Specialist insurer Beazley has created an innovative marine cyber insurance product to meet the rapidly developing needs of vessel owners and operators.

Should a cyber incident impact a vessel’s operational capabilities, Beazley Cyber Defence for Marine provides insurance for physical damage and loss of hire.

At the heart of the product are risk management services designed to reduce the likelihood of a cyber incident occurring and demonstrate compliance with forthcoming International Maritime Organization (IMO) guidelines. By 1^st January 2021, vessel owners and operators must have incorporated measures to manage cyber risk into their existing risk management processes, which have traditionally focused on the physical risks to safe shipping operations.

There are three elements to the risk management services included within Beazley’s product: a self-assessment questionnaire; a cyber security workshop; and an on-board cyber survey.

The product has been launched at a time when operational technology has become more digitalised. New challenges have also arisen out of greater interconnectivity between shore-based and on-board systems, including those responsible for navigation, propulsion and power control. A breach of an operating system on board a vessel could, for example, lead to a grounding or collision.

The cover, which focuses on the operational technology of vessels, complements Beazley’s other marine products and existing cyber cover for information technology systems. It can be bought on a standalone basis or as part of a package.

Richard Young, Beazley’s head of hull and war, said: “Ship owners and operators are dealing with the increased threat of cyber-attack as well as the impact of human error and increasingly interlinked vessel operating technology and IT systems. Our preparation services reduce the risk of an incident occurring and the indemnity provides owners with clear cover and limits. Should the worst happen and a cyber incident impacts the smooth running of vessels, clients can be confident they are protected with affirmative cyber cover.”

BIMCO and INTERTANKO have jointly published Q&As addressing the contractual implications owners and charterers should keep in mind when chartering ships fitted with scrubbers. The Q&As highlight the key charter party clauses and concepts which should be reviewed for both time and voyage charter parties.

“We are pleased to have worked with BIMCO to provide advice and assistance for owners who have chosen this route to 2020 compliance. We will continue to develop the Q&As as experience of scrubber use develops,” said Michele White, General Counsel at INTERTANKO.

BIMCO’s Head of Contracts and Clauses, Grant Hunter, adds:

“We regularly receive questions about chartering issues relating to scrubber-fitted ships. These Q&As jointly produced with INTERTANKO will offer many useful answers as well as guidance.”

The Q&As consist of three parts. The first part deals with the implications of using scrubber-fitted ships under time charter parties, the second part deals with voyage charter parties and the third part addresses general considerations such as enforcement, fines and prohibition of open-loop scrubbers.

The main focus is on time charter parties as it is expected that this is where the use of a scrubber will have the greatest impact.

BIMCO and INTERTANKO have individually published clauses addressing the coming into force of MARPOL Annex VI Regulation 14 and 18 dealing with the reduction of sulphur oxide emissions from the current 3.50% m/m to 0.5% m/m. However, these clauses do not deal with the special operational, technical and commercial requirements of scrubbers installed on ships.

In early 2019, a BIMCO and INTERTANKO working group discussed whether there was a need for a dedicated “scrubber clause”. The working group concluded that, for the time being, no “scrubber clause” should be published. This is because the scrubber is, once installed, a “normal” piece of equipment and does not require any special status or special legal regime. The existing standard clauses (such as off-hire, drydocking and maintenance) will work in a time charter context in cases when the scrubber is not working.

The Q&A document is available to download from the BIMCO and INTERTANKO websites:

BIMCO: https://www.bimco.org/BIMCO-INTERTANKO-Scrubber-QA

INTERTANKO: https://www.intertanko.com/info-centre/intertanko-guidance

Overview

BIMCO’s Documentary Committee has agreed a new standard Cyber Security Clause that requires the parties to implement cyber security procedures and systems, to help reduce the risk of an incident and mitigate the consequences should a security breach occur.

In the wake of recent costly cyber security incidents involving large shipping companies, cyber security has become a major focus in the maritime industry.

BIMCO has taken a lead position on cyber security issues through its active role at the International Maritime Organization and by co-authoring the “Industry Guidelines on cyber security onboard ships”. The development of the BIMCO Cyber Security Clause has been an important part of this initiative.

The clause has been written by a small drafting team, led by Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm, and will be published towards the end of May.

“I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident,” says Inga Frøysa.

