive) from May 2018

EU privacy rule (PECR) of individuals traffic and location data

Rightship added cyber security to inspection checklist

BIMCO – guidelines based on International Association of Classification Societies

 

CLICK – SOURCE READ FULL ARTICLE


amsa-inspector.jpg

AMSA Pre PSC Audit

ATTENTION : WE ARE EXPERIENCING AN INCREASED PORT STATE ACTIVITY IN AUSTRALIA.

AMSA IS CLOSELY LOOKING AT WORK/REST HOURS ,WAGES , PROVISIONS AND EMERGENCY GENERATOR BLACK OUT TESTS.

While in an Australian port, your ship may be subject to inspection. If your ship is found to have deficiencies, it may be detained until the issue is resolved.

The AMSA is looking for pre-existing deficiencies that are not reported prior to a vessels arrival or at the time of initial port State boarding.  The increased scrutiny is resulting in a significant increase in AMSA detentions.  The AMSA inspector will ask if there are any deficiencies and if the inspector finds pre-existing deficiencies, and appropriate corrective action has not been initiated, they will assume the owner/Master intends to sail with the deficiencies un-addressed and will issue a detention.

To prevent a vessel detentions and avoid costly delays owners, operators, DPA’s should require Master’s and crew to report any inoperable equipment, system, etc., and ensure corrective action has been initiated, in accordance with the company’s Safety Management System.

The following are examples of pre-existing deficiencies that resulted in detentions and could have been avoided had they been reported in advance and corrective action initiated:

  • Failure to report Sewage treatment plant as defective
  • Failure to report cargo holds ventilators cover and gooseneck ventilators unable to close watertight.
  • Failure to report fire dampers, fore peak vent heads, fire detection repeater, defective.
  • Failure to report lifeboats, rescue boats and  on load release arrangement defective.
  • Failure to report problems related to Emergency generator.
  • Failure to report Radio and communication equipment defective.
  • Bridge officers are using unapproved ECDIS for navigation

For your information AMSA has and will detain a vessel if:

  1.  It does not have up to date charts, and navigational publications, repeated use of scanned charts from previous voyages and
  2. The crew cannot successfully demonstrate the operation of the:
    1. OWS,
    2. ECDIS, and
    3. Emergency fire pump.

SHIP IP LTD – can prepare your vessel(s) for such an inspection – In case you have vessel(s) calling at Singapore soon please get in contact with us so we can arrange on-board attendance  !


ships-are-vulnerable-to-cyber-attacks-due-to-maritime-platform-flaw-1.jpg

Maritime Cyber Attack

Cyber attacks like the NotPetya malware that struck Maersk are raising concerns about cyber risk and its effects on resilience, according to specialty insurer XL Catlin

Shipping industry firms and port operators are worried about linkage between cyber-attacks and supply chain risk, insurer XL Catlin has warned.

Big interdependencies between systems mean maritime firms face major business continuity risks from online threats.

“The problem is that nobody knows, other than the computer systems, where your goods are,” said Pascal Matthey, head of global lines for marine risk engineering at XL Catlin.

“You might never find your container again. Refrigerated containers might lose power, which would mean huge damage,” said Matthey.

Maersk was among those organisations worst hit by the NotPetya contagious malware attack last year.

The global shipping and logistics firm had to reinstall some 4,000 servers, 45,000 PCs, and 2,500 applications; the process took 10 days and cost the company around $450m.

The company was forced to temporarily switch to manual systems – pen and paper, and lots of overtime – resulting in a temporary 20% drop in volumes.

Another cyber-attack, revealed in 2013, struck two shipping companies operating in the Belgian port of Antwerp, and had reportedly gone undetected for about two years before that.

An organised crime group allegedly used hackers to infiltrate computer networks, allowing cocaine and heroin, hidden in containers shipped from South America, to be intercepted by criminals.

“The idea was not to harm the port but to get things out by hacking the system,” said Matthey, based in the specialty insurer’s Zurich office.

He warned about the potentially catastrophic consequences of a cyber-attack by terrorists, such as targeting a ship and interfering with its steering or navigation to cause a collision in congested waters, such as a port or major trade artery such as the Panama Canal.

Maritime Cyber Attack

“What happened on 9/11, you could perhaps now do with a ship, by steering a large vessel into an oil or gas terminal, which could have disastrous consequences,” said Matthey.

