CYBER SECURITY Archives - Page 7 of 8 - SHIP IP LTD

Maritime GDPR – General Data Protection Regulation Implementation

May 25, 2018 CYBER SECURITYGDPRGENERAL DATA PROTECTION REGULATION

Maritime GDPR – General Data Protection Regulation Implementation

The EU General Data Protection Regulation (GDPR)

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes all EU member states’ current national data protection laws. Significant and wide-reaching in scope, the Regulation brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of obligations on organisations to be more accountable for data protection.Maritime GDPR – General Data Protection Regulation Implementation!

Deadline for compliance: 25 May 2018

Penalties

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

Who is impacted?

The GDPR applies to controllers and processors that are handling the personal data of European individuals. Perhaps one of the most important things to note is that this new regulation applies to ALL organisations collecting and processing personal data of individuals residing in the EU, regardless of the company’s physical location.

All maritime companies need to be in compliance by the deadline of enforcement / SHIP IP LTD can assist you STEP BY STEP and  prepare an organization to be compliant with the GDPR, update your SMS provide you policies and all tools required !

FAQ

How we get started ?

Please complete simple form below so we can understand your company’s size and resources required to be reviewed .

Our consulting team will get in contact with you soon to arrange a web conference and discuss next steps.

How much it costs ?

That depends the size of your company / number of people involved and our findings after our initial GAP analysis .

How much time required until implementation ?

Usually between 4-8 weeks – We suggest you that the person really knows your internal workflow and data structure to be in direct contact with our team so we can reduce implementation time to minimum.

Do we need a DPO (Data Protection Officer) ?

YES you need for sure ! at least the first two years so people can be trained and be mature with the new regulation.

SHIP IP LTD offers outsourced DPO service with an agreed annual FEE – So we actually can follow up and ensure implementation after we complete relevant consulting . Our DPO is certified by TUV Austria

What Documentation will be provided ?

40+ policies, procedures, controls, checklists, tools, presentations and other useful documentation , sample list below not limited :

  • Data protection policy
  • Training policy
  • Information security policy
  • Data protection impact assessment procedure
  • Retention of records procedure
  • Subject access request form and procedure
  • Privacy procedure
  • International data transfer procedure
  • Data portability procedure
  • Data protection officer (DPO) job description
  • Complaints procedure
  • Audit checklist for compliance
  • Privacy notice

 

SHIP IP LTD will help you from initial steps until implementation and auditing to ensure continues auditing !

Get in contact with us TODAY !

Error: Contact form not found.

 

TMSA 3 calls for improved practices

May 15, 2018 CYBER SECURITYMARITIME CYBER SECURITYTMSA 3

TMSA 3, From January 2018, tanker operators are required to use TMSA3 to monitor and improve performance. In comparison with TMSA2, the new edition of TMSA is more extended in length and presents new challenges to ship operators with the introduction of new requirements.

It is noticeable that for the first time, this self-assessment tool for oil tankers introduces maritime security as Element 13 referring also to cyber security.

Cyber security is currently one of the most discussed topics on the industry and many considerable efforts have been made so far to mitigate threats. Thus, TMSA 3 aims to establish procedures in order to respond to industry’s needs.

‘’For the first time, TMSA introduces maritime security as Element 13 including cyber security’’

Also it features an expanded best practice guidance to complement the KPIs and enhanced guidelines for risk assessment, auditing and review ashore and onboard along with guidance for all related tools to be employed.

Other major changes introduced are the expansion of Element 6 on Cargo, Ballast, Tank Cleaning, Bunkering, Mooring & Anchoring Operations, and an updated Element 10 combining Environmental and Energy Management.

In the latest edition, special focus has been given on the continuous improvement cycle by taking into consideration additional KPIs towards effective performance management. Specifically, TMSA3 introduces 85 new KPIs in total. In this context, 25 KPIs have moved to a lower level and there are indexes concerning customer focus, leadership and engagement of people.

On the whole, the TMSA3 addresses issues regarding performance management. The method that a shipping company uses to measure performance is a prominent topic for discussion within the maritime industry. The new edition makes an effort to overhaul the process, not only with the streamline of KPIs but also with the introduction of non-financial measurements and the assessment of soft skills.

Furthermore, TMSA3 introduces a different approach by focusing on the human element and behavioral safety suggesting that crew competence is the tool for crew retention and development.

