CYBER SECURITY Archives - Page 4 of 6 - SHIP IP LTD

ClassNK releases free cyber management system guidance

April 23, 2019 CYBER SECURITYIMOMARITIME CYBER SECURITYMaritime Safety News

Classification Society ClassNK has released its new Cyber Security Management System for Ships, providing guidance on implementing, maintaining, and continuously improving cyber security for companies and vessels.

The new release includes management measures to be followed to protect against cyber risks both in vessel operations and in the construction/design stage of ships, through Security by Design.

The standards were created with reference to the latest IACS recommendations and the ISO27001 (Information Security Management System) and ISO27002 (Code of practice for information security controls) global standards.

The new measures have been introduced with one eye on the recent changes to the ISM Code, which will recommend that cyber risks are included within a company’s safety management system from 2021.

The Cyber Security Management System is available for download free of charge via ClassNK’s website for those who have registered for the ClassNK ‘My Page’ service.

Electronic information exchange mandatory for ports from 8 April 2019 – FAL Convention

April 12, 2019 CYBER SECURITYIMO

FAL Convention

A mandatory requirement for national governments to introduce electronic information exchange between ships and ports comes into effect from 8 April 2019. The aim is to make cross-border trade simpler and the logistics chain more efficient, for the more than 10 billion tons of goods which are traded by sea annually across the globe.

The requirement, mandatory under IMO’s Convention on Facilitation of International Maritime Traffic (FAL Convention), is part of a package of amendments under the revised Annex to the FAL Convention, adopted in 2016.

“The new FAL Convention requirement for all Public Authorities to establish systems for the electronic exchange of information related to maritime transport marks a significant move in the maritime industry and ports towards a digital maritime world, reducing the administrative burden and increasing the efficiency of maritime trade and transport,” said IMO Secretary-General Kitack Lim.

The Facilitation Convention encourages use of a “single window” for data, to enable all the information required by public authorities in connection with the arrival, stay and departure of ships, persons and cargo, to be submitted via a single portal, without duplication.

The requirement for electronic data exchange comes into effect as IMO’s Facilitation Committee meets for its 43rd session (8-12 April). Alongside other agenda items, the Committee will continue its ongoing work on harmonization and standardization of electronic messages. Phase one of the review of the IMO Compendium on Facilitation and Electronic business, including the data elements of the FAL Convention is expected to be completed and the revised Guidelines for setting up a single window system in maritime transport are set to be approved.

The Committee will also receive an update on a successful IMO maritime single window project, implemented in Antigua and Barbuda, with Norway’s support. The source code developed for the system established in Antigua and Barbuda will be made available to other interested Member States. A presentation on the system will be made during the Facilitation Committee.

 

The FAL Convention

The main objective of the IMO’s Convention on Facilitation of International Maritime Traffic (FAL Convention), adopted in 1965, is to achieve the most efficient maritime transport as possible, looking for smooth transit in ports of ships, cargo and passengers.

The FAL Convention, which has 121 Contracting Governments, contains standards and recommended practices and rules for simplifying formalities, documentary requirements and procedures on ships’ arrival, stay and departure.

Under the FAL Committee, IMO has developed standardised FAL documentation for authorities and Governments to use, and the FAL Convention urges all stakeholders to make use of them.

 

The IMO Standardized Forms (FAL 1-7)
The Facilitation Convention (Standard 2.1) lists the documents which public authorities can demand of a ship and recommends the maximum information and number of copies which should be required. IMO has developed Standardized Forms for seven of these documents.

They are the:

  • IMO General Declaration
  • Cargo Declaration
  • Ship’s Stores Declaration
  • Crew’s Effects Declaration
  • Crew List· Passenger List
  • Dangerous Goods

Five other documents are required, on security, on wastes from ships, on advance electronic cargo information for customs risk assessment purposes, and two additional ones under the Universal Postal Convention and the International Health Regulations.

Under the requirement for electronic data exchange, all national authorities should now have provision for electronic exchange of this information.

