CYBER SECURITY Archives - Page 5 of 6 - SHIP IP LTD

Are the maritime industries ready to embrace Smart Shipping? – You decide

September 20, 2018 CYBER SECURITYMaritime Safety News

Are the maritime industries about to be revolutionised by smart shipping or is the sector not yet ready for the fourth industrial revolution? It is a highly emotive subject and the Parliamentary Debate at Seatrade Maritime Middle East will see six leading industry executives, all with strong opinions debate the motion: “This House believes the shipping industry is not yet ready to embrace smart shipping”.

On the one hand Smart Shipping has the potential to transform the fundamentals of ship operation, with digital technology and big data driving radical new solutions up to and including autonomous ships.

But on the other what does the industry actually want from these new technologies, how real are the efficiencies they offer and what changes to the regulatory framework would be needed prior to significant implementation?

The Parliamentary Debate held on 29 October at Seatrade Maritime Middle East in Dubai will be chaired by leading maritime lawyer Jasamin Fichte, Managing Partner of Fichte & Co.

Speaking for the motion are: Khalid Hashim, Managing Director, Precious Shipping, Ali Shehab Ahmad, Deputy Chief Executive Officer, Kuwait Oil Tanker Company (KOTC) and Captain David Stockley, Chief Operating Officer, Oman Ship Management Company.

On the side against the motion are: René Kofod-Olsen, Chief Executive Officer, Topaz Energy and Marine, Oskar Levander, Senior Vice President Concepts & Innovation, Rolls Royce Marine, and Ronald Spithout, President, Inmarsat Maritime.

So is the industry ready or not to embrace smart shipping? There is only one way to find out – attend the debate, listen to the arguments, and then as the parliamentarians (audience) you vote on which side wins the debate.

ARTICLE SOURCE CLICK LINK

Release of the seventh edition of the SIRE Vessel Inspection Questionnaire (VIQ7): 17 September 2018

September 13, 2018 CYBER SECURITYMARITIME CYBER SECURITYTMSA 3

OCIMF is pleased to announce the release of the seventh edition of the SIRE Vessel Inspection Questionnaire (VIQ7).

This edition has undergone an extensive revision process which has brought the VIQ up-to-date with respect to changes in legislation and best practices. The SIRE Focus Group, which has led the work on the revision of this document, has examined the questions to determine whether these continue to remain relevant and has reduced the overall set of questions by up to 90 questions.

The section on Structural Condition in the existing VIQ6 (Chapter 7) has been reduced and merged with Chapter 2. A new chapter (Chapter 7) has been developed to cover Maritime Security which has 21 new questions covering Policies and Procedures, Equipment and Cyber Security.

The section on Mooring (Chapter 9) has been significantly reviewed to incorporate the revisions and best practices that will be introduced in the Mooring Equipment Guidelines, Fourth Edition (MEG4). Operators will be encouraged to align their procedures and equipment with the guidance provided in MEG4 as soon as possible.

The existing chapter on Communications (Chapter 10) has been reduced and merged with Chapter 4, which is now a section on Navigation and Communications.

A set of 10 questions on LNG Bunkering has been added to the section on Engine and Safety Compartments (Chapter 10). These questions have been developed in conjunction with advice and guidance from SIGTTO and SGMF.

The following templates within the seventh edition of the SIRE Vessel Inspection Questionnaires (VIQ7) are now available to integrators upon the OCIMF Staging environment and will be released to the Production environment on the 17September 2018.

  • Template 4401 – VIQ7 (Petroleum)
  • Template 4402 – VIQ7 (Chemical)
  • Template 4403 – VIQ7 (LPG)
  • Template 4404 – VIQ7 (LNG)

 

Icon

Release of the seventh edition of the SIRE Vessel Inspection Questionnaire (VIQ7): 17 September 2018

1 file(s) 4.00 KB
Download

maritime cyber security ECDIS will be at the heart of autonomous shipping

July 7, 2018 CYBER SECURITYECDISMARITIME CYBER SECURITY

maritime cyber security Kongsberg Maritime director of autonomy Peter Due explains why e-navigation and technology developed for the Yara Birkeland project will enable a future of autonomous shipping

ECDIS and e-navigation will be essential for generations of future autonomous ships. Although the first unmanned ships will be remotely controlled and operating in coastal waters, in the long term there will be ocean-going autonomous ships, with e-navigation technology monitoring their progress onshore.

IMO placed ocean-going autonomous vessels firmly on the global agenda during the Maritime Safety Committee (MSC) 99 session in May this year, by implementing a working group to conduct a regulatory scoping exercise for using MASS (Maritime Autonomous Surface Ships)*.

Kongsberg Maritime will be part of that working group and will deliver technology to the world’s first all-electric, zero emissions and autonomous container vessel, Yara Birkeland. This ship is scheduled to transport fertiliser products along a 30 nautical mile route to the ports of Brevik and Larvik next year and by 2020 is likely to be unmanned.

Kongsberg Maritime director of autonomy Peter Due said new navigation and collision avoidance systems that centre on e-navigation technology were needed for this project, as Yara Birkeland will operate on a busy waterway.

Kongsberg drew on its experience in autonomous underwater vehicles, dynamic positioning, ECDIS and sensor fusion as a foundation for autonomous navigation. But Mr Due explained to Marine Electronics & Communications that more development was required. “Harmonising with artificial intelligence, machine learning and digital twin technology enables the extreme level of safety required,” he said.

Mr Due said Yara Birkeland’s operations will be planned, pretested and optimised in the cloud using the Kognifai digital platform and its digital twin that Kongsberg generated. This includes navigation in different metocean conditions.

“The twin integrates all data including weather, currents, tides and temperature with a detailed physical ship model,” said Mr Due. “We can then decide the optimum route and simply transfer it to the ship’s autonomy engine, navigation systems and ECDIS when it is in port,” he continued.

“Once the ship sets off, sensor fusion comes into play, enabling the autonomy engine, working with the onboard digital twin and e-navigation systems to adjust and reroute at sea according to the going conditions and other vessels in the vicinity.”

It is this dynamism a fully autonomous navigation system requires that led to the establishment of the Hull to Hull (H2H) EU-funded research project. This will develop technical solutions for safer navigation in close proximity of other stationary or moving vessels and objects.

H2H will use the European Global Navigation Satellite System to enhance safety in busy waters and during close manoeuvring. “This will help mariners to make the correct navigation decisions and will create the fundamental conditions for autonomous vessel navigation,” said Mr Due. Data can be used as an input to an autonomy controller.

Navigational safety is essential if the benefits of MASS are ever to be truly realised”

Ensuring e-navigation and collision avoidance technology works correctly will be fundamental to autonomous shipping. “Navigational safety is essential if the benefits of MASS are ever to be truly realised,” said Mr Due.

SOURCE READ FULL ARTICLE

Maritime GDPR – General Data Protection Regulation Implementation

May 25, 2018 CYBER SECURITYGDPRGENERAL DATA PROTECTION REGULATION

Maritime GDPR – General Data Protection Regulation Implementation

The EU General Data Protection Regulation (GDPR)

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes all EU member states’ current national data protection laws. Significant and wide-reaching in scope, the Regulation brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of obligations on organisations to be more accountable for data protection.Maritime GDPR – General Data Protection Regulation Implementation!

Deadline for compliance: 25 May 2018

Penalties

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

Who is impacted?

The GDPR applies to controllers and processors that are handling the personal data of European individuals. Perhaps one of the most important things to note is that this new regulation applies to ALL organisations collecting and processing personal data of individuals residing in the EU, regardless of the company’s physical location.

All maritime companies need to be in compliance by the deadline of enforcement / SHIP IP LTD can assist you STEP BY STEP and  prepare an organization to be compliant with the GDPR, update your SMS provide you policies and all tools required !

FAQ

How we get started ?

Please complete simple form below so we can understand your company’s size and resources required to be reviewed .

Our consulting team will get in contact with you soon to arrange a web conference and discuss next steps.

How much it costs ?

That depends the size of your company / number of people involved and our findings after our initial GAP analysis .

How much time required until implementation ?

Usually between 4-8 weeks – We suggest you that the person really knows your internal workflow and data structure to be in direct contact with our team so we can reduce implementation time to minimum.

Do we need a DPO (Data Protection Officer) ?

YES you need for sure ! at least the first two years so people can be trained and be mature with the new regulation.

SHIP IP LTD offers outsourced DPO service with an agreed annual FEE – So we actually can follow up and ensure implementation after we complete relevant consulting . Our DPO is certified by TUV Austria

What Documentation will be provided ?

40+ policies, procedures, controls, checklists, tools, presentations and other useful documentation , sample list below not limited :

  • Data protection policy
  • Training policy
  • Information security policy
  • Data protection impact assessment procedure
  • Retention of records procedure
  • Subject access request form and procedure
  • Privacy procedure
  • International data transfer procedure
  • Data portability procedure
  • Data protection officer (DPO) job description
  • Complaints procedure
  • Audit checklist for compliance
  • Privacy notice

 

SHIP IP LTD will help you from initial steps until implementation and auditing to ensure continues auditing !

Get in contact with us TODAY !

Error: Contact form not found.

 

TMSA 3 calls for improved practices

May 15, 2018 CYBER SECURITYMARITIME CYBER SECURITYTMSA 3

TMSA 3, From January 2018, tanker operators are required to use TMSA3 to monitor and improve performance. In comparison with TMSA2, the new edition of TMSA is more extended in length and presents new challenges to ship operators with the introduction of new requirements.

It is noticeable that for the first time, this self-assessment tool for oil tankers introduces maritime security as Element 13 referring also to cyber security.

Cyber security is currently one of the most discussed topics on the industry and many considerable efforts have been made so far to mitigate threats. Thus, TMSA 3 aims to establish procedures in order to respond to industry’s needs.

‘’For the first time, TMSA introduces maritime security as Element 13 including cyber security’’

Also it features an expanded best practice guidance to complement the KPIs and enhanced guidelines for risk assessment, auditing and review ashore and onboard along with guidance for all related tools to be employed.

Other major changes introduced are the expansion of Element 6 on Cargo, Ballast, Tank Cleaning, Bunkering, Mooring & Anchoring Operations, and an updated Element 10 combining Environmental and Energy Management.

In the latest edition, special focus has been given on the continuous improvement cycle by taking into consideration additional KPIs towards effective performance management. Specifically, TMSA3 introduces 85 new KPIs in total. In this context, 25 KPIs have moved to a lower level and there are indexes concerning customer focus, leadership and engagement of people.

On the whole, the TMSA3 addresses issues regarding performance management. The method that a shipping company uses to measure performance is a prominent topic for discussion within the maritime industry. The new edition makes an effort to overhaul the process, not only with the streamline of KPIs but also with the introduction of non-financial measurements and the assessment of soft skills.

Furthermore, TMSA3 introduces a different approach by focusing on the human element and behavioral safety suggesting that crew competence is the tool for crew retention and development.

TMSA 3 at a glance

Expanded best practice guidance to complement the KPIs.
Revised and enhanced best practice guidance to remove ambiguity and duplication.
Additional requirements for HSSE strategic planning, KPI setting and performance monitoring, review and improvement.
Streamlining and merging of elements to improve consistency and make self-assessment easier.
Enhanced guidelines for risk assessment, auditing and review ashore and onboard along with guidance for all related tools to be employed.
Extensively Revised Element 6 and 6A – Cargo, Ballast, Tank Cleaning, Bunkering, Mooring and Anchoring Operations, with additional KPIs and guidance.
Extensively Revised Element 10 – Environmental and Energy Management (previously Environmental Management) incorporates the OCIMF Energy Efficiency and Fuel Management paper that was a supplement to the TMSA 2.
A New element: Element 13 – Maritime Security.

SOURCE READ FULL ARTICLE

Maritime firms fear cyber-attack supply chain breakdowns, XL Catlin warns

April 12, 2018 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime Cyber Attack

Cyber attacks like the NotPetya malware that struck Maersk are raising concerns about cyber risk and its effects on resilience, according to specialty insurer XL Catlin

Shipping industry firms and port operators are worried about linkage between cyber-attacks and supply chain risk, insurer XL Catlin has warned.

Big interdependencies between systems mean maritime firms face major business continuity risks from online threats.

“The problem is that nobody knows, other than the computer systems, where your goods are,” said Pascal Matthey, head of global lines for marine risk engineering at XL Catlin.

“You might never find your container again. Refrigerated containers might lose power, which would mean huge damage,” said Matthey.

Maersk was among those organisations worst hit by the NotPetya contagious malware attack last year.

The global shipping and logistics firm had to reinstall some 4,000 servers, 45,000 PCs, and 2,500 applications; the process took 10 days and cost the company around $450m.

The company was forced to temporarily switch to manual systems – pen and paper, and lots of overtime – resulting in a temporary 20% drop in volumes.

Another cyber-attack, revealed in 2013, struck two shipping companies operating in the Belgian port of Antwerp, and had reportedly gone undetected for about two years before that.

An organised crime group allegedly used hackers to infiltrate computer networks, allowing cocaine and heroin, hidden in containers shipped from South America, to be intercepted by criminals.

“The idea was not to harm the port but to get things out by hacking the system,” said Matthey, based in the specialty insurer’s Zurich office.

He warned about the potentially catastrophic consequences of a cyber-attack by terrorists, such as targeting a ship and interfering with its steering or navigation to cause a collision in congested waters, such as a port or major trade artery such as the Panama Canal.

Maritime Cyber Attack

“What happened on 9/11, you could perhaps now do with a ship, by steering a large vessel into an oil or gas terminal, which could have disastrous consequences,” said Matthey.

XL Catlin is among those re/insurance firms involved in developing blockchain applications – distributed ledger technology for smart contracts, sharing data instantaneously between the relevant counterparties.

A new blockchain platform for marine insurance contracts at XL Catlin and MS Amlin is expected to go live this year.

Maritime Cyber Attack

SOURCE STRATEGIC RISK READ FULL ARTICLE 

Cyber Risk And Marine Insurance : Mind The Gap

April 11, 2018 CONSULTANCYCYBER SECURITYIMOMARITIME CYBER SECURITYTMSA 3USCG

MARITIME CYBER RISK !

The insurance losses and liabilities arising from cyber risks is an increasing area of focus for both shipowners and their insurers, argues Mr. Adrian Durkin, Director (Claims) and Mr. Colin Gillespie, Deputy

Potentially owners may be exposed to gaps in cover arising from cyber incidents – an unsatisfactory situation in today’s connected world. For example, an owner’s hull and machinery insurance may contain a cyber risk exclusion which mirrors, or is derived from, institute clause 380.

There are also cyber exclusions in war risk policies that relate to computer viruses. The war risks clause is derived from market clause 3039. Many other market insurance policies specifically exclude losses or liabilities arising as a result of cyber risks.

Why is Cyber Excluded?

Cyber risks present a range of issues for insurers. Cyber risks are relatively new – claims data relating to these risks is quite limited. Another difficulty is that cyber security is not yet well established in the maritime industry. The sheer complexity of the information technology, operational technology and internet available across the industry also presents a challenge, as does the potential for cyber problems to spread quickly across the globe. As a result the likelihood, extent and costs associated with claims involving cyber risks are difficult to calculate and potentially significant, hence the reluctance to offer cover.

It is in an owner’s interests to scrutinise their various policies in order to identify potential gaps in their insurance cover. It is possible to close the gaps by working with insurers and brokers. This may require owners to demonstrate that they have robust cyber risk management practices in place both ashore and afloat. An additional premium may be payable. The market is responding to these risks – albeit slowly.

P&I Cover for Cyber Risks

The International Group of P&I Clubs’ poolable cover does not exclude claims arising from cyber risks.

This means that club members benefit from the same level of P&I cover should a claim arise due to a cyber risk, as they would from such a claim arising from a traditional risk. As always cover is subject to the club rules.

While there are currently no internationally agreed regulations in force as to what constitutes a prudent level of cyber risk management or protection, this does not mean that owners, charterers, managers or operators of ships can ignore the need to take proper steps to protect themselves in the belief that their club cover will always respond.

If a claim with a cyber element arises, an owner may need to demonstrate that they took all obvious steps to prevent foreseeable loss or liability. As more and more potential cyber risks are being identified, clubs will expect to see the operation of sensible and properly managed cyber risk policies and systems both ashore and on vessels.

MARITIME CYBER RISK

Don’t delay – act now

Barely a month goes by without news of a major cyber-attack affecting a large or high profile commercial or government entity. Cybercrime is a rapidly growing global threat in all industries and the maritime supply chain is vulnerable as the problems experienced by Maersk in 2017 have demonstrated. In that incident problems ashore had a knock on effect on vessels, highlighting the fact that as marine transport operations become more connected, the more chance there is of problems impacting across the system both ashore and afloat.

The authorities and large charterers are concerned about the risk to operations ashore and afloat and are taking steps to drive change in the industry. Actively managing cyber risks is now both a commercial and compliance priority.

Cyber Risks & ISM Code

The IMO’s Maritime Safety Committee (MSC) has confirmed that cyber risks should be managed under the ISM Code.

Resolution MSC.428(98) affirms that an approved safety management system should take into account cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

TMSA 3

Cyber risk management has been included in TMSA 3 under elements 7 and 13. KPI 7.3.3 includes cyber security as an assigned responsibility for software management in the best practice guidelines. Under element 13 cyber security is specifically identified as a security threat to be managed. It seems clear that the oil industry has recognised the need for action from tanker owners and is encouraging action through commercial pressure via TMSA 3. For tanker operators the time to act is already here.

Rightship Inspections

Cyber risk management now forms part of Rightship inspections and a company’s cyber security maturity may be one aspect dry bulk charterers will take into account.

A Daunting Task?

The prospect of dealing with cyber security will be daunting for many shipping companies. It’s new, involves things that may not be fully understood, and most of us are not likely to have received any formal training in such risks.

What is a definite plus is that shipping companies will be very familiar with the risk management framework suggested by the IMO Guidelines on Cyber Risk Management and industry Guidelines on Cyber Security Onboard Ships. We can also use the experience gained in other sectors of industry that have already put cyber security systems in place.

2021 is not far away, but the potential for cyber risks to result in losses or liabilities is clearly already upon us.

Cyber risks can affect almost every part of a shipping company. There will be lots to do to identify risks and vulnerabilities and to take steps to prepare for, and respond to, cyber threats. It’s time for us all to act.

By Adrian Durkin, Director (Claims) & Colin Gillespie, Deputy Director (Loss Prevention), North P&I Club

Liberian Registry – Computer-Based Training (CBT) Library

April 4, 2018 CYBER SECURITYMARITIME CYBER SECURITY

cyber security in maritime

In recent years, it has become apparent that maritime companies, ships, and ports are not adequately protected from security threats. IMO has issued a resolution giving shipowners and managers until 2021 to incorporate cyber-risk management into their ship safety plans. And the Liberian Registry has taken the typically proactive approach for which it has become renowned by launching a Cyber and Ship Security Computer Based Training which provides a comprehensive overview of cyber-security issues as well as advice on best practice pertaining to piracy, stowaways and general ship security.

cyber security in maritime

CYBER-SECURITY TRAINING  Over 40% of crewmembers report sailing on a vessel that has become infected with a
virus or malware – and only 1 in 8 crewmembers have received cyber-security training.
This module provides a comprehensive overview of the evolving field of cyber-security;
including concepts such as different types of malware, network security, identity theft,
and risk management.

 

SOURCE : LIBERIAN REGISTRY

Lloyd’s Register has acquired cyber security specialists Nettitude.

April 4, 2018 CYBER SECURITY

cyber security in maritime

Cyber security is on the boardroom agenda as organisations worldwide seek to improve their resilience against a backdrop of high-profile, and increasingly sophisticated cyber-attacks. The number of breaches is up an average 27.4% year on year1 and 86% of companies around the world reported experiencing at least one cyber incident in 2017.

Founded in 2003, Nettitude is an award-winning provider of cyber security, compliance, infrastructure and managed security services to organisations worldwide and employs 140 cyber security specialists globally.

The acquisition strengthens LR’s existing broad portfolio of cyber security services spanning certification, compliance, training, auditing and security consulting to now include penetration testing, information security consulting, managed security services and incident response. Together, Nettitude and LR now provide a complete suite of cyber security assurance services to help clients identify, protect, detect, respond and recover from cyber threats.

cyber security in maritime

The need for cyber security solutions and growth in cyber security is driven by three broad areas:

  • Industry 4.0 [IR4]
    • As we move towards a more automated, integrated and interdependent, data driven economy, the risk of cyber-attack increases.
  • Cyber-attacks are non-discriminatory
    • Cyber-attacks are now targeting a broader spectrum of industries and companies – irrespective of their size and geographical location.
  • Regulatory
    • The regulatory focus on cyber security is increasing, with wide-ranging compliance requirements against standards, schemes and local legislation.

Alastair Marsh, Chief Executive Officer, Lloyd’s Register commented: “This is an important acquisition for Lloyd’s Register to enhance our capability in assuring the increasingly complex supply chains in which we operate.  Information and operational technology security is a key concern for our clients across all sectors, as we see increasing dependencies on technology and challenges created by Industry 4.0.”

 

SOURCE : LLOYD’S REGISTER – CLICK TO READ VIEW ARTICLE

Maritime Cyber Security – Automated technologies help us to do our jobs, say 98% of seafarers

April 3, 2018 CYBER SECURITYGENERALMARITIME CYBER SECURITY

Maritime Cyber Security

More than half of 6,000 seafarers who took part in a crew connectivity survey have had a part of their role automated over the last two years, and 98% of these seafarers are positive about the change.

The largest ever survey of seafarers to date revealed that nearly all who took part feel that technology and automation provide great opportunity to enhance their job roles and shipping operations. Roger Adamson, Futurenautics Maritime’s chief executive officer, who presented the results during the report’s launch in London this week, said that for the first time Futurenautics looked into the “weird and wonderful technology of the future that everyone talks about – robotics, automation, big data, analytics, unmanned ships,” these topics which had not been explored before.

Adamson explained that they first started talking to seafarers about automation levels. “53% of them came back and said we have had one or more components of our role automated within the last two years. That figure increased to 72% when we included officers.”

Maritime Cyber Security

The impact of automation on seafarers and officers’ roles proved to be positive, with the majority (98%) confirming it had helped rather than hindered them in their role at sea. Adamson also confirmed that automation, robotics, artificial intelligence, and augmented/virtual reality, were viewed as opportunities by the majority of seafarers, rather than as threats, which came as a surprise to Futurenautics. According to Adamson, most saw these processes and technologies as a way to enhance the ability for crew to operate the vessel and do their jobs more efficiently.

SOURCE: CLICK TO READ FULL ARTICLE

Newer Posts

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com