MARITIME CYBER SECURITY Archives - Page 10 of 40 - SHIP IP LTD

The programme consists of integrated workshops and tailored support aimed at helping IMO Member States to develop National Maritime Security Committees, Risk Registers and Strategies.

Peter Adams, IMO Special Advisor to the Secretary-General on maritime security, explains: “At IMO, we believe that an inclusive approach that draws key stakeholders together is most likely to yield meaningful results. Therefore, the programme aims to create a cross-government committee that can be aided by the Risk Register to objectively identify security gaps and prioritize where to steer future policy development, funding and capacity building efforts. It also leads to the development of a National Maritime Security Strategy that provide the strategic objectives, which explain how the Member State will secure its maritime domain for the foreseeable future. We hope to replicate the IMO Whole of Government Approach to Maritime Security in other regions in the future.”

The programme has been carefully designed based on IMO’s global maritime security experience, including assisting countries to implement IMO’s maritime security measures, such as the International Ship and Port Facility Security (ISPS) Code. The programme provides a practical framework to underpin effective national maritime security decision making and governance, tailored to the specific needs of the respective Member State. Each element can be delivered either as a stand-alone unit or as an integrated programme. Depending upon the option(s) chosen, the programme timeline can range from three to eighteen months.

Subject to available funding, IMO will work with the member state to provide the framework, expert workshops and consultancy support. IMO will be supporting Nigeria in the development of its National Maritime Security Strategy, with the project due to be launched towards the end of 2021 and completed within an 18month period.

Safer waters in West Africa

During a recent visit (22 October) to IMO Headquarters by representatives from the Nigerian Maritime Administration and Safety Agency (NIMASA), IMO Secretary-General Kitack Lim was given an update on maritime security in Nigerian waters. Dr. Bashir Jamoh, NIMASA Director General quoted data from the IMB reports, which demonstrate a downward trend, with a 40% reduction of piracy and armed robbery related incidents across the Gulf of Guinea. He stated that there were 28 incidents reported in the first three quarters of this year, compared to 46 in 2020. Nigeria accounted for four of these incidents, a 77% reduction from the 17 incidents in the same period in 2020. Unlike last year, when most incidents took place outside territorial waters, almost all incidents mentioned above occurred in anchorages, ports and harbours.

Dr. Jamoh attributed the significant reduction in maritime security incidents in Nigeria to deterrence, through increased maritime law enforcement presence in the estuary regions, and to enhanced intelligence and engagement with the people of the Niger Delta. He also outlined a plan to enhance security in internal waters, given recent incidents in those areas.

Emphasizing the value of IMO support for regional initiatives, the NIMASA Director General stated that the safety agency will shortly be completing work on its enhanced Regional Maritime Training centre in Lagos, which is expected to serve as a hub for regional Search and Rescue (SAR) and security training. This is expected to build on ongoing regional cooperation with the Maritime Organization for West and Central Africa (MOWCA) and the Joint Industry Group (Nigeria and international maritime industry associations). Dr. Jamoh also highlighted the efforts put in to enhance the region’s legal framework with adoption of legislation providing for enforcement and sanctions for offences against maritime security, including piracy.

NIMASA has been working to address socio-economic factors that contribute to piracy and maritime security issues, such as unemployment, poverty, lack of education opportunities, etc. There has been a positive impact from an ongoing maritime education programme to provide alternate employment opportunities and scholarships for youth in the affected areas. By training these individuals as future seafarers, fishers, maritime personnel and marine litter marshals, the programme creates economic opportunities as well as addresses the maritime skills gap.

Source: channel16.dryadglobal

The Nigerian Maritime Administration and Safety Agency (NIMASA) has introduced new measures to check security threats in the Nigerian maritime domain and deter persons who may seek illegal means of entry into the country as stowaways.

Under the new procedures, all Ship Captains are to submit the Security-Related Pre-Arrival Information forms to the Agency no later than 48 hours before the ship’s arrival at any Nigerian port.

Ship Captains are also required to exchange the Declaration of Security, with the Port Facility Security Officer of their next port of call not later than 72 hours before the ship’s arrival at that port for conveyance to NIMASA within 48 hours. Additionally, all ships are to maintain 24 hours vigilance and surveillance to detect strange movements, including small boats and skiffs that may not be captured by radar.

Other measures include proper pre-departure search and completion of pre-departure forms before departure from any port; switching on Automatic Identification Systems; close monitoring of communication channels; and response to any VHF call from the Nigerian Navy or the Regional Maritime Rescue Coordination Centre.

