MARITIME CYBER SECURITY Archives - Page 14 of 41 - SHIP IP LTD

Intelligence company applying AI to transform global maritime trade, is proud to announce that the US Patent and Trademark Office (USPTO) issued U.S. patent No 10,922,981 for its Risk Event Identification in Maritime Data and Usage Thereof. 

The patent relates to technology for identifying risk events for vessels by analyzing raw maritime data and constructing a vessel activity overview for each vessel. Patterns in vessel behavior are identified to indicate the occurrence of risk events, which can be validated by comparing them to other vessel’s behavior or using raw maritime data. This technique can identify risk events, including compliance risk, security risk, safety risk, and others, using reduced resources without increasing false positive metrics.

“We are pleased to have reached the remarkable milestone of having been granted this patent by the USPTO,” said Ami Daniel, CEO and Co-Founder of Windward. “Across the maritime trade industry insurers, banks, shipowners, and energy companies alike have been using manual methods to assess risk. At Windward we are revolutionizing maritime risk identification by developing proven, and now patented, methods of analysis to provide accurate and timely risk assessments which are then used by maritime professionals for decision support.”

Windward’s Maritime AI is powered by hundreds of behavioral analytics models and over 10 billion data points, giving its customers the power to make smarter decisions, faster. Windward’s AI analyzes existing behaviors to predict in real-time which companies and vessels are likely to be high risk, and which are safe to conduct business with. Windward’s solution is easily integrated into existing workflows, enabling businesses to look to the future and optimize business practices.

Source: prnewswire

The Belgian Shipping Code, applicable since September 2020, regulates under its chapter 2.5.2 which requirements ports and port facilities (such as commercially operated port terminals) must comply with in terms of maritime security.

Each port facility must, among other things, appoint a security officer and draw up a security plan, which must be submitted for approval to the competent minister charged with the North Sea.

Since the Port of Antwerp is considered an international hub for illegal traffic in drugs e.g. cocaine, the fighting of which is understandably a top priority for both the local and national authorities, the importance of maritime security has only increased in recent years. The Belgian seaports are also a point of attention in the context of the increased pressure from illicit migration.

In this context, the Minister responsible for the North Sea announced at the end of September 2021 stricter rules in the field of port security, which are expected to include increased attention to camera surveillance, increased restrictions on terminal access, and stricter penalties for intruders (who may face up to fifteen years in prison).

Undoubtedly, all stakeholders in carriage of goods from, to or via the Belgian ports will sooner or later be confronted with the above and will have to strike the right balance between the smooth continuing of their trade operations on the one hand, and compliance with the new security measures on the other hand.

Ciska Servais (administrative law department) and Ruud De Houwer (maritime and transport law department) combined the expertise of their teams and assisted the FPS Mobility and Transport in 2020 and 2021 in administrative summary proceedings concerning port security and port security plans. They will continue to closely monitor all new developments in this respect.

Source: astrealaw

With an established presence throughout China’s “near seas” in East Asia and further abroad in the North Pacific on fishery patrols, the possibility of additional long-distance deployments by the CCG should be seen as a matter of when and not if. This is especially true in waters where Chinese interests and citizens are threatened but the cooperative look of the CCG’s white hulls presents a more appealing optic than the more confrontational appearance of China’s People’s Liberation Army Navy’s (PLAN) gray hulls. One such location is off the west coast of Latin America in the Eastern Pacific on counter-narcotic patrols due the increasing problem of illegal drugs from Latin America making their way across the Pacific to Chinese consumers.

The expansion and modernization of China’s maritime forces, in particular the PLAN, has received a great deal of attention. The PLAN is also the largest navy in the world with an overall battle force of over 360 ships, including more than 130 major surface combatants and more than 60 submarines along with its own aviation arm of more than 300 land-and sea-based fixed and rotary wing aircraft of all types. The PLAN is an increasingly modern and flexible force capable of conducting a wide range of peacetime and wartime missions at expanding distances from the Chinese mainland. From counter-piracy patrols in the Gulf of Aden, to hospital ship deployments to Latin America, to submarine patrols in the Indian Ocean, and long-range operations in the Central Pacific, the PLAN is an increasingly global force. It now operates in all of the U.S. Navy’s numbered fleet areas of responsibility in support of China’s expanding interests.

