CYBER SECURITY Archives - Page 8 of 8 - SHIP IP LTD

Maritime External  Cyber Security Audit AS PER TMSA 3 REQUIREMENT

February 18, 2018 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime External  Cyber Security Audit

[wp_cart_button name=”MCSM-CYBER SECURITY MANUAL” price=”1500″]

[show_wp_shopping_cart]

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

SHIP IP LTD via our Network of local engineers can attend your vessels and complete an External  Cyber Security Audit that includes and not limited to :

  •  Policies and Procedures
  • Cyber security risk management
  • Training and awareness
  • Physical security and access control
  • Network security
  • Vulnerability scan of your onboard network

Why you should ask for an External Cyber Security Audit ? 

Answer is straight forward and that because both TMSA and RightShip have already include it as a requirement to their latest revisions which you can read below 

Where are our specialist located ?

Singapore and Greece.

We can cover ASIA and EUROPE via our engineers.

How much it costs ?

That it depends the port and country we visit but for example in Singapore can be as low as USD 1500 all included !

Time Required to complete the Audit ?

Under normal circumstances our Singapore Team will complete the Audit same day . Boarding Team consists of our Captain Thum and our Local IT Engineer .

We have post below relevant Requirements : 

TMSA 3 – ELEMENT 13

STAGE 2

2.4 The company actively promotes cyber security awareness.

Effective means are used to encourage responsible behaviour by shore-based personnel, vessel personnel and third parties.

Such behaviour may include:

• Locking of unattended work stations.
• Safeguarding of passwords.
• No use of unauthorised software.
• Responsible use of social media.
• Control/prevention of misuse of portable storage and memory sticks.

 

STAGE 4

4.2 Independent specialist support is used to mitigate identified security threats.

Any contracts for specialist support both onboard and ashore, are supported by a comprehensive scope of work.

 

4.5 The company is involved in the testing and implementation of innovative security technology and systems.

This may include:

• Physical measures to improve security.
• Software enhancements to IT systems.

RIGHTSHIP

Inspection and Assessment Report For Dry Cargo Ships

4.7 Cybersecurity
4.7.1 Does the vessel and/or company have documented software/firmware and
hardware maintenance procedures ………………………………………………………….?
4.7.1.1 Are service reports available ………………………………………………………..?
4.7.2 Does the vessel and/or company have any cyber security procedures…………..?
4.7.2.1 Has a Risk Assessment for Cyber attack been completed. ……………….?
4.7.2.2 Is a Cyber attack Response Plan available …………………………………….?
4.7.3 Does the vessel and/or company provide any cyber security training ………..

 

| T: ( +30) 211 850 1121
| e: sales@shipip.com
| w: http://localhost/shipip
| Skype : anyawb1

SINCE 2013

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry

November 1, 2017 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry!

To wrap up this year’s National Cybersecurity Awareness Month series, Lt. Cmdr. Brandon Link with the Office of Port & Facility Compliance poses five key questions maritime professionals can consider when deciding how to manage risks to cyber systems.

 

Cyber systems are prevalent in our daily lives. We face an ever-increasing amount of cyber influence in how we live, work, and operate. The Marine Transportation System (MTS) uses cyber systems in all aspects of operations. With the convenience and improved performance offered by technology come continually-evolving questions and challenges. Cyber threats are real and pose considerable risks requiring attention and action at all organizational levels.

Below are five key cyber questions and challenges facing the maritime industry and how you can begin assessing and reducing risk:

1. How much should I invest in cybersecurity and cyber risk management? The answer varies from organization to organization. Cybersecurity should be viewed as an investment, not a cost. You are in the best position to evaluate your company’s cyber footprint to determine where risks are highest. The National Institute of Standards and Technology (NIST) Cybersecurity Framework and Coast Guard/NIST Cybersecurity Profiles are a few resources available. The Coast Guard continues to work on further guidance to assist in cyber risk management efforts, including the upcoming Navigation and Vessel Inspection Circular (NVIC) 05-17, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act Regulated Facilities.

2. We have a closed system with an air gap between our network and outside influences. Am I still at risk? Does the system have access control/authentication procedures to prohibit unknown or unauthorized access? Can an equipment vendor access that system remotely, even for seemingly harmless activities such as program updates? Can the system be accessed in person, connecting via laptop or other equipment, introducing an avenue for malicious access? To answer these questions, it is important to know and understand the landscape of, and access to your cyber systems.

3. What are the greatest threats to my cyber systems? A direct cyber attack can come from a malicious actor, either internal or external. Cyber threats can also arise from accidental corruption, like an employee unknowingly connecting a corrupted device (smart phone, “thumb” drive) to a USB port. Risks can increase due to improper system configurations or failure to stay current on software updates. Having policies in place to account for these issues, and ensuring employee awareness, can greatly reduce risks.

4. I think our organization is the victim of a cyber attack or incident. Who can I notify? The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center serving as the national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement. A cyber incident that does not impact physical security or include a pollution event can be reported to the NCCIC at 1-888-282-0870, who will then forward the report to the National Response Center (NRC), meeting the reporting requirements in 33 CFR 101.305, if made aware that you are calling as a Coast Guard-regulated facility. Reports of suspicious activity or a breach of security, and incidents affecting physical security or including a pollution event should be reported to the NRC at 1-800-424-8802.

5. We need to address cyber risks in our organization, where do we begin? There is no single solution that will work the same for every company, but there are steps that will help get you on the path toward an improved cyber posture:

  • Increase cybersecurity training and awareness at all levels of your organization.
  • Understand and educate the workforce on the difference between Information Technology (IT), the storing, retrieving, transmitting, and manipulating of data, and Operational Technology (OT), the hardware and software that detects or causes changes in processes through monitoring or control of physical devices (the “Internet of Things”).
  • Establish positions, teams, or workgroups that are cyber threat-focused. Integrate your IT workforce’s corporate knowledge of systems with the OT workforce and others who possess expertise in your company’s operations.
  • Conduct an assessment to see where cyber threats exist, and identify ways to mitigate those risks. Incorporate cyber risk management into existing policies and procedures, including the Facility Security Plan. Conduct exercises that test your organization’s cyber threat resilience.
  • Identify your local Area Maritime Security Committee, particularly those with a dedicated cybersecurity subcommittee, or other opportunities that allows for the sharing of knowledge and experience. What affects your organization could affect others, so information sharing is crucial to combating threats.

 

Managing cyber risks will continue to be an ongoing effort requiring time and attention. The most significant threats and highest priorities may not remain the same from month-to-month or even week-to-week, so staying informed could mean the difference between a strong cyber posture or becoming victim to a cyber incident or breach.

Source :

10/30/2017: Nat’l Cybersecurity Awareness Month – Five key cyber questions and challenges facing the maritime industry

SHIP IP LTD – BadRabbit Ransomware 24 OCT 2017

October 25, 2017 BIMCOCONSULTANCYCYBER SECURITY

 

BadRabbit Ransomware !

A new cyber attack is affecting computer systems around Europe.

BadRabbit Ransomware

A strain of ransomware known as “Bad Rabbit” is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

Once a computer is infected, victims are sent to a page on the Tor browser that demands .05 Bitcoins (about $275) within around 41 hours, in exchange for the decryption of the data and access to the machine. If time expires, the ransom increases.

As always, anyone infected is discouraged from paying the ransom. For one, there’s no guarantee you’ll get the data back but importantly, refusing to pay the ransom discourages future ransomware attacks.

Although BadRabbit shows similarities to Petya, it’s still unclear who is behind the recent attack. The original Petya took down a number of government agencies and businesses earlier this year, mostly in Ukraine. Russia is a viable suspect for Petya, but all evidence tying the malware with any nation state has been circumstantial.

You can readmore about BadRabbit Ransomware :

http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/

https://www.theverge.com/2017/10/24/16539054/ransomware-badrabbit-eastern-europe-russia-ukraine

http://money.cnn.com/2017/10/24/technology/bad-rabbit-ransomware-attack/index.html

 

IMO GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

July 20, 2017 BIMCOCONSULTANCYCYBER SECURITYIMO

IMO GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

 

IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety !

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

One of the discussions that took place at the IMO Maritime Safety Committee’s 98th session (MSC 98) in June was whether the IMO’s newly approved guidelines on maritime cyber risk management should be incorporated into the International Safety Management Code (ISM), the international standard for safe ship operations.

While such a directive was not formally adopted, what was adopted was a resolution affirming that approved safety management systems (SMS) should take cyber risk management into account in accordance with the requirements of the ISM.

The resolution encouraged flag administrations to ensure that cyber risks are addressed in SMS no later than the first annual verification of the company’s document of compliance after 1 January 2021.

SHIP IP LTD – Can assist your company to ensure compliance with Cyber Security requirement  as we can offer FULL support to your company like :

  • Maritime Cyber Security Manual with only EUROS 500 ( pls click here to read more… )
  • Consultancy to complete with TMSA 3 – Element 13 Maritime Security
  • ask for more …

 

SHIP IP LTD – SHIPPING VIRTUAL SERVICES !

Error: Contact form not found.

Maritime Cyber Security Manual in Compliance with BIMCO – USCG

July 1, 2017 BIMCOCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

MARITIME CYBER SECURITY MANUAL – EURO 399 Only !

Following the latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins, and TMSA 3 – Element 13, we have developed a generic MARITIME Cyber Security Manual that can be used by all shipping companies as a best practice.

SHIP IP LTD has developed a Maritime Cyber Security Manual to provide a risk management solution for shipping companies and their vessels against various cyber incidents.

Cyber incidents can have negative effects on a company’s reputation or even lead to economic consequences when delays occur in the services provided by their vessels.

It is needless to point out that Cyber Security is now part of TMSA 3 – Element 13, and all companies operating tankers should immediately consider developing or including this in their existing Safety Management System, procedures, contingency plans (for both offices and vessels), and defining hazards, threats, and risks related to cyber incidents.

Our manual, available in Word format, contains the following content.

With minor adjustments, it will fit your company’s setup and cover all regulations and international requirements:

  • Definitions
  • Understanding the cyber threat
  • Assessing the risk
  • Determining vulnerability
  • Risk assessment (Bridge equipment, Comms, Propulsion, Cargo Systems, Welfare Systems, etc.)
  • Reducing the risk
  • Technical cyber security controls
  • Procedural controls
  • Defence in depth
  • Cyber Security Policy
  • Office & Vessel contingency plans
  • Investigating cyber incidents (forms and procedures)
  • Response plan
  • Recovery plan

Additionally, we will provide you free of charge in Word format a travel policy as required.as required by TMSA 3 Stage :
3.1 A travel policy is in place to minimize security threats to personnel.

 

In case you like more details or even you would like to order our manual, please submit contact form below and we will get in touch with you soon.

    Please prove you are human by selecting the star.

    You can now purchase our manual and pay via Paypal or any major credit card, please click button below to redirect to the relevant page, as soon as you complete payment we will send you secure link to download it :

     

     

     

    MARITIME CYBER SECURITY ONBOARD SHIPS

    February 1, 2016 BIMCOCONSULTANCYCYBER SECURITYINTERTANKO

    MARITIME CYBER SECURITY

    As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web.
    This brings the greater risk of unauthorized access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems on board, for example by introducing malware via removable media.
    Relevant personnel should have training in identifying the typical modus operand of cyber attacks.
    The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organizations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies develop resilient approaches to cyber security onboard ships.
    Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations. The Guidelines provide a risk-based approach to identifying and responding to cyber threats.

     

    Guidelines_on_cyber_security_onboard_ships_version_1-0

    MARITIME CYBER SECURITY

    The threat of cyber space is building up rapidly with the potential of posing even bigger risks, also for the crews. The maritime industry seems to be rather unaware and unprepared!

    Newer Posts

    News

    Quick Menu

    Company DETAILS

    SHIP IP LTD
    VAT:BG 202572176
    Rakovski STR.145
    Sofia,
    Bulgaria
    Phone ( +359) 24929284
    E-mail: sales(at)shipip.com

    ISO 9001:2015 CERTIFIED