Director General of NIMASA, Dr. Bashir Jamoh, said that the measures are consistent with the strategy of trying to keep one step ahead of the pirates, armed robbers, and anyone or anything that poses a danger to the country’s maritime domain and Nigeria, in general.

“The procedures are easy to follow and deliberate steps have been taken to make the reporting process seamless, all for the good of the ship operators and the international shipping community.″

Jamoh also appealed for standardization of the legal frameworks of countries in the Gulf of Guinea to aid effective prosecution of maritime crimes. He acknowledged that some efforts are being made to standardize regional maritime law enforcement, with some countries are already enacting their own antipiracy laws.

“We encourage countries within the region, which do not have distinct antipiracy laws, to try to enact such laws. It is in the interest of every country in the Gulf of Guinea to consciously work to remove obstacles to the prosecution of piracy and sea robbery suspects,” Jamoh said. “Shipping is an international business, and crimes associated with it are equally international in nature. Now, how do you try a suspect in a country where our SPOMO [Suppression of Piracy and Other Maritime Offenses] Act cannot be applied?

“No country can fight maritime insecurity alone. It is a collective responsibility. There is hardly any nation that does not have commercial interest in the Gulf of Guinea.So we must work to ensure uniformity of legal frameworks in the region to facilitate effective prosecution of maritime crimes.”

Source: hstoday

Maersk, MSC, IMO — there is no shortage of maritime security incidents and cyber attacks. As hackers become even more sophisticated in their tactics, it’s inevitable that maritime cyber attacks against OT on ships are becoming the norm rather than the exception. The stats speak for themselves:

Of respondents, 77% view maritime cyber-attacks as a high or medium risk to their organizations, yet only 64% said their organization has a business continuity plan in place to follow in the event of a cyber security incident. Only 24% claimed their security incidents plan was tested every three months, and only 15% said that it was tested every six to 12 months. Only 2 of 5 respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”

It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats and attacks. Maritime security intelligence begins with a comprehensive understanding of the risks faced. Today’s maritime security incidents and cyber attacks will only grow with continued digitalization and future technological advances.

In this eBook, we will help you navigate the ins and outs of maritime cybersecurity, review security incidents and maritime cyber attacks, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.

Source: missionsecure

The certificate was delivered to the vice president of SHI, Hyun Joe Kim, by the chief country executive of BV Korea, Christophe Capitant, during a ceremony at SHI R&D Centre in Daejeon, Republic of Korea.

As informed, the AiP was delivered for SHI’s “SVESSEL” smart ship solution, which focuses on the complete digitalisation of the ship and its applications to efficiently and safely assist operations.

BV’s Cyber Managed Prepared notation confirms the design’s compliance with the industry’s best practices and the International Maritime Organisation (IMO) 2021 requirements in terms of cyber security, the certification body explained.

According to SHI, the company is confident that the “SVESSEL” solution will strengthen its success and position in the marine and offshore market, which is moving towards autonomous ships in the future.

“Strong cyber security is key to enable shipping to move on to the next level of digitalized and connected ships. For years, SHI has been at the forefront of innovative design and equipment, helping our clients address the risk of cyber-attacks while complying with the current rules and regulations. All the efforts and good collaboration with BV’s expertise led to the issuance of this Approval in Principle”, Hyun Joe Kim, vice president of SHI, said.

Laurent Leblanc, senior vice president Technical & Operations at BV Marine & Offshore, added: “Bureau Veritas is proud to see the successful completion of this AiP with SHI upon the development of this design of an LNG carrier with BV Cyber Managed Prepared notation. This announcement demonstrates it is a viable solution that will support the journey towards smart and autonomous ship technology and cyber security. We are also excited to see this cooperation pave the way for further successes for both SHI and BV in the development of technologies for smart and autonomous shipping and cyber security”.

Earlier this year, SHI signed an agreement with its compatriot Dae Sun Shipbuilding & Engineering to foster technology exchange in the field of smart and eco-friendly ships and share its smart ship system.

Source: offshore-energy.

French certification company Bureau Veritas has granted approval in principle (AiP) to a liquefied natural gas (LNG) carrier design from South Korea-based shipbuilding company Samsung Heavy Industries (SHI).

The design won AiP under Bureau Veritas’ Cyber Managed Prepared Notation, which confirms that the design aligns with the International Maritime Organization’s (IMO) 2021 norms for cyber security as well as the industry’s best practices.