Sharing relevant information

The clause is drafted in broad and generic language which allows for it to be used in a wide range of contracts and in a string of contracts for easy back-to-back application. It is hoped that the clause will assist parties in obtaining affordable insurance for their cyber security exposure, as the clause introduces a cap on the liability for breaches.

“It was very important to the subcommittee to impose an obligation on the parties to keep each other informed if a cyber security incident should occur, and to share any relevant information, which could assist the other party in mitigating and resolving an incident as quickly as possible,” Frøysa says.

This is done through a two-fold notification process. Firstly, through an immediate notification from the party who becomes aware of an incident to the other party. Secondly, through a more detailed notification once the affected party has had the chance to investigate the incident.

The clause also requires the parties to always share subsequent information, which could assist the other party in mitigating or preventing any effects from the incident.

The level of required cyber security will depend on many elements such as the size of the company, its geographical location and nature of business.

The clause takes this into account by stipulating that the parties must implement “appropriate” cyber security. The clause also requires each party to use reasonable endeavors to ensure that any third-party providing services on its behalf in connection with the contract, has appropriate cyber security.

SOURCE BIMCO

Maritime cyber risk management: boiling the ocean or storm in a tea cup?

Is the shipping industry’s most valuable commodity also its biggest risk?

As one of the world’s oldest industries, the shipping industry has capitalised on its capability to move assets around the world for thousands of years. Whether for trade, military or tourism, there are more than 50,000 ships world-wide that currently navigate our waters and facilitate both thriving economies and promote nation state security.

Know your risks and implement security measures

Our recent maritime report has explored the cyber security challenges that the maritime industry is facing now and will likely face in the future. With the increasing trend of attackers turning their attention to ships and shipping operations, more needs to be done to identify cyber risks at sea and mitigate them – a method to begin this process is to perform a risk assessment. Traditionally, a business might perform a risk-assessment periodically, say on a yearly basis, to identify what security risks need addressing, and follow this with implementing the right measures to protect against these risks occurring.

But what happens when your risk profile is constantly changing? All variables such as a ship’s cargo, employees and geography can change drastically within 24 hours as a ship makes its journey across the world and participates in trading. The main inputs to assessing risk are therefore constantly changing, significantly more than your standard business who needs to implement cyber security measures – so how is it feasible to have confidence that ships are implementing the right security in such a unique situation?

What are the key changing risk factors?

We have identified the main factors impacting cyber security that are associated with the constant movement of trade ships as follows:

Route: A ship relies on multiple navigation technologies to get it safely from point A to point B without damaging it, its cargo or risking life onboard. But what if malware could ever so slightly change measurements over time, à la Stuxnet. This would have little impact in the Pacific; but in the Panama Strait it would be catastrophic and the perfect attack for criminals to launch in order to then loot a ship.
Cargo: A ship will be carrying multiple cargos of different market value during its route and over time. These cargos may also have different value to different territories and groups. Cargo systems can be compromised providing intelligence to criminals who can subsequently target specific cargo ships and resell on the black market. For example, pharmaceuticals would be an attractive target due their high value on the black market.
Piracy: There are certain areas of the world which may be at higher risk of attack from piracy, such as the seas that border Eastern Africa. Not only could the cargo training systems be tracked to identify when ships are carrying precious cargo like gold; we understand that pirates could also manipulate systems and spoof the position of ships in distress. This would result in a longer period of time for them to carry out their physical attacks.
Ports and business operations: Shipping staff may engage with multiple ports and succumb to various operational processes each time, notably payment and administration regarding docking. Threat groups have been known to track ships and spoof emails to shipping companies to request payment for their upcoming or previous docking. This has resulted in ships losing money as they have been unable to distinguish what is the legitimate process for these payments – made harder when a ship uses many ports over a short period of time.

READ FULL ARTICLE

Maritime Cybersecurity Operations Center opens in Singapore

The Maritime and Port Authority of Singapore (MPA) has opened a new Maritime Cybersecurity Operations Centre (MSOC), to provide early detection, monitoring, analysis and response to potential cyber-attacks on the port state’s critical maritime information infrastructure.

The MSOC will be operated by ST Engineering at its Singapore Hub, and will conduct 24/7 monitoring and correlate data activities across all maritime Critical Information Infrastructure (CII) systems.

MPA says that the facility will have the capability to detect and monitor cyber-attacks by analysing activities in the IT environment, recognise anomalies and threats, and then initiate a response using a range of technology systems.