Matching the PLAN’s impressive modernization is the growth of the CCG. The modern CCG is the result of the 2013 consolidation of four legacy maritime law enforcement agencies. With a combination of the agencies’ older ships, repurposed PLAN ships, and increasingly new construction, the CCG has rapidly grown into the largest maritime law enforcement agency in the world. The white-hulled ships of the CCG are now a common sight throughout China’s “near seas” within the first island chain, particularly in contested waters near features such as Scarborough Reef, the Senkaku Islands, and Second Thomas Shoal as well as near foreign drilling rigs and survey operations. Backed up by the PLAN and the ships of China’s Maritime Militia, the CCG is Beijing’s tool of choice for intimidating rival maritime claimants throughout the region. However, with 140 ocean-going ships of 1000 tons or greater—including 60 ships of 2500 tons or greater—the CCG has more than enough capacity to expand its operations beyond regional waters.

Source: maritimecyprus

When plotting a course on the open ocean, conditions rarely allow a navigator to chart a straight line home. Hazards below the surface of every ocean and the unpredictability of weather systems require a crew to consistently reassess the vessel’s position and adjust maneuvering to reach its destination safely. Both the captain and the crew are expected to navigate using all means available, a lens that should apply to approaching recommendations to reduce cybersecurity risks for the MTS as a whole: actors within the MTS must be capable of tapping into every available resource.

The approach to maritime cybersecurity must ultimately be holistic; even if every component of the MTS was cyber secure, the interconnection of the subsystems might not result in a secure MTS. Taking the steps necessary to build a secure maritime domain will require a better understanding of the cybersecurity-threat landscape, coupled with a segmented view of MTS infrastructure. This will allow developers, policy makers, owners, and regulators to match the best policy levers with particular maritime systems, and achieve better cybersecurity outcomes across the entire MTS.

This report puts forward twelve recommendations—split into three overarching themes—to help better secure all subsystems of the MTS from evolving cyber threats. First, stakeholders operating within the MTS must raise the baseline for cybersecurity across the maritime industry and shipping communities. Knowing is half the battle, and stakeholders must develop a sector-specific cyber risk framework, a global intelligence clearinghouse, and a common cyber-incident threat matrix, while pushing for an active, industry-wide vulnerability disclosure policy.

Second, MTS stakeholders must deepen their understanding of maritime cybersecurity and associated risks by building cross-sector linkages, especially through new professional and international exchanges between academia, industry, and government. Stakeholders must design MTS cyber-specific educational certifications to support these new workforce initiatives, with the goal of upskilling the industry and attracting talent into a cyber-aware MTS. Developers and the maritime industry must collaborate on eradicating systemic software vulnerabilities from MTS software. Lawmakers and regulators must complement these efforts by ensuring that MTS receive adequate resources to improve cybersecurity.

Third, executives and high-level stakeholders in the public and private sectors globally must prioritize cybersecurity as part of their broader risk management efforts, leveraging increased security measures and appropriate risk mitigations to help support long-term improvements in cybersecurity. MTS stakeholders should assess risk by relating their cybersecurity maturity to those of other sectors, like energy, better integrating cybersecurity with traditional maritime insurance coverage, and finally, improving cybersecurity proactively through multistakeholder simulations.

The bulk of these identified actions build on or integrate existing programs, such as the US Department of Energy-backed Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program,¹ run across four national labs and the Department of Transportation (DOT) Maritime Administration (MARAD) 2021 Port Infrastructure Development Program (PIDP).² These programs are embedded in broader lines of policy effort and come with well-established relationships—both virtues over starting from scratch.

The maturity and effectiveness of contemporary approaches to cybersecurity in the MTS fail to reflect the vital role maritime transportation plays in supporting global commerce, diverse energy systems, and national security. Cyber threats will only continue to metastasize, accelerating both in quantity and consequence. Navigating through such turbulent waters requires an all-hands-on-deck approach—both in the United States and beyond—to improve the collective cybersecurity of the MTS.

Source: atlanticcouncil

Source: thedigitalship

The issue cyber security becomes increasingly important for maritime shipping as significant part of the global logistics chain. Just one of the latest attacks was with the malware “NotPetya” in 2017 where the shipping company Maersk alone suffered damages of several hundred million Euros, which made clear how immense the magnitude of cyber-attacks can be in maritime shipping.

Sea-going ships fall victim to cyber-attacks more and more often because they are floating data processing centres. And these data processing centres can get attacked. Which means that for example navigational systems used on board ships do not just make them susceptible to disturbances but also connect them to the internet and thus create doorways for computer hackers.

Cyber hazards also lurk in ports. Admission systems, cargo handling, steering systems for cranes and the SCADA software often used in industrial steering systems turn ports into highly connected IT systems. The more steering and navigational systems at land and sea become interconnected with other networks und entertainment systems, the easier it becomes for third parties to gain access via IT interfaces along this chain of systems.

Since this year, IMO has made it mandatory for shipping companies to protect against cyber risks. Ship operators have to integrate the relevant measures into their existing ISM systems. The BG Verkehr, the BSH and the BSI aid German shipping companies in this task. In the joint ISM Circular on “ISM Cyber Security”, these three authorities offer practical tips on the topic cyber security. Sabine Kudzielka, CEO of the BG Verkehr, emphasizes: “The experts of our Ship Safety Division are happy to support shipping companies to establish an individual cyber risk management in their enterprise. Our experts used to serve at sea themselves and know what is relevant on board.”

The Federal Maritime and Hydrographic Agency (BSH) points out its competences regarding cyber security: “The BSH is responsible for the verification of security systems on board ships flying the German flag. Furthermore, we work together with partners in scientific research on our technology development platform in the BSH system laboratory to find solutions that can prevent unauthorized access to ship systems”, explains the president of the BSH, Dr. Karin Kammann-Klippstein.

The BG Verkehr, the BSH and the BSI have agreed upon an intensification of their cooperation regarding maritime cyber security. Based on an administrative agreement, they want to sensitize shipping companies for the topic “information security”, provide support and carry out joint projects. “We want to share knowledge of and experiences with information security with shipping companies and German maritime enterprises and be a part in shaping the digital change in the shipping industry successfully,” Dr. Gerhard Schabhüser, vice president of the BSI, gladly announces. “This administrative agreement in an important step towards this goal.”

In addition, the BG Verkehr and the BSH will become a member of the alliance for cyber security and keep the BSI informed about IT security incidents in maritime shipping to create a more accurate overview of the situation. Moreover, joint publications such as guidance and checklists will get developed.

Source: deutsche-flagge

South Korea’s Daewoo Shipbuilding & Marine Engineering Co. (DSME) plans to help shipowners tighten their cybersecurity preparedness after securing certification for a new smart ship solution.

As cases of cyberattacks in the maritime industry increase, the South Korean shipbuilder said it intends to start installing its DSME Smartship Solutions (DS4) in ships after winning an approval from the American Bureau of Shipping (ABS).

DS4 is designed to protect the data and software of ships from hacking and will be installed in more than 30 vessels. With the approval, DSME can install the solutions into ships without an additional cyber security assessment.

“We believe this certification will serve as a cornerstone to advance the era of autonomous ships,” said Choi Dong-kyu, DSME’s R&D institute head.

DSME will become the first shipbuilding company to obtain ABS’ product design assessment (PDA) certification in the field of cyber safety.

South Korea is determined to be a global frontrunner in developing autonomous ships. The technology had been touted as the next generation of high-value-added ships, designed to replace the crew’s decision-making with intelligent and autonomous systems through the convergence of artificial intelligence, the Internet of Things, big data, and sensors.

However, the push towards smart ships faces risks from cyberattacks. Globally, cases of cyberattacks targeting shipping companies, ports authorities, and ports infrastructure have been on the rise. DSME was itself targeted in June, when hackers attempted to breach the company’s computer systems.

Ransomware attacks on shipping firms tripled between 2019 and 2020, with the world’s four largest shipping companies – Maersk, Mediterranean Shipping Company, CMA CGM, and COSCO – all falling victims over the last four years.

MSC suffered a network outage in April 2020 from a malware attack, while CMA CGM was hit with a ransomware attack in September 2020. Even the International Maritime Organization was recently targeted by a cyberattack, forcing some of its services offline.

“To date, most cyber incidents involving shipping have been shore-based incidents, such as attacks against ports and shipping companies themselves. But cyber threats to vessels will increase as more ships are linked to onshore navigation and performance management systems,” said the Safety and Shipping Review 2021 report by Allianz.

Source: maritime-executive

The presence of Chinese trawlers in the Indian Ocean, Arabian Sea and Bay of Bengal jeopardises India’s maritime security by fishing in India’s EEZ.

China happens to be the largest fishing nation producing approximately one-fifth of the global catch. Apart from freshwater fish, a vital part of the Chinese exports also come from the oceanic fish found in the deep sea. Interestingly, as per available reports, no fish are left in the South China Sea due to overconsumption. On the other hand, India occupies the second largest position (6.3 per cent) in producing fish that sustain 14,500,000 fishers. China does eye these fish not only for its domestic consumption but also for exporting them to support its fisheries sector. Beijing’s illegal, unreported and unregulated (IUU) fishing in other countries’ Exclusive Economic Zone (EEZ) has so far been overlooked.

According to the 2020 FAO report, “The State of World Fisheries and Aquaculture”, in 2018, China reported about 2.26 million tonnes from its “distant-water fishery” but provided details on species and fishing area only for 40 % of its”distant water catch”. Thus, it has not divulged 60 per cent of its catch from the “distant waters” data. A significant part of this 60 per cent probably comes from its illegal fishing in the Indo-Pacific region, Eastern Indian Ocean and the Arabian Sea in particular and is at the economic cost of other nations.’The IUU Fishing Index’, a civil society organisation headquartered in Geneva, ranked China first in its 2019 index.

China heavily subsidises to the extent of 94 per cent of its fishing trawlers to encourage shipping in the international waters. Further subsidies and tax benefits on selling the “distant water” catch to the foreign markets apart from various medical benefits in case of injuries while fishing provides enough incentives to its people to carry out fishing activities. It comes as no surprise that China has the world’s largest fishing fleet.

Beijing’s illegal “fishing vessels”are equipped with state of the art ‘catch and pack facilities’and are commonly sighted in the Eastern and Western Indian Ocean near the Andaman and Nicobar Islands, apart from the Arabian Sea. The 572 islands of Andaman and Nicobar witness the Chinese fishing trawlers carrying out illegal fishing as most of the islands are uninhabited. The Chinese trawlers make their way through the Coco and Greater Coco Islands and fish in the dark pitch hours, assuming that the Indian Coast Guard and Navy would not be alert.

The presence of the Chinese trawlers in the Indian Ocean, Arabian Sea and Bay of Bengal is a violation of India’s sovereignty, as the fishing zones of these seas and ocean comes under India’s EEZ, a rule well outlined by the UNCLOS in Article 56. The issue holds relevance to the national security narratives because of the following factors. First, it jeopardises India’s maritime security by fishing in India’s EEZ. Secondly, overfishing, especially in the regulated months when breeding happens, affects the marine environment. Moreover, India’s economic and cyber security can be exposed to sabotage.

From a geopolitical perspective, these “civilian” trawlers violate India’s EEZ as People’s Armed Forces Maritime Militia(paramilitary forces)accompanies them in the guise of civilian fishermen. These fishing vessels do not keep their automatic identification systems transmitter/responder activated, which is a mandatory requirement by the international agencies for fishing. Reports of 2020 suggest that around 450 such research vessels and fishing trawlers had entered various sectors of the Indian Ocean Region.

The role of Chinese maritime militia in fishing camouflage is well established. It was recognised by the PLA Daily in 2014 when it quoted that, “Putting on camouflage, they qualify as soldiers; taking off the camouflage, they become law-abiding fishermen”. The PLA controls these “fishermen”, and their objectives overlap with the Chinese Communist Party (CCP) agenda of “ocean grabbing”, a method of fishing in which the small fishers of the victim countries are denied the marine resources of their own EEZ.

As these trawlers have space for storing live ammunition, a condition made mandatory for being called “Chinese fishing trawlers” and are equipped with sophisticated intelligence and surveillance systems, they amount to incremental strategies of asymmetrical advantage in order to have a gradual maritime foothold in the water bodies surrounding India. It blurs the distinction between combatants and non-combatants, a necessary condition for hot pursuits in UNCLOS and the International Humanitarian Law (IHL). As a thumb rule, civilian trawlers cannot be carrying either the elite irregular forces, live ammunition or surveillance mechanisms. Chinese trawlers have provisions for all three. Besides that, fishing trawlers can potentially be used for trafficking drugs and arms from the Arabian Sea. The nexus of China, Pakistan and the Taliban poses serious drug trafficking issues for India. Maritime security is hence at threat because of IUU.

Militarisation of the Chinese artificial islands either in the SCS or in Feydhoo Finolhu Island can provide its militia with the possible support to accomplish the agenda of the CCP. In such a case, can the Chinese trawlers or research vessels then speak for its “right of innocent passage”?An objective of the Chinese trawlers and militia is to regularise the Chinese presence in the “distant seas”to project power that helps Beijing in both peacetime and wartime. Maritime security and the freedom of high seas thus are hence strongly co-related with Chinese illegal and unregulated fishing.

China’s illegal and unregulated fishing amounts to economic plunder of a nation’s resources as they deplete the fishery resources can result in food and employment deprivation of the people of the coastal areas of India. The fishing industry provides employment to three critical sectors- catching, processing and marketing and contributes 1.07 per cent to the country’s GDP. Fishes and Prawns are an essential source of protein in India’s coastal areas. The demand for ‘blue food’ has increased due to an increasing population worldwide and in India. Any food resource depletion would increase prices and affect the fiscal budget. Adverse effects on any of these sectors can hinder rural development and food security, thereby having the potential to cause social unrest.

From an environmental security perspective, the coral reefs near the Andaman and Nicobar Islands constitute a part of the world heritage and should be protected from the perils of IUU. Further, the use of LED lights and squid jigging equipment can eventually result in overexploitation leading to a scarcity of fish. There have been reports that illegal fishing is also done by dynamite blasts as well as bottom trawling. The Indian government also bans such materials and hence it requires more stringent measures by the necessary agencies. With an active policy of fusion of military and civilian facilities, Beijing’s shipping trawlers can also damage India’s undersea cables and cyber security.

Adoptingthe Marine Fisheries (Regulation and Management) Bill of 2019 and the National Fisheries Policy of 2020 have introduced novel measures such as the mandatory requirement for trawlers to have suitable transponders and communication systems. Nevertheless, Chinese IUU has not stopped and still poses a danger to the maritime security of India and other coastal states. In the above context, both Quad and European Union’s future Indo-Pacific policy have included IUU as an agenda for cooperation. Its strategic frustration related to Quad and AUKUS, apart from the EU’s Indo-Pacific policy, is also related to its future control of its IUU, apart from its expansionist policies.

Source: channel16.dryadglobal

The MTS is, at its core, a sprawling and diverse system of transportation. Each segment has its own specific purpose, set of tools, and risks. However, the MTS is a system of systems driven by the responsibilities, actions, and objectives of its players. Any ground-level understanding of the MTS must begin with a bird’s-eye view of the various players in regulating, advising, informing, and driving the maritime industry, including those specifically related to maritime cybersecurity.

Baltic and International Maritime Council (BIMCO)

BIMCO is the largest international organization representing the interests of ship owners, charterers, brokers, and agents. The group’s primary role is the preparation of global regulations and policy recommendations in many areas related to the MTS, from the environment, crew support, and insurance to maritime safety and security, ice information, and digitalization, including guidelines related to maritime cybersecurity. BIMCO membership comes from more than 120 countries and represents approximately 60 percent of the global merchant fleet (measured by gross tonnage of the vessels). With headquarters in Copenhagen, BIMCO has been designated a nongovernmental organization (NGO) by the United Nations.

Chambers of Shipping

National chambers of shipping (COS), such as the Chamber of Shipping of America (CSA) and the United Kingdom’s Chamber of Shipping, are nongovernmental trade organizations representing the interests of a nation’s shipping companies. Approximately forty national COS organizations are members of the International Chamber of Shipping, representing the interests of the maritime industry to international regulatory and standards bodies.¹ The organization strives to ensure the development, promotion, and application of best practices throughout the shipping industry, and works with key actors across the ecosystem and in the private and public sectors to do so.² The International Chamber of Shipping holds consultative status with the IMO.

Class Societies

Classification (or class) societies are nongovernmental organizations that set and maintain technical standards related to the design, construction, and operation of ships and offshore structures.³ The primary focus of these standards is on a ship’s hull, propulsion and steering systems, power generation, and other systems related to a vessel’s operation. Class societies employ a program of inspection and certification to deliver a baseline reference point on ship safety and reliability for shipbuilders, brokers, operators, flag administrations, insurers, and the financial community. The International Association of Class Societies (IACS) has ten member organizations—including the American Bureau of Shipping (ABS), Bureau Veritas (BV, France), China Classification Society, Lloyd’s Register (United Kingdom), Nippon Kaiji Kyokai (ClassNK, Japan), and the Russian Maritime Register of Shipping—and some insurers require that a vessel have a class society certification before providing coverage.⁴ IACS issues advisory recommendations related to adopted resolutions: recommendation no. 166 addresses cyber resilience.⁵

Cybersecurity and Infrastructure Security Agency (CISA)

CISA is an agency within the DHS. Tasked with guiding public-sector cybersecurity strategies in the United States, CISA enhances cyber defense across all levels of government by coordinating state cybersecurity programs and improving the government’s ability to repel cyberattacks (ranging from ransomware to attacks on the supply chain).⁶ CISA is not an enforcement agency and has no enforcement branch; instead, it focuses on risk management and, working with public- and private-sector partners, shares threat intelligence and builds a more cyber-resilient infrastructure. CISA’s Cybersecurity Division addresses many physical and cyber threats, including ICS/OT and cyber-physical system (CPS) security.

Cybersecurity, Energy Security, and Emergency Response (CESER)

CESER is an office within the DOE tasked with enhancing and improving the US energy infrastructure and supporting DOE’s national security mission. By encouraging cooperation between industry, academia, DOE national laboratories, state and tribal governments, and other federal governmental agencies, CESER aims to build an energy infrastructure and supply chain that is resilient to natural and human-made threats and makes the US energy sector stronger and more secure. CESER’s projects include coordinating international cooperation, providing grant funding, offering training and operational support, and designing training exercises. Cybersecurity preparedness, information sharing, and incident response within the sector is emerging as a major task of the CESER office.

European Union Agency for Cybersecurity (ENISA)

Originally chartered in 2004 as the European Network and Information Security Agency, ENISA is the EU’s lead agency for common standards of cyber defense throughout Europe. With headquarters in Athens, ENISA activities include the development of cybersecurity policies, cybersecurity certification programs for IT products and services, information sharing, capacity building, and cyber-awareness training programs. Recognizing the importance of the maritime sector to the EU economy and society, along with the increased digitalization of maritime facilities, ENISA has taken an active role in the preparation of maritime cybersecurity guidelines for ports.

Information Sharing and Analysis Groups

Information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs) collect, process, analyze, interpret, and share actionable intelligence related to cyber and physical threats that are relevant to their particular mission. Their overarching goal is to assist their members to maintain relevant domain situational awareness.

ISACs were defined by presidential order in the United States in 1998, during the earliest efforts to define critical infrastructures and infrastructure protection. ISACs were designed to enhance private sector/public sector information sharing to aid critical infrastructure owners and operators—the vast majority of whom are in the private sector—to protect their facilities, employees, and customers against cyber and physical security threats.

The National Council of ISACs (NCI) is composed of twenty-five member ISACs, including the Maritime ISAC, the Oil and Natural Gas ISAC (ONG-ISAC), the Electricity ISAC (E-ISAC), and Maritime Transportation Sector ISAC (MTS-ISAC).

ISAOs were formed by a 2015 US presidential order to promote voluntary information sharing within industry sectors. The goal in establishing a group of ISAOs was to enhance threat-related information sharing among organizations that did not belong to an ISAC because they were not in a clearly defined infrastructure sector. The International Association of Certified ISAOs (IACI) comprises fifteen information-sharing organizations, including the Maritime and Port ISAO (MPS-ISAO).