SHI secured the AiP for its SVESSEL smart ship solution, making it the first shipbuilder to receive such approval.

The company’s solution supports comprehensive digitalisation of the vessel, along with its applications, to provide secure operations.

SHI vice-president Hyun Joe Kim said: “Strong cyber security is key to enable shipping to move on to the next level of digitalised and connected ships. For years, SHI has been at the forefront of innovative design and equipment, helping our clients address the risk of cyber-attacks while complying with the current rules and regulations.

“All the efforts and good collaboration with Bureau Veritas’ expertise led to the issuance of this AiP.”

Bureau Veritas marine and offshore technical and operations senior vice-president Laurent Leblanc said: “Bureau Veritas is proud to see the successful completion of this AiP with SHI upon the development of this design of an LNG carrier with Bureau Veritas Cyber Managed Prepared Notation. This announcement demonstrates it is a viable solution that will support the journey towards smart and autonomous ship technology and cyber security.”

At present, several SHI-built vessels feature SHI’s Cyber Security technology.

Source: ship-technology

As more of our lives move online, experts are warning people and businesses to be extra careful about data breaches, particularly as there is an uptick in cyber attacks with more people working from home.

October is Cyber Security Awareness Month.

“We’re seeing different types of cyber attacks, especially with work from home initiatives,” said Tillman Hodgson, president of the Kelowna-based data security firm SeekingFire Consulting.

“Even businesses that had robust security frameworks in place maybe didn’t take into account most of the workforce being at home,” he said.

Hodgson recommends keeping devices updated with the latest security patches and using unique accounts and passwords.

soruce:globalnews

As much of our lives go online, experts warn people and businesses to pay particular attention to data breaches. In particular, the number of cyber attacks that increase the number of people working at home is increasing.

October is Cyber ​​Security Awareness Month.

Tillman Hodgson, president of Kelowna-based data security company Seeking Fire Consulting, said:

“Even companies that have implemented robust security frameworks may not have taken into account most of their home-based employees,” he said.

Hodgson recommends keeping your device up-to-date with the latest security patches and using unique accounts and passwords.

According to a recent BC Chamber of Commerce survey, more than 60% of companies have experienced cyber breaches, but only three-quarters have reported them.

“When we think of cyber breaches, the typical impact we see is the impact on business productions that have been knocked out for some time,” he said.

“But there is also an impact on reputation, so there is an incentive to do things internally,” Hodgson said. “But in the long run, it really affects everyone.”

Hodgson suggested that businesses should spend about 4% of their revenue on security and privacy initiatives.

He said companies need to scrutinize how employees share data and make sure the data is safe.

Soruce:eminetracanada

Establishing public-private partnerships to support information sharing in defense of critical infrastructure and homeland security has been a challenge for over 20 years. We have enacted policy, created incentives, attempted to build bridges, and more to bring government and industry together to close the gaps in our national defense strategy. However, as recent attacks against our critical infrastructure have shown, we have not been successful.

Attempts to overcome public-private information silos have been reinvigorated by CISA’s establishment of the Joint Cyber Defense Collaborative (JCDC). The newly formed collaborative represents an unprecedented — and, as yet, untested — partnership between a variety of government agencies (including the Department of Homeland Security, Department of Defense, U.S. Cyber Command, and others) and private-sector partners (including Microsoft, Google, and Amazon). The JCDC has been tasked with “coordinating cyber defense capabilities to ensure a whole-of-nation approach to securing critical infrastructure and defending national interests,”^[1] aligning both commercial and government interests and marshaling the respective resources of both to defend against increasingly sophisticated cyber attacks against critical infrastructure.

The JCDC is a promising step toward building an effective coalition, but it is a futile exercise if it builds partnerships according to the same information sharing model that previously failed to deliver the kind of public-private collaboration needed to effectively anticipate and respond to attacks against critical infrastructure.

Consider the current hub-and-spoke model of information sharing. In this model, information is passed from discrete organizations (spokes) to a central hub, which analyzes, enriches, and anonymizes data as needed before sharing that data with other spokes. There are benefits to this model, but it also has significant limitations. First, it imposes a one-size-fits-all information sharing protocol on sharing communities with unique needs, resulting in uneven participation. It also slows down incident response time, as information must first pass through the hub before being shared outward with other spokes.