XL Catlin is among those re/insurance firms involved in developing blockchain applications – distributed ledger technology for smart contracts, sharing data instantaneously between the relevant counterparties.

A new blockchain platform for marine insurance contracts at XL Catlin and MS Amlin is expected to go live this year.

Maritime Cyber Attack

SOURCE STRATEGIC RISK READ FULL ARTICLE 


mindthegap-1200x511.png

MARITIME CYBER RISK !

The insurance losses and liabilities arising from cyber risks is an increasing area of focus for both shipowners and their insurers, argues Mr. Adrian Durkin, Director (Claims) and Mr. Colin Gillespie, Deputy

Potentially owners may be exposed to gaps in cover arising from cyber incidents – an unsatisfactory situation in today’s connected world. For example, an owner’s hull and machinery insurance may contain a cyber risk exclusion which mirrors, or is derived from, institute clause 380.

There are also cyber exclusions in war risk policies that relate to computer viruses. The war risks clause is derived from market clause 3039. Many other market insurance policies specifically exclude losses or liabilities arising as a result of cyber risks.

Why is Cyber Excluded?

Cyber risks present a range of issues for insurers. Cyber risks are relatively new – claims data relating to these risks is quite limited. Another difficulty is that cyber security is not yet well established in the maritime industry. The sheer complexity of the information technology, operational technology and internet available across the industry also presents a challenge, as does the potential for cyber problems to spread quickly across the globe. As a result the likelihood, extent and costs associated with claims involving cyber risks are difficult to calculate and potentially significant, hence the reluctance to offer cover.

It is in an owner’s interests to scrutinise their various policies in order to identify potential gaps in their insurance cover. It is possible to close the gaps by working with insurers and brokers. This may require owners to demonstrate that they have robust cyber risk management practices in place both ashore and afloat. An additional premium may be payable. The market is responding to these risks – albeit slowly.

P&I Cover for Cyber Risks

The International Group of P&I Clubs’ poolable cover does not exclude claims arising from cyber risks.

This means that club members benefit from the same level of P&I cover should a claim arise due to a cyber risk, as they would from such a claim arising from a traditional risk. As always cover is subject to the club rules.

While there are currently no internationally agreed regulations in force as to what constitutes a prudent level of cyber risk management or protection, this does not mean that owners, charterers, managers or operators of ships can ignore the need to take proper steps to protect themselves in the belief that their club cover will always respond.

If a claim with a cyber element arises, an owner may need to demonstrate that they took all obvious steps to prevent foreseeable loss or liability. As more and more potential cyber risks are being identified, clubs will expect to see the operation of sensible and properly managed cyber risk policies and systems both ashore and on vessels.

MARITIME CYBER RISK

Don’t delay – act now

Barely a month goes by without news of a major cyber-attack affecting a large or high profile commercial or government entity. Cybercrime is a rapidly growing global threat in all industries and the maritime supply chain is vulnerable as the problems experienced by Maersk in 2017 have demonstrated. In that incident problems ashore had a knock on effect on vessels, highlighting the fact that as marine transport operations become more connected, the more chance there is of problems impacting across the system both ashore and afloat.

The authorities and large charterers are concerned about the risk to operations ashore and afloat and are taking steps to drive change in the industry. Actively managing cyber risks is now both a commercial and compliance priority.

Cyber Risks & ISM Code

The IMO’s Maritime Safety Committee (MSC) has confirmed that cyber risks should be managed under the ISM Code.

Resolution MSC.428(98) affirms that an approved safety management system should take into account cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

TMSA 3

Cyber risk management has been included in TMSA 3 under elements 7 and 13. KPI 7.3.3 includes cyber security as an assigned responsibility for software management in the best practice guidelines. Under element 13 cyber security is specifically identified as a security threat to be managed. It seems clear that the oil industry has recognised the need for action from tanker owners and is encouraging action through commercial pressure via TMSA 3. For tanker operators the time to act is already here.

Rightship Inspections

Cyber risk management now forms part of Rightship inspections and a company’s cyber security maturity may be one aspect dry bulk charterers will take into account.

A Daunting Task?

The prospect of dealing with cyber security will be daunting for many shipping companies. It’s new, involves things that may not be fully understood, and most of us are not likely to have received any formal training in such risks.

