CYBER SECURITY Archives - Page 6 of 6 - SHIP IP LTD

Maritime Cyber Security – Automated technologies help us to do our jobs, say 98% of seafarers

April 3, 2018 CYBER SECURITYGENERALMARITIME CYBER SECURITY

Maritime Cyber Security

More than half of 6,000 seafarers who took part in a crew connectivity survey have had a part of their role automated over the last two years, and 98% of these seafarers are positive about the change.

The largest ever survey of seafarers to date revealed that nearly all who took part feel that technology and automation provide great opportunity to enhance their job roles and shipping operations. Roger Adamson, Futurenautics Maritime’s chief executive officer, who presented the results during the report’s launch in London this week, said that for the first time Futurenautics looked into the “weird and wonderful technology of the future that everyone talks about – robotics, automation, big data, analytics, unmanned ships,” these topics which had not been explored before.

Adamson explained that they first started talking to seafarers about automation levels. “53% of them came back and said we have had one or more components of our role automated within the last two years. That figure increased to 72% when we included officers.”

Maritime Cyber Security

The impact of automation on seafarers and officers’ roles proved to be positive, with the majority (98%) confirming it had helped rather than hindered them in their role at sea. Adamson also confirmed that automation, robotics, artificial intelligence, and augmented/virtual reality, were viewed as opportunities by the majority of seafarers, rather than as threats, which came as a surprise to Futurenautics. According to Adamson, most saw these processes and technologies as a way to enhance the ability for crew to operate the vessel and do their jobs more efficiently.

SOURCE: CLICK TO READ FULL ARTICLE

Maritime General Data Protection Regulation (GDPR) – Privacy Policy Generator

March 26, 2018 CYBER SECURITYGDPRGENERAL DATA PROTECTION REGULATION

Maritime General Data Protection Regulation (GDPR) – Privacy Policy Generator!

The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy.

Because of this, your Privacy Policy is going to be an important part of your GDPR compliance plan.

A Privacy Policy is where you let your users know:

  • What personal information you collect
  • How and why you collect it
  • How you use it
  • How you secure it
  • Any third parties with access to it
  • If you use cookies
  • How users can control any aspects of this

Privacy Policies tend to be long, dense legal agreements with a lot of detailed information. Your users might feel intimidated by page after page of technical information, which is what the GDPR is working to avoid.

Update your Privacy Policy to be GDPR-compliant by cutting out legalese and using clear language that your average user will understand.

Along with the seven standard points above, you must also include the following information in your Privacy Policy to be GDPR-compliant.

Note that each point doesn’t have to be a separate clause. As long as the information is somewhere in your Policy, it will work.

1. Who your Data Controller is

2. Contact information for the Data Controller

3. Whether you use data to make automated decisions

4. Inform users of the 8 rights they have have under the GDPR

5. Whether providing data is mandatory

6. Whether you transfer data internationally

7. What’s your legal basis for processing data

Source : TermsFeed – Online Privacy Generator

 

Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

March 26, 2018 CYBER SECURITY

Maritime Cyber Security – Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

 

Paris – La Défense, France, March 13 2018 – Bureau Veritas has developed a comprehensive approach to support shipowners in addressing maritime cyber risks. A new series of classification notations, guidelines and services enable owners to comply with regulatory requirements, safeguard their crews and protect their assets from both malfunction and malicious attack.

Maritime Cyber Security

Bureau Veritas now offers two cyber notations:

The first, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from 1 July 2017. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cyber safety level.

  • SW-Registry notation meets requirements of IACS revised Unified
  • Requirement (UR E22)
  • SYS-COM notation covers requirements for ship-shore data security
  • Guidelines for Autonomous Shipping now available

A second new notation, SYS-COM, addresses cyber security, and is directed at preventing malicious cyber attacks. SYS-COM is a voluntary notation covering the exchange of data between ship and shore. Bureau Veritas is now the only classification society to offer a notation for this specific risk, identified as a key cyber security threat to digital ship data and systems. The experience from projects with shipowners and providers of ship equipment and technology systems has been vital in developing and testing the Bureau Veritas approach. Recent announcements of projects with Bourbon and Kongsberg are examples.

 

Source BV – Click to Read Full Article

Cyber Risks and P&I Insurance

March 9, 2018 CYBER SECURITY

Cyber Risks and P&I Insurance

The maritime industry’s reliance on computers and its increasing interconnectivity within the sector makes it highly vulnerable to cyber incidents.  Cyber poses a threat to all parts of the shipping sector; Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks.How can cyber risks occur in the shipping industry and what is covered under the P&I Rules.

Cyber Risks and P&I Insurance

What are “cyber risks”?

• Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and
technological networks
• All businesses rely heavily upon computer systems to sustain their operations, but these systems are
vulnerable
• Cyber risks comprise risks related to hacker attacks, virus transmission, cyber extortion, network downtime and data security breaches
• A maritime cyber risk can be defined according to the IMO Interim Guidelines on Cyber Risk Management as “the extent to which
a technology asset is threatened by a potential circumstance or event,which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised”

How can cyber risks occur in the
shipping industry?

• Commercial ships are increasingly more dependent upon computers and computer software to operate and control various shipboard systems
• Safe ship operations are reliant on bridge systems such as ECDIS (Electronic Chart Display and Information System),AIS (Automatic Identification System) and GPS (Global Positioning System)
• Main and auxiliary propulsion systems rely increasingly on computers to operate efficiently
• Ship networks are connected to the internet As with computers ashore, shipboard
systems are vulnerable to cyber-attacks
• Hackers can take advantage of vulnerabilities in a network to access servers;this can enable hackers to access,remove and manipulate sensitive data
• Even a simple mobile phone charging process using a USB port in the ECDIS system can cause a virus to render a system inoperable
• If ships’ systems are attacked, the effect could be extremely perilous
• A cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its ability to avoid hazards and in terms of its stability
and cargo operations
• A cyber-attack could lead to collision, personal injury, property damage, pollution or even to a shipwreck.

Are cyber risks excluded from P&I cover?
• No.As a general rule, P&I liabilities – which are set out in Rule 2 of the
UK Club Rules – are not subject to any exclusion of cyber risks
• Nor is the International Group Pooling Agreement subject to a cyber
risk exclusion
• Some maritime cyber risks, however, don’t come within the scope of P&I because they don’t arise from the
operation of a ship.An example is the risk of monetary loss where a shipping company is blackmailed to pay a ransom for the restoration of IT data
or restoration of IT systems that have been compromised by cyber-attack

Icon

Cyber Risks and P&I Insurance

1 file(s) 7.68 MB
Download

Cyber Risks and P&I Insurance

Source UK P&I CLUB click to download full Q&A

Maritime External  Cyber Security Audit AS PER TMSA 3 REQUIREMENT

February 18, 2018 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime External  Cyber Security Audit

[wp_cart_button name=”MCSM-CYBER SECURITY MANUAL” price=”1500″] [show_wp_shopping_cart]

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

SHIP IP LTD via our Network of local engineers can attend your vessels and complete an External  Cyber Security Audit that includes and not limited to :

  •  Policies and Procedures
  • Cyber security risk management
  • Training and awareness
  • Physical security and access control
  • Network security
  • Vulnerability scan of your onboard network

Why you should ask for an External Cyber Security Audit ? 

Answer is straight forward and that because both TMSA and RightShip have already include it as a requirement to their latest revisions which you can read below 

Where are our specialist located ?

Singapore and Greece.

We can cover ASIA and EUROPE via our engineers.

How much it costs ?

That it depends the port and country we visit but for example in Singapore can be as low as USD 1500 all included !

Time Required to complete the Audit ?

Under normal circumstances our Singapore Team will complete the Audit same day . Boarding Team consists of our Captain Thum and our Local IT Engineer .

We have post below relevant Requirements : 

TMSA 3 – ELEMENT 13

STAGE 2

2.4 The company actively promotes cyber security awareness.

Effective means are used to encourage responsible behaviour by shore-based personnel, vessel personnel and third parties.

Such behaviour may include:

• Locking of unattended work stations.
• Safeguarding of passwords.
• No use of unauthorised software.
• Responsible use of social media.
• Control/prevention of misuse of portable storage and memory sticks.

 

STAGE 4

4.2 Independent specialist support is used to mitigate identified security threats.

Any contracts for specialist support both onboard and ashore, are supported by a comprehensive scope of work.

 

4.5 The company is involved in the testing and implementation of innovative security technology and systems.

This may include:

• Physical measures to improve security.
• Software enhancements to IT systems.

RIGHTSHIP

Inspection and Assessment Report For Dry Cargo Ships

4.7 Cybersecurity
4.7.1 Does the vessel and/or company have documented software/firmware and
hardware maintenance procedures ………………………………………………………….?
4.7.1.1 Are service reports available ………………………………………………………..?
4.7.2 Does the vessel and/or company have any cyber security procedures…………..?
4.7.2.1 Has a Risk Assessment for Cyber attack been completed. ……………….?
4.7.2.2 Is a Cyber attack Response Plan available …………………………………….?
4.7.3 Does the vessel and/or company provide any cyber security training ………..

 

| T: ( +30) 211 850 1121
| e: sales@shipip.com
| w: http://localhost/shipip
| Skype : anyawb1

SINCE 2013

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry

November 1, 2017 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry!

To wrap up this year’s National Cybersecurity Awareness Month series, Lt. Cmdr. Brandon Link with the Office of Port & Facility Compliance poses five key questions maritime professionals can consider when deciding how to manage risks to cyber systems.

 

Cyber systems are prevalent in our daily lives. We face an ever-increasing amount of cyber influence in how we live, work, and operate. The Marine Transportation System (MTS) uses cyber systems in all aspects of operations. With the convenience and improved performance offered by technology come continually-evolving questions and challenges. Cyber threats are real and pose considerable risks requiring attention and action at all organizational levels.

Below are five key cyber questions and challenges facing the maritime industry and how you can begin assessing and reducing risk:

1. How much should I invest in cybersecurity and cyber risk management? The answer varies from organization to organization. Cybersecurity should be viewed as an investment, not a cost. You are in the best position to evaluate your company’s cyber footprint to determine where risks are highest. The National Institute of Standards and Technology (NIST) Cybersecurity Framework and Coast Guard/NIST Cybersecurity Profiles are a few resources available. The Coast Guard continues to work on further guidance to assist in cyber risk management efforts, including the upcoming Navigation and Vessel Inspection Circular (NVIC) 05-17, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act Regulated Facilities.

2. We have a closed system with an air gap between our network and outside influences. Am I still at risk? Does the system have access control/authentication procedures to prohibit unknown or unauthorized access? Can an equipment vendor access that system remotely, even for seemingly harmless activities such as program updates? Can the system be accessed in person, connecting via laptop or other equipment, introducing an avenue for malicious access? To answer these questions, it is important to know and understand the landscape of, and access to your cyber systems.

3. What are the greatest threats to my cyber systems? A direct cyber attack can come from a malicious actor, either internal or external. Cyber threats can also arise from accidental corruption, like an employee unknowingly connecting a corrupted device (smart phone, “thumb” drive) to a USB port. Risks can increase due to improper system configurations or failure to stay current on software updates. Having policies in place to account for these issues, and ensuring employee awareness, can greatly reduce risks.

4. I think our organization is the victim of a cyber attack or incident. Who can I notify? The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center serving as the national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement. A cyber incident that does not impact physical security or include a pollution event can be reported to the NCCIC at 1-888-282-0870, who will then forward the report to the National Response Center (NRC), meeting the reporting requirements in 33 CFR 101.305, if made aware that you are calling as a Coast Guard-regulated facility. Reports of suspicious activity or a breach of security, and incidents affecting physical security or including a pollution event should be reported to the NRC at 1-800-424-8802.

5. We need to address cyber risks in our organization, where do we begin? There is no single solution that will work the same for every company, but there are steps that will help get you on the path toward an improved cyber posture:

  • Increase cybersecurity training and awareness at all levels of your organization.
  • Understand and educate the workforce on the difference between Information Technology (IT), the storing, retrieving, transmitting, and manipulating of data, and Operational Technology (OT), the hardware and software that detects or causes changes in processes through monitoring or control of physical devices (the “Internet of Things”).
  • Establish positions, teams, or workgroups that are cyber threat-focused. Integrate your IT workforce’s corporate knowledge of systems with the OT workforce and others who possess expertise in your company’s operations.
  • Conduct an assessment to see where cyber threats exist, and identify ways to mitigate those risks. Incorporate cyber risk management into existing policies and procedures, including the Facility Security Plan. Conduct exercises that test your organization’s cyber threat resilience.
  • Identify your local Area Maritime Security Committee, particularly those with a dedicated cybersecurity subcommittee, or other opportunities that allows for the sharing of knowledge and experience. What affects your organization could affect others, so information sharing is crucial to combating threats.

 

Managing cyber risks will continue to be an ongoing effort requiring time and attention. The most significant threats and highest priorities may not remain the same from month-to-month or even week-to-week, so staying informed could mean the difference between a strong cyber posture or becoming victim to a cyber incident or breach.

Source :

10/30/2017: Nat’l Cybersecurity Awareness Month – Five key cyber questions and challenges facing the maritime industry

SHIP IP LTD – BadRabbit Ransomware 24 OCT 2017

October 25, 2017 BIMCOCONSULTANCYCYBER SECURITY

 

BadRabbit Ransomware !

A new cyber attack is affecting computer systems around Europe.

BadRabbit Ransomware

A strain of ransomware known as “Bad Rabbit” is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

Once a computer is infected, victims are sent to a page on the Tor browser that demands .05 Bitcoins (about $275) within around 41 hours, in exchange for the decryption of the data and access to the machine. If time expires, the ransom increases.

As always, anyone infected is discouraged from paying the ransom. For one, there’s no guarantee you’ll get the data back but importantly, refusing to pay the ransom discourages future ransomware attacks.

Although BadRabbit shows similarities to Petya, it’s still unclear who is behind the recent attack. The original Petya took down a number of government agencies and businesses earlier this year, mostly in Ukraine. Russia is a viable suspect for Petya, but all evidence tying the malware with any nation state has been circumstantial.

You can readmore about BadRabbit Ransomware :

http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/

https://www.theverge.com/2017/10/24/16539054/ransomware-badrabbit-eastern-europe-russia-ukraine

http://money.cnn.com/2017/10/24/technology/bad-rabbit-ransomware-attack/index.html

 

IMO GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

July 20, 2017 BIMCOCONSULTANCYCYBER SECURITYIMO

IMO GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

 

IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety !

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

One of the discussions that took place at the IMO Maritime Safety Committee’s 98th session (MSC 98) in June was whether the IMO’s newly approved guidelines on maritime cyber risk management should be incorporated into the International Safety Management Code (ISM), the international standard for safe ship operations.

While such a directive was not formally adopted, what was adopted was a resolution affirming that approved safety management systems (SMS) should take cyber risk management into account in accordance with the requirements of the ISM.

The resolution encouraged flag administrations to ensure that cyber risks are addressed in SMS no later than the first annual verification of the company’s document of compliance after 1 January 2021.

SHIP IP LTD – Can assist your company to ensure compliance with Cyber Security requirement  as we can offer FULL support to your company like :

  • Maritime Cyber Security Manual with only EUROS 500 ( pls click here to read more… )
  • Consultancy to complete with TMSA 3 – Element 13 Maritime Security
  • ask for more …

 

SHIP IP LTD – SHIPPING VIRTUAL SERVICES !

Error: Contact form not found.

Maritime Cyber Security Manual in Compliance with BIMCO – USCG

July 1, 2017 BIMCOCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

MARITIME CYBER SECURITY MANUAL

Following latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins and TMSA 3 – element 13 we have develop a generic MARITIME Cyber Security Manual which can be used by all Shipping Companies as a best practice .

SHIP IP LTD have develop a Maritime Cyber Security manual to provide a risk management solution for Shipping companies and their vessels against various Cyber incidents.

Cyber incidents with negative effects to companies reputation or even results to economic effects when delays to services provided by their vessels.

Needless to point that Cyber Security is now part of TMSA 3 – Element 13 and all companies operating Tankers should immediate consider to develop or include to their existing Safety Management system, procedures , contingencies plans ( offices and vessels), define hazards,threats and risks when it comes to Cyber incidents.

Our Manual in word format with following content for sure with small changes will fit to your companies setup and will cover all regulations and international requirements :

Definitions

Understanding the cyber threat
Assessing the risk
Determination of vulnerability
Risk assessment ( Bridge equipment,Comms,Propulsion,Cargo Systems,Welfare Systems etc.)
Reducing the risk
Technical cyber security controls
Procedural controls
Defence in depth

CYBER SECURITY POLICY
OFFICE & VESSEL contingency plans

Investigate cyber incidents ( forms and procedures )
Response plan
Recovery
Investigate cyber incidents

 

ALSO we will provide you FREE of charge in word format a travel
policy as required by TMSA 3 Stage :
3.1 A travel policy is in place to minimize security threats to personnel.

 

In case you like more details or even you would like to order our manual,please submit contact form below and we will get in touch with you soon.

 

You can now purchase our manual and pay via Paypal or any major credit card, please click button below to redirect to the relevant page, as soon as you complete payment we will send you secure link to download it :

CLICK TO BUY EURO 399

 

MARITIME CYBER SECURITY ONBOARD SHIPS

February 1, 2016 BIMCOCONSULTANCYCYBER SECURITYINTERTANKO

MARITIME CYBER SECURITY

As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web.
This brings the greater risk of unauthorized access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems on board, for example by introducing malware via removable media.
Relevant personnel should have training in identifying the typical modus operand of cyber attacks.
The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organizations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies develop resilient approaches to cyber security onboard ships.
Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations. The Guidelines provide a risk-based approach to identifying and responding to cyber threats.

 

Guidelines_on_cyber_security_onboard_ships_version_1-0

MARITIME CYBER SECURITY

The threat of cyber space is building up rapidly with the potential of posing even bigger risks, also for the crews. The maritime industry seems to be rather unaware and unprepared!

Newer Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED