MARITIME CYBER SECURITY Archives - Page 14 of 40 - SHIP IP LTD

When plotting a course on the open ocean, conditions rarely allow a navigator to chart a straight line home. Hazards below the surface of every ocean and the unpredictability of weather systems require a crew to consistently reassess the vessel’s position and adjust maneuvering to reach its destination safely. Both the captain and the crew are expected to navigate using all means available, a lens that should apply to approaching recommendations to reduce cybersecurity risks for the MTS as a whole: actors within the MTS must be capable of tapping into every available resource.

The approach to maritime cybersecurity must ultimately be holistic; even if every component of the MTS was cyber secure, the interconnection of the subsystems might not result in a secure MTS. Taking the steps necessary to build a secure maritime domain will require a better understanding of the cybersecurity-threat landscape, coupled with a segmented view of MTS infrastructure. This will allow developers, policy makers, owners, and regulators to match the best policy levers with particular maritime systems, and achieve better cybersecurity outcomes across the entire MTS.

This report puts forward twelve recommendations—split into three overarching themes—to help better secure all subsystems of the MTS from evolving cyber threats. First, stakeholders operating within the MTS must raise the baseline for cybersecurity across the maritime industry and shipping communities. Knowing is half the battle, and stakeholders must develop a sector-specific cyber risk framework, a global intelligence clearinghouse, and a common cyber-incident threat matrix, while pushing for an active, industry-wide vulnerability disclosure policy.

Second, MTS stakeholders must deepen their understanding of maritime cybersecurity and associated risks by building cross-sector linkages, especially through new professional and international exchanges between academia, industry, and government. Stakeholders must design MTS cyber-specific educational certifications to support these new workforce initiatives, with the goal of upskilling the industry and attracting talent into a cyber-aware MTS. Developers and the maritime industry must collaborate on eradicating systemic software vulnerabilities from MTS software. Lawmakers and regulators must complement these efforts by ensuring that MTS receive adequate resources to improve cybersecurity.

Third, executives and high-level stakeholders in the public and private sectors globally must prioritize cybersecurity as part of their broader risk management efforts, leveraging increased security measures and appropriate risk mitigations to help support long-term improvements in cybersecurity. MTS stakeholders should assess risk by relating their cybersecurity maturity to those of other sectors, like energy, better integrating cybersecurity with traditional maritime insurance coverage, and finally, improving cybersecurity proactively through multistakeholder simulations.

The bulk of these identified actions build on or integrate existing programs, such as the US Department of Energy-backed Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program,¹ run across four national labs and the Department of Transportation (DOT) Maritime Administration (MARAD) 2021 Port Infrastructure Development Program (PIDP).² These programs are embedded in broader lines of policy effort and come with well-established relationships—both virtues over starting from scratch.

The maturity and effectiveness of contemporary approaches to cybersecurity in the MTS fail to reflect the vital role maritime transportation plays in supporting global commerce, diverse energy systems, and national security. Cyber threats will only continue to metastasize, accelerating both in quantity and consequence. Navigating through such turbulent waters requires an all-hands-on-deck approach—both in the United States and beyond—to improve the collective cybersecurity of the MTS.

Source: atlanticcouncil

Source: thedigitalship

The issue cyber security becomes increasingly important for maritime shipping as significant part of the global logistics chain. Just one of the latest attacks was with the malware “NotPetya” in 2017 where the shipping company Maersk alone suffered damages of several hundred million Euros, which made clear how immense the magnitude of cyber-attacks can be in maritime shipping.

Sea-going ships fall victim to cyber-attacks more and more often because they are floating data processing centres. And these data processing centres can get attacked. Which means that for example navigational systems used on board ships do not just make them susceptible to disturbances but also connect them to the internet and thus create doorways for computer hackers.

Cyber hazards also lurk in ports. Admission systems, cargo handling, steering systems for cranes and the SCADA software often used in industrial steering systems turn ports into highly connected IT systems. The more steering and navigational systems at land and sea become interconnected with other networks und entertainment systems, the easier it becomes for third parties to gain access via IT interfaces along this chain of systems.

Since this year, IMO has made it mandatory for shipping companies to protect against cyber risks. Ship operators have to integrate the relevant measures into their existing ISM systems. The BG Verkehr, the BSH and the BSI aid German shipping companies in this task. In the joint ISM Circular on “ISM Cyber Security”, these three authorities offer practical tips on the topic cyber security. Sabine Kudzielka, CEO of the BG Verkehr, emphasizes: “The experts of our Ship Safety Division are happy to support shipping companies to establish an individual cyber risk management in their enterprise. Our experts used to serve at sea themselves and know what is relevant on board.”

The Federal Maritime and Hydrographic Agency (BSH) points out its competences regarding cyber security: “The BSH is responsible for the verification of security systems on board ships flying the German flag. Furthermore, we work together with partners in scientific research on our technology development platform in the BSH system laboratory to find solutions that can prevent unauthorized access to ship systems”, explains the president of the BSH, Dr. Karin Kammann-Klippstein.

The BG Verkehr, the BSH and the BSI have agreed upon an intensification of their cooperation regarding maritime cyber security. Based on an administrative agreement, they want to sensitize shipping companies for the topic “information security”, provide support and carry out joint projects. “We want to share knowledge of and experiences with information security with shipping companies and German maritime enterprises and be a part in shaping the digital change in the shipping industry successfully,” Dr. Gerhard Schabhüser, vice president of the BSI, gladly announces. “This administrative agreement in an important step towards this goal.”

In addition, the BG Verkehr and the BSH will become a member of the alliance for cyber security and keep the BSI informed about IT security incidents in maritime shipping to create a more accurate overview of the situation. Moreover, joint publications such as guidance and checklists will get developed.

Source: deutsche-flagge

South Korea’s Daewoo Shipbuilding & Marine Engineering Co. (DSME) plans to help shipowners tighten their cybersecurity preparedness after securing certification for a new smart ship solution.

As cases of cyberattacks in the maritime industry increase, the South Korean shipbuilder said it intends to start installing its DSME Smartship Solutions (DS4) in ships after winning an approval from the American Bureau of Shipping (ABS).

DS4 is designed to protect the data and software of ships from hacking and will be installed in more than 30 vessels. With the approval, DSME can install the solutions into ships without an additional cyber security assessment.

“We believe this certification will serve as a cornerstone to advance the era of autonomous ships,” said Choi Dong-kyu, DSME’s R&D institute head.

DSME will become the first shipbuilding company to obtain ABS’ product design assessment (PDA) certification in the field of cyber safety.

South Korea is determined to be a global frontrunner in developing autonomous ships. The technology had been touted as the next generation of high-value-added ships, designed to replace the crew’s decision-making with intelligent and autonomous systems through the convergence of artificial intelligence, the Internet of Things, big data, and sensors.

However, the push towards smart ships faces risks from cyberattacks. Globally, cases of cyberattacks targeting shipping companies, ports authorities, and ports infrastructure have been on the rise. DSME was itself targeted in June, when hackers attempted to breach the company’s computer systems.

Ransomware attacks on shipping firms tripled between 2019 and 2020, with the world’s four largest shipping companies – Maersk, Mediterranean Shipping Company, CMA CGM, and COSCO – all falling victims over the last four years.

MSC suffered a network outage in April 2020 from a malware attack, while CMA CGM was hit with a ransomware attack in September 2020. Even the International Maritime Organization was recently targeted by a cyberattack, forcing some of its services offline.

“To date, most cyber incidents involving shipping have been shore-based incidents, such as attacks against ports and shipping companies themselves. But cyber threats to vessels will increase as more ships are linked to onshore navigation and performance management systems,” said the Safety and Shipping Review 2021 report by Allianz.

Source: maritime-executive

The presence of Chinese trawlers in the Indian Ocean, Arabian Sea and Bay of Bengal jeopardises India’s maritime security by fishing in India’s EEZ.

China happens to be the largest fishing nation producing approximately one-fifth of the global catch. Apart from freshwater fish, a vital part of the Chinese exports also come from the oceanic fish found in the deep sea. Interestingly, as per available reports, no fish are left in the South China Sea due to overconsumption. On the other hand, India occupies the second largest position (6.3 per cent) in producing fish that sustain 14,500,000 fishers. China does eye these fish not only for its domestic consumption but also for exporting them to support its fisheries sector. Beijing’s illegal, unreported and unregulated (IUU) fishing in other countries’ Exclusive Economic Zone (EEZ) has so far been overlooked.

According to the 2020 FAO report, “The State of World Fisheries and Aquaculture”, in 2018, China reported about 2.26 million tonnes from its “distant-water fishery” but provided details on species and fishing area only for 40 % of its”distant water catch”. Thus, it has not divulged 60 per cent of its catch from the “distant waters” data. A significant part of this 60 per cent probably comes from its illegal fishing in the Indo-Pacific region, Eastern Indian Ocean and the Arabian Sea in particular and is at the economic cost of other nations.’The IUU Fishing Index’, a civil society organisation headquartered in Geneva, ranked China first in its 2019 index.

China heavily subsidises to the extent of 94 per cent of its fishing trawlers to encourage shipping in the international waters. Further subsidies and tax benefits on selling the “distant water” catch to the foreign markets apart from various medical benefits in case of injuries while fishing provides enough incentives to its people to carry out fishing activities. It comes as no surprise that China has the world’s largest fishing fleet.

Beijing’s illegal “fishing vessels”are equipped with state of the art ‘catch and pack facilities’and are commonly sighted in the Eastern and Western Indian Ocean near the Andaman and Nicobar Islands, apart from the Arabian Sea. The 572 islands of Andaman and Nicobar witness the Chinese fishing trawlers carrying out illegal fishing as most of the islands are uninhabited. The Chinese trawlers make their way through the Coco and Greater Coco Islands and fish in the dark pitch hours, assuming that the Indian Coast Guard and Navy would not be alert.

The presence of the Chinese trawlers in the Indian Ocean, Arabian Sea and Bay of Bengal is a violation of India’s sovereignty, as the fishing zones of these seas and ocean comes under India’s EEZ, a rule well outlined by the UNCLOS in Article 56. The issue holds relevance to the national security narratives because of the following factors. First, it jeopardises India’s maritime security by fishing in India’s EEZ. Secondly, overfishing, especially in the regulated months when breeding happens, affects the marine environment. Moreover, India’s economic and cyber security can be exposed to sabotage.

From a geopolitical perspective, these “civilian” trawlers violate India’s EEZ as People’s Armed Forces Maritime Militia(paramilitary forces)accompanies them in the guise of civilian fishermen. These fishing vessels do not keep their automatic identification systems transmitter/responder activated, which is a mandatory requirement by the international agencies for fishing. Reports of 2020 suggest that around 450 such research vessels and fishing trawlers had entered various sectors of the Indian Ocean Region.

The role of Chinese maritime militia in fishing camouflage is well established. It was recognised by the PLA Daily in 2014 when it quoted that, “Putting on camouflage, they qualify as soldiers; taking off the camouflage, they become law-abiding fishermen”. The PLA controls these “fishermen”, and their objectives overlap with the Chinese Communist Party (CCP) agenda of “ocean grabbing”, a method of fishing in which the small fishers of the victim countries are denied the marine resources of their own EEZ.

As these trawlers have space for storing live ammunition, a condition made mandatory for being called “Chinese fishing trawlers” and are equipped with sophisticated intelligence and surveillance systems, they amount to incremental strategies of asymmetrical advantage in order to have a gradual maritime foothold in the water bodies surrounding India. It blurs the distinction between combatants and non-combatants, a necessary condition for hot pursuits in UNCLOS and the International Humanitarian Law (IHL). As a thumb rule, civilian trawlers cannot be carrying either the elite irregular forces, live ammunition or surveillance mechanisms. Chinese trawlers have provisions for all three. Besides that, fishing trawlers can potentially be used for trafficking drugs and arms from the Arabian Sea. The nexus of China, Pakistan and the Taliban poses serious drug trafficking issues for India. Maritime security is hence at threat because of IUU.

Militarisation of the Chinese artificial islands either in the SCS or in Feydhoo Finolhu Island can provide its militia with the possible support to accomplish the agenda of the CCP. In such a case, can the Chinese trawlers or research vessels then speak for its “right of innocent passage”?An objective of the Chinese trawlers and militia is to regularise the Chinese presence in the “distant seas”to project power that helps Beijing in both peacetime and wartime. Maritime security and the freedom of high seas thus are hence strongly co-related with Chinese illegal and unregulated fishing.

China’s illegal and unregulated fishing amounts to economic plunder of a nation’s resources as they deplete the fishery resources can result in food and employment deprivation of the people of the coastal areas of India. The fishing industry provides employment to three critical sectors- catching, processing and marketing and contributes 1.07 per cent to the country’s GDP. Fishes and Prawns are an essential source of protein in India’s coastal areas. The demand for ‘blue food’ has increased due to an increasing population worldwide and in India. Any food resource depletion would increase prices and affect the fiscal budget. Adverse effects on any of these sectors can hinder rural development and food security, thereby having the potential to cause social unrest.

From an environmental security perspective, the coral reefs near the Andaman and Nicobar Islands constitute a part of the world heritage and should be protected from the perils of IUU. Further, the use of LED lights and squid jigging equipment can eventually result in overexploitation leading to a scarcity of fish. There have been reports that illegal fishing is also done by dynamite blasts as well as bottom trawling. The Indian government also bans such materials and hence it requires more stringent measures by the necessary agencies. With an active policy of fusion of military and civilian facilities, Beijing’s shipping trawlers can also damage India’s undersea cables and cyber security.

Adoptingthe Marine Fisheries (Regulation and Management) Bill of 2019 and the National Fisheries Policy of 2020 have introduced novel measures such as the mandatory requirement for trawlers to have suitable transponders and communication systems. Nevertheless, Chinese IUU has not stopped and still poses a danger to the maritime security of India and other coastal states. In the above context, both Quad and European Union’s future Indo-Pacific policy have included IUU as an agenda for cooperation. Its strategic frustration related to Quad and AUKUS, apart from the EU’s Indo-Pacific policy, is also related to its future control of its IUU, apart from its expansionist policies.

Source: channel16.dryadglobal

The MTS is, at its core, a sprawling and diverse system of transportation. Each segment has its own specific purpose, set of tools, and risks. However, the MTS is a system of systems driven by the responsibilities, actions, and objectives of its players. Any ground-level understanding of the MTS must begin with a bird’s-eye view of the various players in regulating, advising, informing, and driving the maritime industry, including those specifically related to maritime cybersecurity.

Baltic and International Maritime Council (BIMCO)

BIMCO is the largest international organization representing the interests of ship owners, charterers, brokers, and agents. The group’s primary role is the preparation of global regulations and policy recommendations in many areas related to the MTS, from the environment, crew support, and insurance to maritime safety and security, ice information, and digitalization, including guidelines related to maritime cybersecurity. BIMCO membership comes from more than 120 countries and represents approximately 60 percent of the global merchant fleet (measured by gross tonnage of the vessels). With headquarters in Copenhagen, BIMCO has been designated a nongovernmental organization (NGO) by the United Nations.

Chambers of Shipping

National chambers of shipping (COS), such as the Chamber of Shipping of America (CSA) and the United Kingdom’s Chamber of Shipping, are nongovernmental trade organizations representing the interests of a nation’s shipping companies. Approximately forty national COS organizations are members of the International Chamber of Shipping, representing the interests of the maritime industry to international regulatory and standards bodies.¹ The organization strives to ensure the development, promotion, and application of best practices throughout the shipping industry, and works with key actors across the ecosystem and in the private and public sectors to do so.² The International Chamber of Shipping holds consultative status with the IMO.

Class Societies

Classification (or class) societies are nongovernmental organizations that set and maintain technical standards related to the design, construction, and operation of ships and offshore structures.³ The primary focus of these standards is on a ship’s hull, propulsion and steering systems, power generation, and other systems related to a vessel’s operation. Class societies employ a program of inspection and certification to deliver a baseline reference point on ship safety and reliability for shipbuilders, brokers, operators, flag administrations, insurers, and the financial community. The International Association of Class Societies (IACS) has ten member organizations—including the American Bureau of Shipping (ABS), Bureau Veritas (BV, France), China Classification Society, Lloyd’s Register (United Kingdom), Nippon Kaiji Kyokai (ClassNK, Japan), and the Russian Maritime Register of Shipping—and some insurers require that a vessel have a class society certification before providing coverage.⁴ IACS issues advisory recommendations related to adopted resolutions: recommendation no. 166 addresses cyber resilience.⁵

Cybersecurity and Infrastructure Security Agency (CISA)

CISA is an agency within the DHS. Tasked with guiding public-sector cybersecurity strategies in the United States, CISA enhances cyber defense across all levels of government by coordinating state cybersecurity programs and improving the government’s ability to repel cyberattacks (ranging from ransomware to attacks on the supply chain).⁶ CISA is not an enforcement agency and has no enforcement branch; instead, it focuses on risk management and, working with public- and private-sector partners, shares threat intelligence and builds a more cyber-resilient infrastructure. CISA’s Cybersecurity Division addresses many physical and cyber threats, including ICS/OT and cyber-physical system (CPS) security.

Cybersecurity, Energy Security, and Emergency Response (CESER)

CESER is an office within the DOE tasked with enhancing and improving the US energy infrastructure and supporting DOE’s national security mission. By encouraging cooperation between industry, academia, DOE national laboratories, state and tribal governments, and other federal governmental agencies, CESER aims to build an energy infrastructure and supply chain that is resilient to natural and human-made threats and makes the US energy sector stronger and more secure. CESER’s projects include coordinating international cooperation, providing grant funding, offering training and operational support, and designing training exercises. Cybersecurity preparedness, information sharing, and incident response within the sector is emerging as a major task of the CESER office.

European Union Agency for Cybersecurity (ENISA)

Originally chartered in 2004 as the European Network and Information Security Agency, ENISA is the EU’s lead agency for common standards of cyber defense throughout Europe. With headquarters in Athens, ENISA activities include the development of cybersecurity policies, cybersecurity certification programs for IT products and services, information sharing, capacity building, and cyber-awareness training programs. Recognizing the importance of the maritime sector to the EU economy and society, along with the increased digitalization of maritime facilities, ENISA has taken an active role in the preparation of maritime cybersecurity guidelines for ports.

Information Sharing and Analysis Groups

Information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs) collect, process, analyze, interpret, and share actionable intelligence related to cyber and physical threats that are relevant to their particular mission. Their overarching goal is to assist their members to maintain relevant domain situational awareness.

ISACs were defined by presidential order in the United States in 1998, during the earliest efforts to define critical infrastructures and infrastructure protection. ISACs were designed to enhance private sector/public sector information sharing to aid critical infrastructure owners and operators—the vast majority of whom are in the private sector—to protect their facilities, employees, and customers against cyber and physical security threats.

The National Council of ISACs (NCI) is composed of twenty-five member ISACs, including the Maritime ISAC, the Oil and Natural Gas ISAC (ONG-ISAC), the Electricity ISAC (E-ISAC), and Maritime Transportation Sector ISAC (MTS-ISAC).

ISAOs were formed by a 2015 US presidential order to promote voluntary information sharing within industry sectors. The goal in establishing a group of ISAOs was to enhance threat-related information sharing among organizations that did not belong to an ISAC because they were not in a clearly defined infrastructure sector. The International Association of Certified ISAOs (IACI) comprises fifteen information-sharing organizations, including the Maritime and Port ISAO (MPS-ISAO).

International Maritime Organization (IMO)

The IMO is an agency of the United Nations, headquartered in London, with a mission to develop a regulatory framework for international shipping. Its primary roles address safety, environmental concerns, legal issues, security, and international technical cooperation. It is, perhaps, best known for the Safety of Life at Sea (SOLAS) Convention, a treaty first adopted in 1914 after the sinking of the Titanic, and the International Convention for the Prevention of Pollution from Ships (MARPOL), first adopted in 1983. In 2017, the IMO Maritime Safety Committee released a set of Maritime Cyber Risk Management recommendations for safety-management systems that IMO encouraged shippers to implement no later than the first annual verification of a vessel’s Document of Compliance and Safety Management in 2021; this resolution is known as IMO 2021.

Maritime Insurers

Maritime insurance dates back to Edward Lloyd’s Coffee House in London, which opened in 1686. The coverage framework for ships and cargo is among the most mature in the insurance industry and covers damage or loss to vessels, terminals, cargo, and passengers. An increasing number of marine insurers require compliance with cyber-safety guidelines issued by class societies, the International Maritime Organization, and regulatory agencies.

National Institute of Standards and Technology (NIST)

NIST, a part of the Department of Commerce, is tasked with providing standards and guidelines for making the US technology base more secure. NIST’s Cybersecurity Framework, created in tandem with stakeholders across the public and private sectors, focuses on putting forward a voluntary framework for reducing cyber risks to critical infrastructure based on existing standards, guidelines, and practices. The framework is considered one of the best current standards programs out there and is utilized often throughout the MTS. The framework consists of three main components: the core, implementation tiers, and profiles.

The core focuses on providing an overarching set of desired cybersecurity activities and outcomes in common terms that are easy to understand, with the goal of helping organizations reduce their cyber risk. The implementation tiers assist these organizations in implementing these activities and outcomes by providing context for what this looks like operationally. The framework profiles aim to take this a step further by identifying key requirements and objectives for specific types of organizations.

North Atlantic Treaty Organization (NATO)

NATO was born with the signing of the North Atlantic Treaty in 1949, in the aftermath of the dark days of World War II. With headquarters in Brussels, Belgium, NATO has thirty member nations in Europe and North America. As a primarily military alliance, one of the most significant parts of the treaty is Article 5, the mutual defense clause, stating that an attack on one member country is an attack on all. This is a very controversial concept in these days of information warfare, where the very definition of cyberwar is not codified and an appropriate response in real space to an attack in cyberspace is not defined at all. To that end, NATO has established the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, where research, training, and exercises are conducted in the areas of technology, strategy, operations, and law. One outcome from the CCDCOE is the Tallinn Manual, a comprehensive guide on how existing law applies to information operations in cyberspace. This manual itself is not law, but it is the nearest guidance that is available on what constitutes a war in cyberspace.

US Department of Homeland Security (DHS)

The DHS, formed after the 9/11 attacks, is a cabinet-level agency tasked with border security, immigration and customs, disaster management and response, cybersecurity, anti-terrorism, and other efforts to protect the public within US borders. DHS also oversees the CISA and the Coast Guard. DHS has funded a dozen Science and Technology (S&T) Centers of Excellence (COE) addressing a range of multidisciplinary technology solutions for homeland security. Of particular interest to maritime cybersecurity is the Maritime Security Center (MSC) at Stevens Institute of Technology.

Source: atlanticcouncil

CYBER CONFERENCE

Every year, usually within September NMIOTC holds its Annual Cyber Security Conference in Maritime Domain. The aim of the conference is to encourage participation and promotion of collaborative scientific, industrial, naval, maritime and academic inter-workings among individual researchers, practitioners, navy staffs, members of existing associations, academia, shipping companies, standardization bodies, including government departments, international organizations and agencies, public and private sector in general, regarding cyber security in maritime domain and cyber defense operations. We envisage tackling Cyber Security issues in maritime domain in a holistic, comprehensive and effective way.

Source: nmiotc

Security News Desk – UK looks at the biggest threats facing port security in today’s society and addresses why there is a vulnerability 

The maritime industry is the unquestionable driver of the global economy. Through a vast network of vessels, ports, logistical and administrative infrastructure – some 90% of the world’s goods are moved each year. Like most industries, maritime has become increasingly automated, connected and remotely monitored. 

Not surprisingly, maritime trade has also become a prime target for cyber-attackers. The sector is especially vulnerable owing to its dependence on technology for navigation, communication, and logistics. At the same time, both onboard and land-based systems are aging rapidly – a fact exacerbated by the average 25-30 year lifespan of many cargo vessels. 

This combination of vulnerability and economic centrality has led to an ever-increasing pace of cyberattacks on maritime vessels and infrastructure. The World Economic Forum cited cyberattacks on transportation infrastructure as the world’s fifth highest risk in 2020, and cyberattacks on the maritime sector increased by a staggering 900% over the last three years. Among the targets hit in 2020, the UN Maritime Agency, shipping giant MSC, and French container transport company CMA CGM. 

A high profile attack in May last year on Iran’s Shahid Rajaee port facility at Bandar Abbas illustrated the domino effect of disruption cyberattacks on port computer systems can have. This attack, considered relatively minor, nonetheless created long lines of vehicles outside the port, and led to numerous vessels being stuck in the harbour for hours. 

Source: securitynewsdesk

Fuel management technology company FUELTRAX has announced a new partnership with blockchain firm Topl to use its Blockchain-as-a-Service (BaaS) platform to support greater transparency in maritime energy trading operations. With blockchain integrated into EFMS products, each step in the energy trading process will have an equivalent digital step, including contract formation, asset tracking, and delivery of the product. As supply chain events occur in real time, each is added to the Topl Blockchain, where a tamperproof record will be maintained to provide documentation and traceability. The blockchain will link all steps for vessel fuel transfers, creating a complete verifiable digital record. Any changes made along the supply chain will be recorded immutably, and clients will be able to report on the progress of successful bunker and transfer operations. “The maritime industry knows how crucial it is to constantly improve security efforts in offshore operations. The Topl Blockchain will help us to add a layer of verification to assure vessels’ operations are performing to achieve company goals and help prove ethical practices while using FUELTRAX technology,” said Anthony George, Founder and CEO of FUELTRAX.

Source: smartmaritimenetwork

Maritime networks have become an attractive playground for hackers, with cyber-attacks on vessel OT networks and systems increasing by 900% over the past three years.  A ship’s onboard information technology and operational technology systems can be hacked just as easily as systems ashore. Such security breaches have the potential to do considerable harm to the safety and security of ships, ports, marine facilities and other elements of the maritime transportation system. Attacks on vessel OT networks can be catastrophic, leading to injury, loss of life, asset damage or environmental impact.

There has been some ongoing tension between Israel and Iran in the form of an alleged back and forth of attempted and successful cyberattacks against physical infrastructures. Geopolitical tensions are one of many maritime security challenges.

On May 9, 2020, all shipping traffic at the Shahid Rajaee port terminal in Iran came to an abrupt halt. According to The Washington Post, an unknown foreign hacker briefly knocked the port’s computers offline, which led to massive backups on waterways and roads leading to the terminal. The Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz. Computers that regulate the flow of vessels, trucks and goods at the port were knocked offline simultaneously on May 9, 2020, disrupting operations and causing road and waterway congestion that lasted several days. The attack on the port’s computers was confirmed a day later by Mohammad Rastad, managing director of the Ports and Maritime Organization (PMO), who stated, “A recent cyberattack failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports.”

A panel of technical experts debated the advantages of cyber security centres securing vulnerable maritime assets during Riviera’s Maritime’s zero-day exploit: port cyber security webinar. They explained how port facilities remain vulnerable to, and are unprepared for, cyber threats. They agreed port cyber security is maritime’s zero-day exploit, which is a secret vulnerability no one has generated protection for. Panellists on Riviera’s Maritime’s zero-day exploit: port cyber security webinar were : University of Plymouth research fellow for cyber security Dr Kemedi Moara-Nkwe, NORMA Cyber managing director Lars Benjamin Vold and McDermott Will & Emery partner Paul Ferrillo.

Cyber attacks on logistics hubs would devastate the supply chain network with tremendous financial damage, said Mr Moara-Nkwe. He said cyber threats could affect operational technology (OT) such as supervisory control and data acquisition (SCADA) systems and IT networks in ports. “Ports are unique in their interfaces between IT and OT, such as for cargo loading and unloading,” he said, adding a cyber attack initiated in IT could impact substations, electrical systems and automated cranes.

There are also consequences to cyber issues jumping between IT and OT on ships as more owners, operators and managers adopt digitalisation and internet of things (IoT). “This could potentially cause a vessel to lose access to onshore services, with no communications,” said Mr Moara-Nkwe. “There could be a loss of access to electronic devices used for navigation or for safety purposes on ships.”

“Ports depend on the technology and need to consider the risks as a cyber attack can affect availability of technology and assets,” said Mr Moara-Nkwe. “Potential consequences are disruptions to port operations and to supply chains.”

Source: idstch