What is a definite plus is that shipping companies will be very familiar with the risk management framework suggested by the IMO Guidelines on Cyber Risk Management and industry Guidelines on Cyber Security Onboard Ships. We can also use the experience gained in other sectors of industry that have already put cyber security systems in place.

2021 is not far away, but the potential for cyber risks to result in losses or liabilities is clearly already upon us.

Cyber risks can affect almost every part of a shipping company. There will be lots to do to identify risks and vulnerabilities and to take steps to prepare for, and respond to, cyber threats. It’s time for us all to act.

By Adrian Durkin, Director (Claims) & Colin Gillespie, Deputy Director (Loss Prevention), North P&I Club


asianmoth1.jpg
Asian Gypsy Moth – Introduction
The Asian Gypsy Moth (AGM) is a highly destructive forest pest that feeds on both deciduous and coniferous trees.
The voracious appetite of AGM larvae (caterpillars) coupled with the ability of the female moth to travel up to 21 nautical miles can cause widespread defoliation leaving trees weakened and susceptible to disease and other pests.
AGM is found in the Far East with a high risk of infestation of vessels with AGM eggs in Korea, Northern China (North of
Shanghai; North of latitude 31 ̊15’N), and in particular in the Russian Far East and Japan during the flight season of the female moth.
Due to the destructive nature of the AGM, the following countries, where the pest is not indigenous, have procedures
in place to prevent AGM entering on vessels and becoming established:
•Australia
•Canada
•Chile
•New Zealand
•United States
Inspections
The inspection of vessels for the presence of egg masses, their removal and disposal are the principal tools in preventing AGM
becoming established in new regions. Some destination countries require vessels that have called in high risk countries
during the flight season to be inspected for the presence of AGM by a nominated authority immediately prior to departure.
If no signs of AGM infestation are found, the nominated authority will issue the vessel with certification stating that it is free of AGM; depending on the issuing authority the certificate may be a “Certificate of Inspection of Freedom from the Asian Gypsy Moth” or a “Phytosanitary Certificate”. If multiple ports in the same country or a number of ports in different countries within the high risk area are visited, the official inspection
should be undertaken immediately prior to departure from the last port in the high risk area.

asianmoth1.jpg

SHIP AGM CERTIFICATION

Is your vessel FREE OF AGM ? Call SHIP IP LTD TODAY to arrange an Inspection on board your vessels calling at Singapore!

Vessels which fail to comply with such requirements or which are found to be carrying AGM after inspection may be ordered into international waters till they are deemed to be completely risk free.

SHIP IP LTD NETWORK OF INSPECTORS CAN ARRANGE ATTENDANCE ON YOUR VESSELS AT SINGAPORE !

The Asian Gypsy Moth (AGM) is an exotic and highly destructive forest pest which is native to Far East countries such as Japan, Russia, China and Korea. AGM have the ability to cause extensive defoliation of trees, either killing them or leaving them weakened and open to other diseases and pests.

The AGM’s flight season, i.e. the period during which the females lay eggs, normally runs between June and September. Therefore, ships calling in those Far Eastern ports where AGM are found in high density during such period are likely to be infested with egg masses on some part of the cargo or external area of the vessel.

Female AGM are attracted towards bright lights, thus any part of the vessel which is lit up has a high chance of being deposited with egg masses. Such egg masses are extremely tough and resistant to changes in temperature as well as moisture. Once deposited on the structure of the vessel, usually in sheltered locations, they travel well and are very tough to displace. After they hatch, the ability of the female moth to travel as far as 21 nautical miles, along with its voracious appetite to feed on trees and shrubs, makes it a highly invasive species that poses a serious threat to the landscape and natural resources of a country.

Due to these reasons, certain countries where the AGM is not indigenous have put into place procedures in order to prevent vessels which may be carrying such pests from entering their ports. They include the United States, Canada, Australia, New Zealand and Chile.

Such procedures consist of the requirement of certification from the port of departure in high risk areas verifying that the vessel is free from AGM and also inspections at the port of arrival of ships suspected of carrying AGM onboard.

Please contact us TODAY for a FREE Obligation Quotation – Our Network being trusted by TOP Maritime Companies!

SHIP IP Ltd

| T: ( +30) 211 850 1121
| e: sales@shipip.com
| w: http://localhost/shipip


Twitter

@AnyawbSales - 1 year

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released

Photo Gallery