Key data linkages will also be established between MSOC and Singapore’s Port Operations Control Centre, in order to respond to cyber incidents in a more collaborative manner.

“Cyber threats come in many forms and have been rising steadily across the globe. As the world’s busiest transhipment hub, it is important that we safeguard our maritime and port critical infrastructure to prevent a major disruption to port operations and delivery of services,” said Niam Chiang Meng, Chairman of the Maritime and Port Authority of Singapore (MPA).

In addition to setting up MSOC, MPA has also introduced other initiatives to strengthen the cybersecurity readiness of the maritime sector, having collaborated with the Singapore Shipping Association and Singapore Polytechnic to develop a new Maritime Cybersecurity (Intermediate) Training Course for maritime personnel.

The one-day course, to be rolled out in first half of next year, will be built upon an existing basic course to allow participants to further expand their knowledge of cyber risk management and counter-measures from a practitioner’s perspective.

Other new cyber initiatives include a Maritime Cybersecurity Research programme that has been created as a collaborative effort between MPA, the Singapore Maritime Institute and other local institutes of higher learning, which will focus on the protection of shipboard systems from cyber threats, and an expansion of the existing Port Authorities Roundtable initiative to encourage greater sharing of intelligence relating to maritime cybersecurity.

SOURCE FULL ARTICLE

Classification Society ClassNK has released its new Cyber Security Management System for Ships, providing guidance on implementing, maintaining, and continuously improving cyber security for companies and vessels.

The new release includes management measures to be followed to protect against cyber risks both in vessel operations and in the construction/design stage of ships, through Security by Design.

The standards were created with reference to the latest IACS recommendations and the ISO27001 (Information Security Management System) and ISO27002 (Code of practice for information security controls) global standards.

The new measures have been introduced with one eye on the recent changes to the ISM Code, which will recommend that cyber risks are included within a company’s safety management system from 2021.

The Cyber Security Management System is available for download free of charge via ClassNK’s website for those who have registered for the ClassNK ‘My Page’ service.

The South African Maritime Safety Authority (SAMSA) has recently published two Marine Notices:

a) No. 8 of 2019, to advise of the global implementation of the MARPOL Annex VI limit of 0.50 mass per cent concentration (0.50% m/m) sulphur content in fuel oil, for all ships, from 1 January 2020; and

b) No. 9 of 2019, which provides a standard format for reporting fuel oil non-availability as provided in regulation 18.2.4 of MARPOL Annex VI that may be used to document if a ship is unable to obtain compliant fuel oil.

The following points may be of particular interest to our members:

1. Ships installed with exhaust gas cleaning systems (scrubbers) can continue to burn high-sulphur bunker fuel from 2020 and comply with the 0.5% sulphur limit and until further notice South Africa accepts all types of approved scrubbers.
2. South Africa has no restrictions on ships using LNG or Marine Biofuels when entering South African waters.
3. The International Bunker Industry Association has expressed confidence that low sulphur fuel oil will be available in South African ports by 1 January 2020.
4. Ships will be required to either use Annex VI compliant fuel oil when operating within South African waters or to install and use scrubbers.
5. If a ship is found not to be in compliance with the standards for compliant fuel oils, SAMSA will be entitled to require the ship to:

◦ present a record of the actions taken to attempt to achieve compliance
◦ provide evidence that it attempted to purchase compliant fuel oil in accordance with its voyage plan, and if it was not available where planned, that attempts were made to locate alternative sources of such fuel oil, and that despite best efforts to obtain compliant fuel oil, no such fuel oil was available for purchase.

6. SAMSA may also verify compliance by any methods available to it including but not limited to sampling and analysing fuel oil from a ship’s fuel oil tanks and lines and sampling and analysing air emissions from a ship’s plume.
7. A ship is unable to procure compliant fuel oil prior to entering South African waters, the master must notify SAMSA and the vessel’s own Flag Administration.

Source: The Standard Club

Danish shipping authorities have adopted a Remotely Piloted Aircraft System (RPAS), which uses drones to detect emissions levels from ships.