 

SOURCE IMO

Blockchain at sea: How technology is transforming the maritime industry

February 20, 2019 CYBER SECURITYMARITIME CYBER SECURITY


Maritime blockchain solutions have the potential to greatly improve efficiencies in shipping and bring this industry into the 21st century


Shipping is the engine of the global economy, making up some 90% of world trade. That’s not easy to express in monetary terms, although experts estimate it at over $10 trillion a year. Maritime blockchain could transform this industry and bring multiple benefits to importers, exporters, transporters, ship owners, and even governments.

Blockchain at sea: How technology is transforming the maritime industry !

Blockchain technology has the potential to revolutionise the maritime industry and bring it into the 21st century. This complex ecosystem could greatly benefit from a robust digital platform to exchange data in real time.  

In fact, the industry has been testing maritime blockchain applications since 2017. Some of the most important shipping companies, such as Maersk, Hyundai Merchant Marine, and Maritime Silk Road Platform, have teamed up with tech giants to create blockchain shipping systems to streamline maritime logistics.

Maritime blockchain speeds up document flows

One of the main benefits of introducing blockchain to the maritime industry is cutting down bureaucracy. For international shipments, companies and customs officials are forced to fill out over 20 different types of documents (most of them paper-based) to move goods from exporter to importer.

Most of these documents fail to provide real-time visibility and data quality, which often causes setbacks in financial settlements. These types of delays and inefficiencies are hard to accept in a data-driven, digital world.

An international consortium of shipping companies and European customs has tested a blockchain solution that eliminates printed shipping documents from the process. Not only did blockchain speed up operations, but this pilot proved how organisations in the maritime industry can save hundreds of millions of dollars annually.

Blockchain not only makes cargo checks faster, it also minimises the risk of penalties for customs compliance that are levied on customers.

The maritime industry can also benefit from predictive analytics

Big data is having a huge impact on the industry, thanks to its potential to optimise operations, improve cybersecurity, and increase the overall efficiency of the supply chain.  

However, data alone can’t change the way the maritime industry works. Companies, ports, and governments need to analyse the information to reap real benefits from the findings. This industry generates about 100-120 million data points every day. It was impossible for existing technologies to gather and analyse this amount of data efficiently.

Blockchain can help by placing the crucial data in one place and creating a unique platform for solution providers, ports, and agents that operate along the supply chain.

By tracking cargo in real time using blockchain technology, shipping companies and ports can plan land procedures ahead of time, speeding up terminal works and cutting down costs. They can also use data to make educated predictions that enhance their operations and increase efficiency.

Maritime blockchain increases trading safety and transparency

The maritime industry includes multiple parties. Most of these communicate through lengthy paper chains, making it impossible to track shipments currently. This, combined with high transaction volumes, leads to little or no transparency in most processes.

Blockchains can secure the integrity of any record, reducing the risk of damaged or missing shipments. By replacing the old paper system, all parties involved have access to information, making it easier to plan operations efficiently and save on costs.

The information stored in the blockchains is impossible to delete or edit without leaving traces, so this transparency also increases security.

It reduces data entry errors and can improve fraud detection. Maersk’s collaboration with IBM, for example, also stipulates the development of means to streamline customs and security inspections, as well as tracking shipping containers for commercial purposes.

Maritime blockchain and cost efficiency

The blockchain-based Bill of Lading created by Maersk and IBM showed in early tests that administrative costs could be reduced by as much as 15% of the value of shipped goods, thanks to tracking shipping containers and eliminating paper documents.

It may seem like a small percentage, but that could create savings of $1.5 trillion globally.

Besides costs related to documentation, companies can also significantly reduce expenses caused by data entry errors, procedural delays, and discrepancies.

Blockchain technology is transforming the maritime industry

The maritime industry is still struggling with high costs and a high level of pollution. Blockchain technology can help with both issues, by cutting down administrative costs and providing environment-friendly solutions. All while protecting the industry against cybercrime and piracy, and ensuring a fairer deal for all parties involved.