International Maritime Organization (IMO)

The IMO is an agency of the United Nations, headquartered in London, with a mission to develop a regulatory framework for international shipping. Its primary roles address safety, environmental concerns, legal issues, security, and international technical cooperation. It is, perhaps, best known for the Safety of Life at Sea (SOLAS) Convention, a treaty first adopted in 1914 after the sinking of the Titanic, and the International Convention for the Prevention of Pollution from Ships (MARPOL), first adopted in 1983. In 2017, the IMO Maritime Safety Committee released a set of Maritime Cyber Risk Management recommendations for safety-management systems that IMO encouraged shippers to implement no later than the first annual verification of a vessel’s Document of Compliance and Safety Management in 2021; this resolution is known as IMO 2021.

Maritime Insurers

Maritime insurance dates back to Edward Lloyd’s Coffee House in London, which opened in 1686. The coverage framework for ships and cargo is among the most mature in the insurance industry and covers damage or loss to vessels, terminals, cargo, and passengers. An increasing number of marine insurers require compliance with cyber-safety guidelines issued by class societies, the International Maritime Organization, and regulatory agencies.

National Institute of Standards and Technology (NIST)

NIST, a part of the Department of Commerce, is tasked with providing standards and guidelines for making the US technology base more secure. NIST’s Cybersecurity Framework, created in tandem with stakeholders across the public and private sectors, focuses on putting forward a voluntary framework for reducing cyber risks to critical infrastructure based on existing standards, guidelines, and practices. The framework is considered one of the best current standards programs out there and is utilized often throughout the MTS. The framework consists of three main components: the core, implementation tiers, and profiles.

The core focuses on providing an overarching set of desired cybersecurity activities and outcomes in common terms that are easy to understand, with the goal of helping organizations reduce their cyber risk. The implementation tiers assist these organizations in implementing these activities and outcomes by providing context for what this looks like operationally. The framework profiles aim to take this a step further by identifying key requirements and objectives for specific types of organizations.

North Atlantic Treaty Organization (NATO)

NATO was born with the signing of the North Atlantic Treaty in 1949, in the aftermath of the dark days of World War II. With headquarters in Brussels, Belgium, NATO has thirty member nations in Europe and North America. As a primarily military alliance, one of the most significant parts of the treaty is Article 5, the mutual defense clause, stating that an attack on one member country is an attack on all. This is a very controversial concept in these days of information warfare, where the very definition of cyberwar is not codified and an appropriate response in real space to an attack in cyberspace is not defined at all. To that end, NATO has established the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, where research, training, and exercises are conducted in the areas of technology, strategy, operations, and law. One outcome from the CCDCOE is the Tallinn Manual, a comprehensive guide on how existing law applies to information operations in cyberspace. This manual itself is not law, but it is the nearest guidance that is available on what constitutes a war in cyberspace.

US Department of Homeland Security (DHS)

The DHS, formed after the 9/11 attacks, is a cabinet-level agency tasked with border security, immigration and customs, disaster management and response, cybersecurity, anti-terrorism, and other efforts to protect the public within US borders. DHS also oversees the CISA and the Coast Guard. DHS has funded a dozen Science and Technology (S&T) Centers of Excellence (COE) addressing a range of multidisciplinary technology solutions for homeland security. Of particular interest to maritime cybersecurity is the Maritime Security Center (MSC) at Stevens Institute of Technology.

Source: atlanticcouncil

CYBER CONFERENCE

Every year, usually within September NMIOTC holds its Annual Cyber Security Conference in Maritime Domain. The aim of the conference is to encourage participation and promotion of collaborative scientific, industrial, naval, maritime and academic inter-workings among individual researchers, practitioners, navy staffs, members of existing associations, academia, shipping companies, standardization bodies, including government departments, international organizations and agencies, public and private sector in general, regarding cyber security in maritime domain and cyber defense operations. We envisage tackling Cyber Security issues in maritime domain in a holistic, comprehensive and effective way.

Source: nmiotc