TMSA 3 at a glance

Expanded best practice guidance to complement the KPIs.
Revised and enhanced best practice guidance to remove ambiguity and duplication.
Additional requirements for HSSE strategic planning, KPI setting and performance monitoring, review and improvement.
Streamlining and merging of elements to improve consistency and make self-assessment easier.
Enhanced guidelines for risk assessment, auditing and review ashore and onboard along with guidance for all related tools to be employed.
Extensively Revised Element 6 and 6A – Cargo, Ballast, Tank Cleaning, Bunkering, Mooring and Anchoring Operations, with additional KPIs and guidance.
Extensively Revised Element 10 – Environmental and Energy Management (previously Environmental Management) incorporates the OCIMF Energy Efficiency and Fuel Management paper that was a supplement to the TMSA 2.
A New element: Element 13 – Maritime Security.

SOURCE READ FULL ARTICLE

Maritime firms fear cyber-attack supply chain breakdowns, XL Catlin warns

April 12, 2018 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime Cyber Attack

Cyber attacks like the NotPetya malware that struck Maersk are raising concerns about cyber risk and its effects on resilience, according to specialty insurer XL Catlin

Shipping industry firms and port operators are worried about linkage between cyber-attacks and supply chain risk, insurer XL Catlin has warned.

Big interdependencies between systems mean maritime firms face major business continuity risks from online threats.

“The problem is that nobody knows, other than the computer systems, where your goods are,” said Pascal Matthey, head of global lines for marine risk engineering at XL Catlin.

“You might never find your container again. Refrigerated containers might lose power, which would mean huge damage,” said Matthey.

Maersk was among those organisations worst hit by the NotPetya contagious malware attack last year.

The global shipping and logistics firm had to reinstall some 4,000 servers, 45,000 PCs, and 2,500 applications; the process took 10 days and cost the company around $450m.

The company was forced to temporarily switch to manual systems – pen and paper, and lots of overtime – resulting in a temporary 20% drop in volumes.

Another cyber-attack, revealed in 2013, struck two shipping companies operating in the Belgian port of Antwerp, and had reportedly gone undetected for about two years before that.

An organised crime group allegedly used hackers to infiltrate computer networks, allowing cocaine and heroin, hidden in containers shipped from South America, to be intercepted by criminals.

“The idea was not to harm the port but to get things out by hacking the system,” said Matthey, based in the specialty insurer’s Zurich office.

He warned about the potentially catastrophic consequences of a cyber-attack by terrorists, such as targeting a ship and interfering with its steering or navigation to cause a collision in congested waters, such as a port or major trade artery such as the Panama Canal.

Maritime Cyber Attack

“What happened on 9/11, you could perhaps now do with a ship, by steering a large vessel into an oil or gas terminal, which could have disastrous consequences,” said Matthey.

XL Catlin is among those re/insurance firms involved in developing blockchain applications – distributed ledger technology for smart contracts, sharing data instantaneously between the relevant counterparties.

A new blockchain platform for marine insurance contracts at XL Catlin and MS Amlin is expected to go live this year.

Maritime Cyber Attack

SOURCE STRATEGIC RISK READ FULL ARTICLE 

Cyber Risk And Marine Insurance : Mind The Gap

April 11, 2018 CONSULTANCYCYBER SECURITYIMOMARITIME CYBER SECURITYTMSA 3USCG

MARITIME CYBER RISK !

The insurance losses and liabilities arising from cyber risks is an increasing area of focus for both shipowners and their insurers, argues Mr. Adrian Durkin, Director (Claims) and Mr. Colin Gillespie, Deputy

Potentially owners may be exposed to gaps in cover arising from cyber incidents – an unsatisfactory situation in today’s connected world. For example, an owner’s hull and machinery insurance may contain a cyber risk exclusion which mirrors, or is derived from, institute clause 380.

There are also cyber exclusions in war risk policies that relate to computer viruses. The war risks clause is derived from market clause 3039. Many other market insurance policies specifically exclude losses or liabilities arising as a result of cyber risks.

Why is Cyber Excluded?

Cyber risks present a range of issues for insurers. Cyber risks are relatively new – claims data relating to these risks is quite limited. Another difficulty is that cyber security is not yet well established in the maritime industry. The sheer complexity of the information technology, operational technology and internet available across the industry also presents a challenge, as does the potential for cyber problems to spread quickly across the globe. As a result the likelihood, extent and costs associated with claims involving cyber risks are difficult to calculate and potentially significant, hence the reluctance to offer cover.