The maritime emissions drone system, developed by the European Maritime Safety Agency (EMSA), is to be deployed along the Great Belt region where large tankers travel to and from the Baltic Sea. UAS Skeldar V-200 drones equipped with sulphur gas sensors, or “sniffers”, capable of detecting the sulphur emissions of individual vessels, will fly into ships’ exhaust plumes and transmit the resulting emissions data directly to the relevant authorities in Denmark. Where ships are found to have breached the EU’s maritime emissions regulations, the offence will be reported in THETIS-EU, EMSA’s port control information system.

The implementation of RPAS monitoring is expected to boost enforcement of the EU Sulphur Directive, which limits passenger vessels to fuels with a maximum sulphur content of 1.5 per cent. Since the Directive capped sulphur emissions from shipping, emissions around control regions have fallen by more than 50 per cent; with an average fuel compliance rate of 93 per cent. Enforcement of the Directive in Denmark is the duty of the Danish Environmental Protection Agency with the support of the Danish Maritime Authority, which shores up the agency’s work by conducting in-port ship inspections.

Along with the Fuel Sulphur Content sniffer system, the maritime emissions drone will be equipped with cameras capable of photographing vessels during daytime and at night; as well as an Automatic Identification System (AIS) receiver to enable the RPAS to identify and track offending ships. Authorities will be able to track the flight path of the drone in real time using EMSA’s RPAS data centre, which provides flight details, images, video and measurement data. EMSA has developed RPAS solutions to assist in maritime surveillance operations in a number of fields, including detection and prevention of illegal, unreported and unregulated fishing, drug trafficking and illegal immigration.

SOURCE FULL ARTICLE

As the maritime sector is being targeted by highly motivated cyber criminals, the shipping industry should be on the highest alert for a cyber attack, Itai Sela, CEO of cyber security specialist Naval Dome, said.

Speaking today at the Singapore Maritime Technology Conference (SMTC) 2019, organized by the Maritime and Port Authority of Singapore (MPA), Sela warned:

“Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

Sela’s warning follows widespread concern that the maritime industry remains vulnerable and is not doing enough to protect itself.

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”.

As stressed by Naval Dome CEO, the industry is not prepared for cyber attacks. Taking into account that shipping is a USD 4 trillion global industry transporting 80% of the world’s energy, commodities and goods, any activity that disrupts global trade would have far-reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat,” Sela commented.

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack.

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, recalling an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

As explained, the easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office.

“All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime. However, Naval Dome believes the best solution is based on technology that removes the human element altogether.

In his presentation to the Singapore maritime community, Sela suggested that a ship can be used as a very effective weapon to “create chaos and destruction” at the port.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level.”

Sela also said that a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether it’s infected or cyber clean.

“I strongly recommend that all port authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he concluded.

SOURCE

Tsakos Columbia Shipmanagement (TCM) has introduced electronic payment and phased out cash payment for its crew employed on vessels under its management.

Under an agreement with global maritime payments provider ShipMoney, the electronic payment solution means the seafarers will have control and access to their wages while onboard ships, including the timing and currency of remittances sent home.

The solution will also significantly reduce the need for large amounts of cash to be delivered to ships and eliminate the need for TCM to administer individual crew wire payments sent to home bank accounts.

ShipMoney is rolling out its service to 90 vessels consisting of tankers, containers, and dry bulk vessels following a successful trial.

“By introducing ShipMoney, we’ve been able to streamline the onboard crew payment process across the fleet by enhancing the safety in money transfer, reducing costs, saving time and providing a new benefit to our valued crewmembers and their families,” said Harry Katsipoulakis, cfo of TCM.

Stuart Ostrow, president of ShipMoney, commented: “One of the important benefits to the deal relates to foreign exchange, which is often a hidden cost for crew. The majority of today’s crew are contracted and paid in US dollars and most employers remit individual US dollar wire payments to individual seafarer bank accounts. If the seafarer’s home bank account is not denominated in dollars, then the receiving bank has complete control over the conversion from US dollars to the currency of the crew member’s account.”

Ostrow continued: “A 2017 World Bank study identified that banks are the most expensive option when converting currency with an average cost of approximately 11%. Mobile Money offered the least expensive option at less than 4%. Over the life of a crew member’s career, this differential could be substantial.

SOURCE

Newer Posts

Older Posts

IMO Archives - Page 23 of 25 - SHIP IP LTD

Beazley launches innovative affirmative marine cyber cover

BIMCO and INTERTANKO publish Q&As for scrubber-fitted ships

New Cyber Security Clause from BIMCO

Overview

Sharing relevant information