Most importantly, private sector entities have been hesitant of the federal government asking for — or in some instances, demanding — their data. Private sector entities are often unwilling to share information about vulnerabilities or cyber incidents because they don’t have confidence that their information will be properly protected. Should such data be breached, companies run the risk of negative publicity, compromised reputation, regulatory penalties, the loss of trade secrets, and — consequently — falling stock prices and lost revenue.^[2] In short, the private sector has many reasons to see information sharing with the federal government as counter to its best interests.

Historically, the government has resisted mandating threat-information sharing between public and private sectors, attempting instead to alleviate the private sector’s concerns and incentivize the voluntary sharing of information.^[3] However, legislation currently being advanced on Capitol Hill requires the private sector to swiftly report hacks to CISA, with noncompliant companies facing subpoena or even potential penalties if they fail to do so within the mandatory reporting timeframe. In forcing companies to “report hacks or else,” CISA would compromise the public-private information-sharing partnerships currently being cultivated through the JCDC, leaving us right back where we started.

Director Jen Easterly has been clear that CISA is not and should not become a regulatory or enforcement agency and that its goal is to act as a trusted partner.^[4] However, even if it does not compel information sharing, in establishing itself as a central hub and prioritizing receiving threat information from the public sector, CISA runs the risk of developing asymmetrical partnerships plagued with all the old challenges.

Instead, CISA should work to establish partnerships according to a point-to-point distributed model in which information is shared freely among both private and public stakeholders in the national cyber defense mission. In the point-to-point distributed model, no single organization controls the inflow and outflow of threat information, and vertical partnerships between public sector entities and CISA are deprioritized in favor of horizontal partnerships among critical infrastructure owners and operators, government agencies (including CISA), and other cybersecurity partners. As a result, information can be shared at an operational tempo and according to an individual community’s specific needs rather than the needs of the hub.

The point-to-point distributed model more closely reflects how communities already work together — independently of the federal government — to protect their own infrastructure and resources. As such, supporting a point-to-point model is a more efficient use of both regional and federal resources than compelling communities to adopt new sharing practices and standards. In fact, many of CISA’s current resource investments already support a point-to-point distributed model.

Specifically, in recent months the agency has focused on recruiting industry leaders into cybersecurity advisor positions tasked with bringing together regional critical infrastructure owner/operators with federal, state, local, and other stakeholders. CISA has wisely focused on recruiting advisors who are already embedded within their assigned region and who, as a result, already have longstanding community ties. Unsurprisingly, many of these advisors are former National Guardsmen, who have been engaging and defending their communities from cyber attack while simultaneously working within the private sector. As such, the National Guard serves as an excellent example of the kind of community collaboration that already exists and that can be resourced by CISA via a point-to-point distributed model.

That said, the most immediate and useful resource CISA has to offer is the wealth of unclassified information that it currently owns. Offering this information to its private-sector partners without compelling information sharing in return would better enable CISA’s regional cybersecurity advisors to build stakeholder relationships on a foundation of trust rather than policy. It would also position CISA as a participant within a broader community of sharing communities rather than as a regulator of a governmental information sharing process. In short, the hub-and-spoke model may empower CISA, but a new distributed model can better empower the national defense effort as a whole.

As a country, we have an incredible number of resources and partnerships at our disposal, and this puts us at a significant advantage in the cyber fight. However, if we want to outpace increasingly sophisticated cyber warfare, we are going to need to observe globally, protect nationally, and defend locally.

Soruce:hstoday

This article is the third in a series that the Coast Guard will be publishing in recognition of Cybersecurity Awareness Month. Now in its 18th year, Cybersecurity Awareness Month emphasizes the importance of cybersecurity and cyber risk management across all critical infrastructure, especially the Marine Transportation System (MTS).

Cybersecurity incidents are becoming an increasingly frequent occurrence and can have significant impacts, as evidenced by the recent Solar Winds incident and the attack on Colonial Pipeline.

The maritime community is not immune from cybersecurity incidents with several events resulting in reduced operations and financial losses for maritime businesses. Cyber hygiene is the first line of defense in a cyber risk management plan and involves the processes one uses to protect access to an information network.

The first step for good cyber hygiene is password management. This includes:

• changing a password frequently
• ensuring that the password is complex
• and limiting users who have administrative level access

Recent Coast Guard inspections revealed cybersecurity risks from poor cyber hygiene. Examples include:

• passwords semi-permanently attached to the equipment they are used on
• printed emails noting that a password has changed lying in plain view
• and sharing user accounts to display electronic vessel certificates or reference Safety Management System documents

soruce:workboat