MARITIME CYBER SECURITY Archives - SHIP IP LTD

CyberSecurityShip2-1200x801.jpg
Understanding GPS spoofing in shipping: How to stay protected

Knowing exactly where you’re sailing and where to sail next is the most important part of a vessel’s navigation which can be accomplished by the use of GPS. Yet, what happens when your GPS gets spoofed? GPS spoofing, often leading to GPS outages, causes major disruptions to the shipping industry impacting safe navigation, leading to paralyzed shipping lanes, collisions and untraceable attacks.

The US order, according to Reuters, states that federal agencies should implement a plant to test infrastructure systems within one year, commenting that “disruption or manipulation of these services has the potential to adversely affect the national and economic security of the United States.”

Following the agreement, the US Transportation Department will recommend a backup GPS system or systems by the end of the year, while the testing of 11 technologies in Massachusetts and Virginia will be completed by May.

Moreover, the Commerce Department’s National Institute of Standards and Technology (NIST) estimated in one study that “a hypothetical disruption to GPS could result in $30 day period.

Therefore, it is of great importance to test US’s GPS infrastructure. The Commerce Department is conducting its independent source of precision time available within 180 days to both the public and private sector to assist critical infrastructure owners and operators.

 

 

 

 


CyberWorkbook2019-960x540.jpg

BIMCO And ICS Publish New Cyber Security Guide For Crew On Board.

The digitalisation of maritime operations and the reliance on technology and network connectivity for daily onboard and on shore operations means that shipping is vulnerable to the threat of cyber incidents.

To help crew prepare, both on the bridge and in the engine room, the new “Cyber Security Workbook for On Board Ship Use” includes several checklists of how to protect, detect, respond and recover from a cyber incident, and thereby offers a practical and easy to use guide for the master and the officers.

BIMCO is continuously raising awareness to shipowners on issues such as the cyber threat and helps lead the work by issuing industry guidelines to assist companies in formulating their own approaches to cyber risk management onboard. Based on contributions by BIMCO, IMO recently decided to identify cyber risks as specific threats, which companies should try to address to the same extend as any other risk that may affect the safe operation of a ship and protection of the environment. Guidance on these issues can be found in the Guidelines on Cyber Security Onboard Ships.

To protect multimillion-dollar floating assets, cyber risk should be managed as any other risk that may affect the safe operation of a ship and jeopardize the protection of the environment. The new workbook gives an easy introduction to incorporating cyber security into the ship’s management system.

“Cyber security risk management is not just an IT issue. Managing the complex interactions between technology and humans correctly will be key to avoid a cyber incident, and to recover from them, should an incident happen,” says Aron Frank Sørensen, Head of Maritime Technology and Regulation at BIMCO.

“I see the workbook as a valuable tool that will help officers manage cyber risks while carrying out their daily routines on board,” Sørensen says.
Source: BIMCO

 


CyberSecurityShip2-1200x801.jpg

Maritime Cyber security

The University of Plymouth has created a cyber security research lab that focuses on challenges faced by the shipping industry.

The £3 million ‘Cyber-SHIP‘ lab will complement the university’s existing maritime facilities which includes a simulator dedicated to training professional sailors.

The lab is a transformational step towards developing a national centre for research into maritime cyber security, according to Professor Kevin Jones, the executive dean for science and engineering and principal investigator for the project.

Jones believes that the lab will support a range of research and training that cannot be achieved with simulators alone. These will also facilitate the development and delivery of new maritime cyber provision for graduates, postgraduates, and industry.

“Cyber attacks are a Tier1 National UK threat. But, although the maritime sector is advancing technologically, it is not well protected against cyber or cyber-physical attacks and accidents,” he said.

“Worth trillions, it has an unmatched reach across international waters, which exposes people and goods to a diverse range of factors, putting the shipping industry at high risk. As such, this facility has never been more timely.”

The lab has been developed in partnership with shipping equipment manufacturers, port operators, shipbuilders, classification agencies, and insurance companies. Some of the areas it will look at include the cyber risk of autonomous ships, maritime cyber risk assessment, and the scope and impact of evolving tech on international shipping.

The project, which has been funded by Research England will last for three years with the hope that it will be self-sustaining by then. It aims to bring together a host of connected maritime systems currently found on an actual ship’s bridge. Cyber security experts will then assess these systems for vulnerabilities and identify the technology and skillsets needed to make them more secure.

The lab will feature cutting edge maritime technology including radar equipment, a voyage data recorder, an electronic chart display and information system, an automatic identification system, and communications devices.

 

SOURCE ITPRO


Maritime-Cyber-Blog-SMM-1440x900-1200x750.jpg

Shipmanager Anglo-Eastern has inked a Memorandum of Understanding with Naval Dome for the provision of cyber security research and consultancy services, aimed at ensuring the continued cyber resilience of its fleet of more than 650 vessels.

Naval Dome will carry out an evaluation of the company’s cyber position, perform penetration testing and make recommendations, where necessary, on how systems can be better protected.

“Cyber threats are amongst the most serious challenges the global shipping industry faces and we share Naval Dome’s view that the industry at large must do more to protect itself,” said Capt. Bjorn Hojgaard, CEO of Anglo-Eastern.

“The MoU we have signed aims not only to enhance the level of security across our fleet, but to also encourage system providers to retrofit systems installed aboard the global fleet with more advanced cyber protection.”

As part of the agreement, Anglo-Eastern will also engage Naval Dome to collaborate with equipment manufacturers and technology service providers and push them to incorporate more effective security systems into shipboard equipment.

“We are delighted to sign this cooperation agreement with Anglo-Eastern,” said Naval Dome CEO Itai Sela.

“All ships must operate with equipment capable of preventing the most sophisticated of attacks from penetrating critical systems. As such, we believe that all players – ship owners, ship managers, offshore operators, and OEMS – need to collaborate more on how best to cost-effectively eradicate the problem once and for all. We hope equipment suppliers will step up to the challenge.”


IMO cyber crime.

The International Maritime Organization (IMO) is readying for the advent of automation in the shipping industry, with a major scoping exercise to safeguard against future disasters, including oil spills and collisions.

Speaking at the regional Spillcon event held in Perth, Australia, in May, Patricia Charlebois, deputy director, Implementation Marine Environment Division, stressed the oil spill response community would need to consider new risk scenarios.

Charlebois told SAS that the IMO had a key strategic direction to integrate new and advancing technologies into its regulatory framework.

“Of course, cyber-risk management is very important as more and more systems become automated,” she said. “Whether you’re talking about an oil tanker or a different kind of ship, cyber-risk management should [play] a part .”

The IMO is now looking at how existing regulations might apply to ships with varying degrees of automation through a regulatory scoping exercise on Maritime Autonomous Surface Ships (MASS).

The IMO’s Maritime Safety Committee (MSC) agreed to examine how safe, secure, and environmentally sound operation of MASS could be introduced in IMO regulations in 2017 after a proposal by member states.

The scoping exercise includes a review of safety and maritime security (SOLAS); collision regulations (COLREG); loading and stability (Load Lines); training of seafarers and fishers (STCW, STCW-F) search and rescue (SAR); tonnage measurement (Tonnage Convention), and convention for safe containers (CSC).

IMO guidelines on maritime cyber-risk management set out procedures on how to safeguard shipping from current and emerging threats and vulnerabilities.

The guidelines, which cover digitisation, integration, and automation of processes and systems in shipping, identify bridge systems, propulsion and machinery management, power control, and communication systems among the most vulnerable to cyber attack.

The IMO aims to complete the scoping exercise by 2020. Meanwhile interim guidelines for MASS trials were approved in June.

IMO cyber crime

SOURCE


Rotor-Sails-installation-final-800x600.jpg

Three cornerstones for effective Maritime cyber security

Maritime’s fragmented approach to digitalisation carries risk, especially when it comes to cyber security.

Speaking recently at Lloyd’s Register Asia Shipowners’ Forum, Wallem Group chief executive Frank Coles highlighted how operators can fail to update critical processes when embracing new onboard technologies. By overlooking the human elements of cyber security, he said, operators can undermine the potential benefits of acquiring a new technology – introducing risk instead capitalising on the rewards it can offer.

While cyber security risks posed to the shipping sector are real and pressing, they can be quantified and managed, if the right approach is taken.

Safeguarding critical assets in a fragmented digitalisation process and ensuring profitability in the years to come depends on three cornerstones:

Cornerstone 1: threat-intelligence assessment 

Maritime cyber security .

The cyber security landscape is rapidly changing and the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances made by security professionals and technical defenders. Regular threat intelligence and assessment activities allow an owner to view their organisation through the eyes of a potential attacker, to perceive their attack surface in detail, and to assess the real-world threats to their business.

Cornerstone 2: Crisis-management cyber attack simulation

With knowledge of the attack surface and adversaries already in hand, owners can take steps to safely, effectively and efficiently ensure they are prepared to respond to a cyber attack by using a simulated cyber attack known as a ‘red team’ exercise. Such exercises allow a company to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor. They also help determine the level of assurance and ability needed to effectively detect and respond to a genuine cyber attack and educate defence teams about effective responses within a controlled and forgiving environment.

Cornerstone 3: Define a cyber security strategy

An effective cyber security strategy completes the foundation of a secure technological and organisational infrastructure. Designing a cyber security strategy is a complex task for most firms as the strategy must be robust and responsive enough to address a dynamic operational environment. Security professionals can work to create a cyber security strategy to create operational efficiencies, maximum return on technology investments, and assured data and asset protection into the future.

Given the cost and reputational risks associated with a cyber attack – estimated at £11.7M (US$15.4M) per company according to a World Economic Forum 2017 study – there is no doubting the importance of taking a strategic approach to cyber security.

Ultimately, a truly cyber resilient shipping organisation is one that gains intelligence on evolving cyber threats to inform decisions and plans, going beyond the minimums needed to achieve compliance.

SOURCE https://www.marinemec.com


The Maritime Safety Committee (MSC) is meeting for its 101st session, with a busy agenda encompassing maritime autonomous surface ships, polar shipping, goal-based standards and other agenda items. A number of draft amendments will be adopted, including amendments to mandatory Codes covering the carriage of potentially hazardous cargoes:

the MSC is set to adopt the draft consolidated edition of the International Maritime Solid Bulk Cargoes Code (IMSBC Code), and a comprehensive set of draft amendments to the International Code for the Construction and Equipment of Ships Carrying Dangerous Chemicals in Bulk (IBC Code).The MSC will be updated on the regulatory scoping exercise on maritime autonomous surface ships, taking into account different levels of autonomy.

 

On polar shipping, the MSC is expected to approve draft guidance for navigation and communication equipment intended for use on ships operating in polar waters and further consider how to move forward with developing requirements for ships operating in polar waters but not currently covered by the Polar Code.

A new agenda item will look at fuel oil safety. A range of guidance and guidelines will be approved, including those related to standardization and performance standards for navigational equipment, linked to the development of e-navigation.

The MSC was opened by IMO Secretary-General Kitack Lim and is being chaired by Mr. Brad Groves (Australia).

Source: IMO


Korean Register (KR) has granted its first cyber security type-approval certificate to a new smart shipping integrated communication system.

The cyber security type-approval certificate has been awarded to Hyundai Electrics for its Hyundai Integrated Smart Communication System (Hyundai-ISCS), aimed at providing comprehensive cyber security protection for next-generation vessels.

KR’s cyber security type-approval is based on international standards such as IEC 62443 4-2 and IEC 61162-460. Under the certification, technical, security and audit functions are inspected and assessed for confidentiality, integrity and availability, while backup and recovery functions are also inspected and analysed to assess their response strength in the wake of a cyber incident.

 

KR executive vice president Hyung-chul Lee said “This is the very first cyber security type-approval certificate to be issued anywhere in the world, but it reflects the speed of development in this sector and rising level of risk to on board systems from cyber attack.”

Hyundai-ISCS was developed jointly by Hyundai Electric and Hyundai Heavy Industries. It provides a range of information on vessels and acts as an interface between more than 20 types of equipment including safety systems and sensors, combining to enhance a vessel’s smart abilities.

The certificate was formally presented to Hyundai by KR in a ceremony at Nor-Shipping 2019 in Oslo, Norway, on 5 June.

It was also announced on 5 June that Hyundai Global Service (HGS) and Inmarsat have signed a business co-operation agreement aimed at facilitating digitalisation for owners and managers of vessels. The agreement will enable co-operation including using Inmarsat’s Fleex Xpress dedicated bandwidth services to support HGS’ digital services for shipowners.

The agreement was announced following trials on three vessels over a three-month period, testing sensor-driven applications measuring voyage and equipment operating data including fuel consumption and vibration monitoring, plus HGS analytics and reporting services.

 

SOURCE


IMO2020 Related Claims Starting to Appear: Marine Insurer

Protection and indemnity club Gard has said it is beginning to deal with claims related to the International Maritime Organisation (IMO) 0.5% sulfur cap.

Although cap is still some months away, the club has said it has around 100 claims on its books that are linked to the sulfur rule change in bunker fuel.

The nature of disputes vary, according to the club’s chief executive Thore Roppestad, but include disputes between owners, charterers and bunker suppliers.

“We also have a couple of claims related to machinery damages due to the quality of fuel which is not compliant to the engines and we also have loss of hire incidents, which we will have more of due to scrubber malfunction and other issues”, the executive was quoted as saying by maritime news provider Lloyd’s List.
Machinery damages may start small but can end up big by becoming groundings or major accidents, he added.

Roppestad was participating in an industry panel event in Oslo. P&I clubs cover third party risks in shipping. Engine-related issues are covered by hull and machinery insurance.

Source: Ship & Bunker


CMA CGM and MSC to Join Maersk’s Maritime Blockchain Platform

CMA CGM and MSC Mediterranean Shipping Company (MSC) have announced they will join TradeLens, a blockchain-enabled digital shipping platform, jointly developed by A.P. Moller – Maersk and IBM.

TradeLens enables participants to connect, share information and collaborate across the shipping supply chain. The attributes of blockchain technology are ideally suited to large networks of disparate partners, says Maersk. Blockchain establishes a shared, immutable record of all the transactions that take place within a network and enables permissioned parties access to trusted data in real time.

The platform now has over 100 participants. The addition of CMA CGM and MSC will result in data for nearly half of the world’s ocean container cargo being available on TradeLens. The companies will promote TradeLens and create complementary services on top of the platform for their customers and partners.

TradeLens is already processing over 10 million discrete shipping events and thousands of documents each week for shippers, carriers, freight forwarders, customs officials, port authorities, inland transportation providers and others.

CMA CGM and MSC will operate a blockchain node, participate in consensus to validate transactions, host data, and assume the critical role of acting as Trust Anchors, or validators, for the network. The companies will be on the TradeLens Advisory Board which will include members across the supply chain to advise on standards for neutrality and openness.

“Digitization is a cornerstone of the CMA CGM Group’s strategy to provide an end-to-end offer tailored to our customers’ needs. We believe that TradeLens, with its commitment to open standards and open governance, is a key platform to help usher in this digital transformation,” said Rajesh Krishnamurthy, Executive Vice President, IT & Transformations, CMA CGM Group. “TradeLens’ network is already showing that participants from across the supply chain ecosystem can derive significant value.”

The TradeLens platform has enormous potential to spur the industry to digitize the supply chain and build collaboration around common standards, said André Simha, Chief Digital & Information Officer, MSC. “We think that the TradeLens Advisory Board, as well as standards bodies such as the Digital Container Shipping Association, will help accelerate that effort.”


Twitter

@AnyawbSales - 5 months

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 1 year

SQEXpress maritime electronic sms forms platform just released

Photo Gallery

https://www.instagram.com/p/BatcssbnSgk/https://www.instagram.com/p/BJzdwtGgh4v/https://www.instagram.com/p/BGO4t61PyVg/https://www.instagram.com/p/BGG80Upvyfs/https://www.instagram.com/p/BGG8nnCvyfX/https://www.instagram.com/p/BGG8XW4vye2/https://www.instagram.com/p/BGG8QKPPyen/