It is in an owner’s interests to scrutinise their various policies in order to identify potential gaps in their insurance cover. It is possible to close the gaps by working with insurers and brokers. This may require owners to demonstrate that they have robust cyber risk management practices in place both ashore and afloat. An additional premium may be payable. The market is responding to these risks – albeit slowly.

P&I Cover for Cyber Risks

The International Group of P&I Clubs’ poolable cover does not exclude claims arising from cyber risks.

This means that club members benefit from the same level of P&I cover should a claim arise due to a cyber risk, as they would from such a claim arising from a traditional risk. As always cover is subject to the club rules.

While there are currently no internationally agreed regulations in force as to what constitutes a prudent level of cyber risk management or protection, this does not mean that owners, charterers, managers or operators of ships can ignore the need to take proper steps to protect themselves in the belief that their club cover will always respond.

If a claim with a cyber element arises, an owner may need to demonstrate that they took all obvious steps to prevent foreseeable loss or liability. As more and more potential cyber risks are being identified, clubs will expect to see the operation of sensible and properly managed cyber risk policies and systems both ashore and on vessels.

MARITIME CYBER RISK

Don’t delay – act now

Barely a month goes by without news of a major cyber-attack affecting a large or high profile commercial or government entity. Cybercrime is a rapidly growing global threat in all industries and the maritime supply chain is vulnerable as the problems experienced by Maersk in 2017 have demonstrated. In that incident problems ashore had a knock on effect on vessels, highlighting the fact that as marine transport operations become more connected, the more chance there is of problems impacting across the system both ashore and afloat.

The authorities and large charterers are concerned about the risk to operations ashore and afloat and are taking steps to drive change in the industry. Actively managing cyber risks is now both a commercial and compliance priority.

Cyber Risks & ISM Code

The IMO’s Maritime Safety Committee (MSC) has confirmed that cyber risks should be managed under the ISM Code.

Resolution MSC.428(98) affirms that an approved safety management system should take into account cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

TMSA 3

Cyber risk management has been included in TMSA 3 under elements 7 and 13. KPI 7.3.3 includes cyber security as an assigned responsibility for software management in the best practice guidelines. Under element 13 cyber security is specifically identified as a security threat to be managed. It seems clear that the oil industry has recognised the need for action from tanker owners and is encouraging action through commercial pressure via TMSA 3. For tanker operators the time to act is already here.

Rightship Inspections

Cyber risk management now forms part of Rightship inspections and a company’s cyber security maturity may be one aspect dry bulk charterers will take into account.

A Daunting Task?

The prospect of dealing with cyber security will be daunting for many shipping companies. It’s new, involves things that may not be fully understood, and most of us are not likely to have received any formal training in such risks.

What is a definite plus is that shipping companies will be very familiar with the risk management framework suggested by the IMO Guidelines on Cyber Risk Management and industry Guidelines on Cyber Security Onboard Ships. We can also use the experience gained in other sectors of industry that have already put cyber security systems in place.

2021 is not far away, but the potential for cyber risks to result in losses or liabilities is clearly already upon us.

Cyber risks can affect almost every part of a shipping company. There will be lots to do to identify risks and vulnerabilities and to take steps to prepare for, and respond to, cyber threats. It’s time for us all to act.

By Adrian Durkin, Director (Claims) & Colin Gillespie, Deputy Director (Loss Prevention), North P&I Club

Liberian Registry – Computer-Based Training (CBT) Library

April 4, 2018 CYBER SECURITYMARITIME CYBER SECURITY

cyber security in maritime

In recent years, it has become apparent that maritime companies, ships, and ports are not adequately protected from security threats. IMO has issued a resolution giving shipowners and managers until 2021 to incorporate cyber-risk management into their ship safety plans. And the Liberian Registry has taken the typically proactive approach for which it has become renowned by launching a Cyber and Ship Security Computer Based Training which provides a comprehensive overview of cyber-security issues as well as advice on best practice pertaining to piracy, stowaways and general ship security.

cyber security in maritime

CYBER-SECURITY TRAINING  Over 40% of crewmembers report sailing on a vessel that has become infected with a
virus or malware – and only 1 in 8 crewmembers have received cyber-security training.
This module provides a comprehensive overview of the evolving field of cyber-security;
including concepts such as different types of malware, network security, identity theft,
and risk management.