SOURCE READ FULL ARTICLE

Maritime cybersecurity -Global shipping makes the connection on Cyber Security

February 15, 2019 CYBER SECURITY

Maritime cybersecurity

The emerging risk associated with cyber threat requires not only better training for seafarers, but also spreading awareness of best cyber security practices, argued Peter Broadhurst, Senior VP of Safety and Security, Inmarsat Maritime, adding that there is still ‘a long way to go’ when it comes to effective cyber protection.

Whether in pursuit of personal data or money, cyber crime is now a big and highly automated business, ready to strike at the most vulnerable part of an organisation’s defences 24/7, anywhere in the world.

Speaking on a panel at the World Economic Forum earlier this year, A.P. Møller-Maersk Chairman Jim Hagemann Snabe revealed that responding to the NotPetya ransomware attack of June 2017 had required the reinstallation of 4,000 new servers, 45,000 new PCs, and 2,500 applications, all within ten days. During this period, the company reverted to manual systems.

In hitting a company equipped with experienced cyber security specialists, NotPetya showed that the cyber threat is as real for shipping as it is for any other connected business, especially where legacy systems proliferate.

If the warning should be sinking in, an Inmarsat Research Programme report, The Industrial IoT on land and at sea (2018) suggests that maritime minds are slow to change. The unique study drew on testimony from 750 survey respondents across a range of industries to establish preparedness and perceptions regarding the adoption of IoT-based solutions.

The survey found 87% of maritime respondents saying they believed that their cyber security arrangements could be improved. It also saw more of them identifying data storage methods (55%), poor network security (50%) and potential mishandling/misuse of data (44%) as likely to lead to breaches in cybersecurity than outright cyberattack (39%).

Given the self-diagnosis, it is perhaps surprising to find that only 25% of maritime respondents said they were working on new IoT-based security policies.

In fact, Inmarsat’s research exposed ambivalence as one of shipping’s leading feelings towards IoT-based solutions. With some owners engaging at the level of blockchain, others take their lead from their need to comply with regulation: this is an industry which simultaneously sustains just over 30% of shipping respondents as ‘IoT leaders’ and just under 30% as ‘IoT laggards’, the report says. For every owner signed up to the benefits of condition-based monitoring and predictive maintenance based on real-time connectivity, there appears to be another for whom maintenance is something that takes place at regular and predictable intervals, or whenever is most convenient.

Inconsistent views on cyber security also appear free to coexist with immature ones. Around 70% of respondents identify reducing  marine insurance premiums as a main driver for IoT uptake, where insurers have shown themselves as especially sensitive to cyber threats. At the same time, other studies have found attitudes such as “I’m not the target /we have security in place, don’t we?/I will be protected by AntiVirus” alive and well among seafarers.

For those prepared to engage in the IoT, ships today sustain crews in small numbers, representing both an opportunity and challenge for automation, and indeed for cyber security. On the one hand, low crew numbers align strongly with operational technology that is remotely updated, self-managing and supported by automated security and from third parties and OEMs, such as voyage planning, weather routing, navigation, fuel management, etc. On the other hand, the opportunities to ‘patch’ embedded operational technologies (OT) safely are not frequent, and patches usually require certification by control system manufacturers.

The broader point, though, is that cyber security is not just about software patching and systems configuration. Ship operators do not buy computer processors, disk storage and software and then build them into a system: they procure turnkey systems. Again, shipboard engineers may well be IT-literate, but no space has been made on the crew roster for cybersecurity specialists.

In these circumstances, the integrity of the systems on ships is best maintained by software which can identify, contain and resolve threats wherever they appear in the network. Such Unified Threat Management (UTM) detects all deviations from the ‘known good’ configuration as anomalies and potential threats to security and can update securely, even during operation. Some specialist functions such as a deep analysis of alerts or security forensics will need to be delivered remotely.

Inmarsat believes that a collaborative approach – that includes shipboard systems, but also the crew operating them and the processes involved – is vital to develop the maturity response demanded by multiple threats from cyber villains, whatever their origin. For this reason, we have been working with some of the best security-focused experts available to tailor products and services to meet shipping’s requirement.

As noted, however, software is only part of the answer: cyber security and vigilance for ‘the human element’ and a well thought-out recovery strategy to mitigate against multiple, automated assaults are also critical. Failures in processes and mistakes by people can present the security loophole that, if unchecked by the UTM, compromise the entire network.

Weaknesses at the first line of defence (to phishing, plugging infected USB in, downloading from untrusted source etc.) are common but, in the case of satellite-connected ships, it is also common to see updates turned off and no AV software in operation. Today, cyber security training is not compulsory for the world’s 1.6 million seafarers, while expertise in antivirus software is inevitably more likely to be based ashore.

As far as awareness is concerned, it is fair to say that there is likely to be more temptation to risk plugging in a memory stick that might be infected once a vessel is under way. Creating awareness for seafarers and staff is a continuous task because good cybersecurity practice is shipping’s first line of defence against ‘attack’.

Inmarsat recently participated in discussions with academics at the World Maritime University in Malmö over what future classroom-based and e-learning cyber security course content might include for Maritime Safety and Security Diploma students.

Inmarsat is not and does not aspire to be a training company, but it is an interested party. As such, we are fully aware that training is not just a tick box exercise and must be backed up with monitoring and reinforcement. We also know that using tools to identify breaches of policies such as USB usage help reinforce the message: constant reminders and real-life examples are often the quickest ways to stop bad practice.

But to address the cyber security risks of the future effectively, we need the involvement of ship designers, builders, regulators, verifiers, equipment manufacturers, service providers and, of course owners and operators. We were therefore one of the founding partners in a Joint Working Group run by the International Association of Classification Societies (IACS) whose members survey and certificate more than 90% of the world’s commercial vessels, ensuring that ships are fit-for-purpose and comply with safety and quality regulations.

source read full article

BIMCO : The Guidelines on Cyber Security Onboard Ships Version 3

December 24, 2018 BIMCOCYBER SECURITY

BIMCO : The Guidelines on Cyber Security Onboard Ships

Cyber threats are constantly evolving which requires a regular review of all cyber related processes on board ships to allow for successful protection against cyber attacks. We are pleased to announce that today various maritime industry organisations published a revised third version of the “Guidelines on Cyber Security onboard Ships”. The document provides guidance to shipowners and operators on how to assess their operations and develop procedures to strengthen cyber resilience on board their ships. The Guidelines will continue to be updated regularly to mirror the evolution of cyber security threats and to outline new measures to mitigate against dynamic cyber risks.

Key updates in Version 3.0 include:

  • the requirement to incorporate cyber risks in the ship’s safety management system (SMS);
  • more detailed information related to the risk assessments of operational technology (OT);
  • increased guidance for dealing with the risks in the ship’s supply chain;
  • cases studies of verified cyber incidents onboard ships to highlight and illustrate potential problems.

Version 3.0 of the Guidelines can be downloaded HERE

Icon

BIMCO Version 3.0 of the Guidelines

1 file(s) 2.91 MB
Download

BIMCO aims to publish cyber security clause in spring 2019

December 24, 2018 BIMCOCYBER SECURITYRegulation

BIMCO aims to publish cyber security clause in spring 2019

Overview

BIMCO is developing a clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

Planning and protecting is key

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

Two important functions

The clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.

More attention needs to be paid to cyber threats against ports and shipping

November 4, 2018 CYBER SECURITY

cyber threats against ports.

Brigadier General Gholam Reza Jalali, head of Passive Defence Organisation of Iran, has said more attention needs to be paid to cyber threats against commercial ports and shipping, insisting that this is a real area of concern.

Iran Press / Iran news: According to an Iran Press report, in an exclusive interview on Sunday, Brigadier General Jalali said: “Cyber threats which impact our ports and maritime operations are a critical issue which must be discussed, and we must be payed great attention to this issue.”

He added: “Cyber threats can be divided into three categories. The first one is, the probable extension of sanctions to cover the realm of infrastructure and cyberspace. The other one is, penetration and a cyber-attack on our maritime infrastructures. There have been significant joint efforts which have been carried out by the “Passive defence” and “Port and Maritime” Organisations and with decent structures regarding cyber defense and passive defense, we can jointly strengthen our infrastructure against cyber-threats.”

In further remarks, the head of the Passive Defence Organisation of Iran said: “In fact, to deal with this issue, we devised and prepared five guidelines or instructions, which are:

(1) An Emergency Response Project which is currently being  implemented.

(2)  Emergency security of Cyber Infrastructures.

(3) Protection of our computer systems and immunizing against a cyber-attack, which means security in the long term.

(4) Information Retrieval when a cyber-attack does take place.

(5) Cyber Preparedness and simulating a cyber-attack.”

 

SOURCE READ FULL ARTICLE

Maritime Industry Not Cyber-Ready

November 2, 2018 CYBER SECURITY

by Eric Holdeman / November 1, 2018 – READ FULL ARTICLE CLICK HERE

Maritime Industry Not Cyber-Ready

Maritime Industry Not Cyber-Ready, I had the opportunity to observe the maritime industry up close when I was director of security for the Port of Tacoma (almost six years ago). My observation then was that the people who make up the industry have never thought of themselves as technology companies or even being attuned to what technology can do for their businesses. A telling comment came from the deputy director at the port. Apple iPads had recently been fielded (2010) and I suggested purchasing an iPad for each of the port’s elected commissioners. His reply went something like, “Here in the maritime industry we are not oriented on technology, nor progressive in that area.” This from a top 10 port. There are many more small companies that move goods, have trucks, drivers, etc., and really don’t understand their vulnerability. See the article below for survey results of the industry.

Homeland Security Today: Survey Finds U.S. Maritime Industry Unprepared for Cyber Attacks 

Rapidly evolving technologies deployed throughout the U.S. maritime industry to increase efficiency and competitiveness present significant cybersecurity risks that the industry is unprepared to shoulder, according to the Jones Walker LLP Maritime Cybersecurity Survey.

The law firm’s survey reflects the responses of 126 senior executives, chief information and technology officers, non-executive security and compliance leaders, and key managers from U.S. maritime companies.

The respondents represent key sectors in the maritime industry and include professionals from small, mid-size, and large companies.

The survey found that nearly 80% of large U.S. maritime industry companies (those with more than 400 employees) and 38% of all industry respondents reported that cyber attackers targeted their companies within the past year. Ten percent of survey respondents reported that the data breach was successful, while 28% reported a thwarted attempt.

Small and mid-size companies are far less prepared than larger companies to respond to a cybersecurity breach. All respondents from large organizations indicated they are prepared to prevent a data breach, while only 6% of small company (1 to 49 employees) respondents and 19% of mid-size company (50 to 400 employees) respondents indicated preparedness.

The survey discovered that many small and mid-size companies lack even the most fundamental protections, exposing them to huge potential losses. 92% of small company and 69% of mid-size company respondents confirmed they have no cyber insurance.

In contrast, 97% of large company respondents have cyber insurance coverage.

Less than 15% of companies are using multi-factor authentication for remote access, or providing off-site backups in physically secure locations. 60% said they are unprepared to deal with negative public opinion, blog posts, and media reports after a data breach; 49% are unprepared to minimize the loss of customers’ and business partners’ trust and confidence after a data breach; 70% are unprepared to respond to a data breach involving business confidential information and intellectual property; and 70% are unprepared to respond to the theft of sensitive and confidential information that requires notification to victims and regulators.

The majority of respondents (69%) expressed confidence in the maritime industry’s cybersecurity readiness, while a minority (36%) believe that their own companies are prepared. Lee says there is a real disconnect between how stakeholders view the maritime industry’s overall preparedness level versus how they see their own shops. “By and large, they view the industry as prepared, but their own companies as unprepared. That is like saying that my neighborhood is safe, but my house is a hotbed of crime,” he said. “What I take away from this is that the respondents are likely wrong about the industry, and right about their own companies.”

Maritime Cyber attack – Ferry Builder Austal Hit by Cyberattack

November 2, 2018 CYBER SECURITYMARITIME CYBER SECURITY

Maritime Cyber attack !

Australian ferry and defense shipbuilder Austal reported Thursday that it has been hit by a cyberattack. An unknown offender managed to steal internal data, including some staff contact information and unspecified data affecting a “small number of stakeholders.” The firm emphasized that its ship design drawings for vendors and customers are neither sensitive nor classified, without specifying whether any drawings may have been taken.

Austal said that the attacker attempted to engage in extortion using the stolen information and tried to sell it online. In line with its company policy, Austal did not respond to extortion offers, the firm said.

The firm, which builds the U.S. Navy’s Independence-class Littoral Combat Ship and the Expeditionary Fast Transport, said that there were no indications that the data breach had national security implications. “Austal’s business in the United States is unaffected by this issue as the computer systems are not linked,” the company said.

The Australian Cyber Security Centre and the Australian Federal Police are investigating the attack, and the Australian Department of Defence is providing technical assistance. “This incident reinforces the serious nature of the cyber security threat faced by defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences,” said the Department of Defence in a statement. Austal holds the contract to build and maintain two patrol boat classes for Australian military and government operators.

Austal said that the attack had no effect on its day-to-day operations, and that its data systems have been secured and brought fully back online.

Source – Read full article

IACS Publishes Cyber Safety Recommendations

October 2, 2018 CYBER SECURITYRegulationTMSA 3

The International Association of Classification Societies (IACS) has published nine of its 12 recommendations on cyber safety for ships.

IACS initially addressed the subject of software quality with the publication of UR E22 in 2006.  Recognizing the huge increase in the use of onboard cyber-systems since that time, IACS has developed this new series of recommendations with a view to reflecting the resilience requirements of a ship with many more interdependencies. They address the need for:

•     A more complete understanding of the interplay between ship’s systems
•     Protection from events beyond software errors
•     In the event that protection failed, the need for an appropriate response and ultimately recovery.
•     In order that the appropriate response could be put in place, a means of detection is required.

Noting the challenge of bringing traditional technical assurance processes to bear against new and unfamiliar technologies, IACS has launched the recommendations in the expectation that they will rapidly evolve as a result of the experience gained from their practical implementation. So, as an interim solution, they will be subject to amalgamation and consolidation.

More than 90 percent of the world’s cargo carrying tonnage is covered by the classification design, construction and through-life compliance rules and standards set by the 12 member societies of IACS.

The 12 Recommendations are:

Recommended procedures for software maintenance of shipboard equipment and systems (published)

Shipboard equipment and associated integrated systems to which these procedures apply can include:
– Bridge systems;
– Cargo handling and management systems;
– Propulsion and machinery management and power control systems;
– Access control systems;
– Ballast water control system;
– Communication systems; and
– Safety system.

Recommendation concerning manual / local control capabilities for software dependent machinery systems (published)

IMO requires through SOLAS that local control of essential machinery shall be available in case of failure in the remote (and for unattended machinery spaces, also automatic) control systems. For traditional mechanical propulsion machinery, this design principle is well established. The same design requirement applies to computerized propulsion machinery, i.e. complex computer based systems with unclear boundaries and with functions maintained in the different components.

Contingency plan for onboard computer based systems (published)

Computer based systems are vulnerable to a variety of failures such as software malfunction, hardware failure and other cyber incidents. It is not possible for all failure risks to be eliminated so residual risks always remain. In addition, a limited understanding of the operation of complex computer based systems together with fewer opportunities for manual operation can lead to crews being ill-prepared to use their initiative to responding effectively during a failure.

IMO and Classification Society rules contain many context specific examples of requirements for independent or local control in order to provide the crew with the means to operate the vessel in emergencies or following equipment failures. These requirements have generally been introduced when automation or remote control is introduced to individual pieces of equipment or functions and address concerns regarding its possible failure of the new features. The introduction of technologies which integrate different vessel’s functions creates the opportunity for two or more systems to be impacted by a single failure simultaneously.

Where, due to high computer dependence, manual operation is no longer practical or where the number of systems simultaneously affected is too high for manual operation to be practical with existing crew levels then the value of local control as a form of reassurance is limited, however the crew will still need to be provided with practical options to try to manage threats to human safety, safety of the vessel and/or threat to the environment.

If the practical options are not considered during the design and installed during construction of the vessel then the vessel and its crew could be, due to the introduction of new technologies, exposed to risks which they cannot manage.

Practical options could include limiting the extent of potential damage so that manual control is still achievable or providing backup systems which could be used in a worst case systems failure. Whatever form of contingency is provided to address failures it is important that it is well documented, tested and that the crew is aware and trained.

Requirements related to preventive means, independent mitigation means, engineered backups, redundancy, reinstatement etc. are dealt with in the other relevant recommendations.

Network Architecture (published)

Ship control networks have evolved from simple stand-alone systems to integrated systems over the years and the demand for ship to shore remote connectivity for maintenance, remote monitoring is increasing.

Incorporation of Ethernet technology has resulted in a growing similarity between the once disconnected fieldbus and Internet technologies. This has given rise to new terms such as industrial control networking, which encompasses not only the functions and requirements of conventional fieldbus, but also the additional functions and requirements that Ethernet-based systems present.

The objective of the present recommendation is to develop broad guidelines on ship board network architecture. The recommendation broadly covers various aspects from design to installation phases which should be addressed by the Supplier, system integrator and yard.

Data Assurance (published)

Regulation strongly focuses on system hardware and software development, however, data related aspects are poorly covered comparatively. Data available on ships has become very complex and in a large volume, meaning a user is unlikely to spot an error and it would be unreasonable to expect them to do so. Cyber systems depend not only on hardware and software, but also on the data they generate, process, store and transmit. These systems are also becoming more data intensive and data centric, often used as decision support and advisory systems and for remote digital communication.

Data Assurance may be intended as the activity, or set of activities, aimed at enforcing the security of data generated, processed, transferred and stored in the operation of computer based systems on board ships. Security of data includes confidentiality, integrity and availability; the scope of application of Data Assurance covers data whose lifecycle is entirely within on board computer based system, as well as data exchanged with shore systems connected to the on board networks.

Physical Security of onboard computer based systems (to be published Q4, 2018)

Network Security of onboard computer based systems (published)

Network security of onboard computer-based systems consists in taking physical, organizational, procedural and technical measures to make the network infrastructure connecting Information Technology and/or Operational Technology systems resilient to unauthorized access, misuse, malfunction, modification, destruction or improper disclosure, thereby ensuring that such systems perform their intended functions within a secure environment.

Vessel System Design (to be published Q4, 2018)

Inventory List of computer based systems (published)

For effective assessment and control of the cyber systems on board, an inventory of all of the vessel’s equipment and computer based systems should be created during the vessel’s design and construction and updated during the life of the ship: tracking the software and hardware modifications inside ship computer based systems enables to check that new vulnerabilities and dependencies have not occurred or have been treated appropriately to mitigate the risk related to their possible exploitation.

Integration (published)

Integration refers to an organized combination of computer-based systems, which are interconnected in order to allow communication and cooperation between computer subsystems e.g. monitoring, control, Vessel management, etc.

Integration of otherwise independent systems increases the possibility that the systems responsible for safety functions can be subject to cyber events including external cyberattacks and failures caused by unintentionally introduced malware. Systems which are not directly responsible for safety, if not properly separated from essential systems or not properly secured and monitored in an integrated system, can introduce routes for intrusion or cause unintended damage of important systems. It is necessary to have a record and an understanding of the extent of integration of vessels’ systems and for them to be arranged with sufficient redundancy and segregation as part of an overall strategy aimed at preventing the complete loss of ship’s essential functions.

Remote Update / Access (published)

Information and communications technology (ICT) is revolutionizing shipping, bringing with it a new era – the ‘cyber-enabled’ ship. Many ICT systems on-board ships connect to remote services and systems on shore for monitoring of systems, diagnosis and remote maintenance, creating an extra level of complexity and risk. ICT systems have the potential to enhance safety, reliability and business performance, but there are numerous risks that need to be identified, understood and mitigated to make sure that technologies are safely integrated into ship design and operations.

Communication and Interfaces (to be published Q4, 2018)

Newer Posts

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com