 

SOURCE : LIBERIAN REGISTRY

Lloyd’s Register has acquired cyber security specialists Nettitude.

April 4, 2018 CYBER SECURITY

cyber security in maritime

Cyber security is on the boardroom agenda as organisations worldwide seek to improve their resilience against a backdrop of high-profile, and increasingly sophisticated cyber-attacks. The number of breaches is up an average 27.4% year on year1 and 86% of companies around the world reported experiencing at least one cyber incident in 2017.

Founded in 2003, Nettitude is an award-winning provider of cyber security, compliance, infrastructure and managed security services to organisations worldwide and employs 140 cyber security specialists globally.

The acquisition strengthens LR’s existing broad portfolio of cyber security services spanning certification, compliance, training, auditing and security consulting to now include penetration testing, information security consulting, managed security services and incident response. Together, Nettitude and LR now provide a complete suite of cyber security assurance services to help clients identify, protect, detect, respond and recover from cyber threats.

cyber security in maritime

The need for cyber security solutions and growth in cyber security is driven by three broad areas:

  • Industry 4.0 [IR4]
    • As we move towards a more automated, integrated and interdependent, data driven economy, the risk of cyber-attack increases.
  • Cyber-attacks are non-discriminatory
    • Cyber-attacks are now targeting a broader spectrum of industries and companies – irrespective of their size and geographical location.
  • Regulatory
    • The regulatory focus on cyber security is increasing, with wide-ranging compliance requirements against standards, schemes and local legislation.

Alastair Marsh, Chief Executive Officer, Lloyd’s Register commented: “This is an important acquisition for Lloyd’s Register to enhance our capability in assuring the increasingly complex supply chains in which we operate.  Information and operational technology security is a key concern for our clients across all sectors, as we see increasing dependencies on technology and challenges created by Industry 4.0.”

 

SOURCE : LLOYD’S REGISTER – CLICK TO READ VIEW ARTICLE

Maritime Cyber Security – Automated technologies help us to do our jobs, say 98% of seafarers

April 3, 2018 CYBER SECURITYGENERALMARITIME CYBER SECURITY

Maritime Cyber Security

More than half of 6,000 seafarers who took part in a crew connectivity survey have had a part of their role automated over the last two years, and 98% of these seafarers are positive about the change.

The largest ever survey of seafarers to date revealed that nearly all who took part feel that technology and automation provide great opportunity to enhance their job roles and shipping operations. Roger Adamson, Futurenautics Maritime’s chief executive officer, who presented the results during the report’s launch in London this week, said that for the first time Futurenautics looked into the “weird and wonderful technology of the future that everyone talks about – robotics, automation, big data, analytics, unmanned ships,” these topics which had not been explored before.

Adamson explained that they first started talking to seafarers about automation levels. “53% of them came back and said we have had one or more components of our role automated within the last two years. That figure increased to 72% when we included officers.”

Maritime Cyber Security

The impact of automation on seafarers and officers’ roles proved to be positive, with the majority (98%) confirming it had helped rather than hindered them in their role at sea. Adamson also confirmed that automation, robotics, artificial intelligence, and augmented/virtual reality, were viewed as opportunities by the majority of seafarers, rather than as threats, which came as a surprise to Futurenautics. According to Adamson, most saw these processes and technologies as a way to enhance the ability for crew to operate the vessel and do their jobs more efficiently.

SOURCE: CLICK TO READ FULL ARTICLE

Maritime General Data Protection Regulation (GDPR) – Privacy Policy Generator

March 26, 2018 CYBER SECURITYGDPRGENERAL DATA PROTECTION REGULATION

Maritime General Data Protection Regulation (GDPR) – Privacy Policy Generator!

The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy.

Because of this, your Privacy Policy is going to be an important part of your GDPR compliance plan.

A Privacy Policy is where you let your users know:

  • What personal information you collect
  • How and why you collect it
  • How you use it
  • How you secure it
  • Any third parties with access to it
  • If you use cookies
  • How users can control any aspects of this

Privacy Policies tend to be long, dense legal agreements with a lot of detailed information. Your users might feel intimidated by page after page of technical information, which is what the GDPR is working to avoid.

Update your Privacy Policy to be GDPR-compliant by cutting out legalese and using clear language that your average user will understand.

Along with the seven standard points above, you must also include the following information in your Privacy Policy to be GDPR-compliant.

Note that each point doesn’t have to be a separate clause. As long as the information is somewhere in your Policy, it will work.

1. Who your Data Controller is

2. Contact information for the Data Controller

3. Whether you use data to make automated decisions

4. Inform users of the 8 rights they have have under the GDPR

5. Whether providing data is mandatory

6. Whether you transfer data internationally

7. What’s your legal basis for processing data

Source : TermsFeed – Online Privacy Generator

 

Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

March 26, 2018 CYBER SECURITY

Maritime Cyber Security – Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

 

Paris – La Défense, France, March 13 2018 – Bureau Veritas has developed a comprehensive approach to support shipowners in addressing maritime cyber risks. A new series of classification notations, guidelines and services enable owners to comply with regulatory requirements, safeguard their crews and protect their assets from both malfunction and malicious attack.

Maritime Cyber Security

Bureau Veritas now offers two cyber notations:

The first, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from 1 July 2017. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cyber safety level.

  • SW-Registry notation meets requirements of IACS revised Unified
  • Requirement (UR E22)
  • SYS-COM notation covers requirements for ship-shore data security
  • Guidelines for Autonomous Shipping now available

A second new notation, SYS-COM, addresses cyber security, and is directed at preventing malicious cyber attacks. SYS-COM is a voluntary notation covering the exchange of data between ship and shore. Bureau Veritas is now the only classification society to offer a notation for this specific risk, identified as a key cyber security threat to digital ship data and systems. The experience from projects with shipowners and providers of ship equipment and technology systems has been vital in developing and testing the Bureau Veritas approach. Recent announcements of projects with Bourbon and Kongsberg are examples.

 

Source BV – Click to Read Full Article

Cyber Risks and P&I Insurance

March 9, 2018 CYBER SECURITY

Cyber Risks and P&I Insurance

The maritime industry’s reliance on computers and its increasing interconnectivity within the sector makes it highly vulnerable to cyber incidents.  Cyber poses a threat to all parts of the shipping sector; Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks.How can cyber risks occur in the shipping industry and what is covered under the P&I Rules.

Cyber Risks and P&I Insurance

What are “cyber risks”?

• Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and
technological networks
• All businesses rely heavily upon computer systems to sustain their operations, but these systems are
vulnerable
• Cyber risks comprise risks related to hacker attacks, virus transmission, cyber extortion, network downtime and data security breaches
• A maritime cyber risk can be defined according to the IMO Interim Guidelines on Cyber Risk Management as “the extent to which
a technology asset is threatened by a potential circumstance or event,which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised”

How can cyber risks occur in the
shipping industry?

• Commercial ships are increasingly more dependent upon computers and computer software to operate and control various shipboard systems
• Safe ship operations are reliant on bridge systems such as ECDIS (Electronic Chart Display and Information System),AIS (Automatic Identification System) and GPS (Global Positioning System)
• Main and auxiliary propulsion systems rely increasingly on computers to operate efficiently
• Ship networks are connected to the internet As with computers ashore, shipboard
systems are vulnerable to cyber-attacks
• Hackers can take advantage of vulnerabilities in a network to access servers;this can enable hackers to access,remove and manipulate sensitive data
• Even a simple mobile phone charging process using a USB port in the ECDIS system can cause a virus to render a system inoperable
• If ships’ systems are attacked, the effect could be extremely perilous
• A cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its ability to avoid hazards and in terms of its stability
and cargo operations
• A cyber-attack could lead to collision, personal injury, property damage, pollution or even to a shipwreck.

Are cyber risks excluded from P&I cover?
• No.As a general rule, P&I liabilities – which are set out in Rule 2 of the
UK Club Rules – are not subject to any exclusion of cyber risks
• Nor is the International Group Pooling Agreement subject to a cyber
risk exclusion
• Some maritime cyber risks, however, don’t come within the scope of P&I because they don’t arise from the
operation of a ship.An example is the risk of monetary loss where a shipping company is blackmailed to pay a ransom for the restoration of IT data
or restoration of IT systems that have been compromised by cyber-attack

Icon

Cyber Risks and P&I Insurance

1 file(s) 7.68 MB
Download

Cyber Risks and P&I Insurance

Source UK P&I CLUB click to download full Q&A

Newer Posts

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED