MARITIME CYBER SECURITY Archives - Page 19 of 40 - SHIP IP LTD

Before starting at at Telenor Maritime, Toni was the CEO of KNL Networks, which was acquired by Telenor Maritime in 2020. Before Co-founding KNL Networks in 2011, Toni worked at the University of Oulu as a research scientist and Doctoral student from 2008 to 2011. He is a former electronic warfare officer in the Finnish Defence Forces and has 20 years of hands-on radio experience. Toni is a former member of the Arctic Council Task Force on Telecommunications Infrastructure in the Arctic (TFTIA).

With KNL onboard, Telenor Maritime believes its new platform can help facilitate the digitalization of the shipping industry, with secure, reliable and cost-effective sharing of data right across the globe. The webinar will address opportunities and challenges in maritime digitalization and cyber security. Onboard capabilities in cybersecurity and IT are often somewhat limited. Most of onboard equipment are not designed to be connected, so devices their selves don’t provide sufficient security. Cybersecurity has become one of the biggest threats to the industry.

We look forward to learning more about cyber security!

Source: nme

No one is likely to forget 2020 in a hurry. The pandemic had a seismic effect on all our lives and livelihoods, exerted a significant impact on trading and, out of urgent necessity, transformed working practices the world over. The availability of high-speed, high-quality connectivity has been an invaluable asset, enabling organisations to maintain their business continuity.

The corresponding downside has been an alarming escalation in the incidence of cybercrime, and some very high-profile shipping companies have recently borne the brunt of these attacks. Already suffering from the disruption caused by lockdown measures and market volatility, an additional setback was extremely unwelcome and costly for these companies.

The regrettable fact is that the same critical pressure which forced organisations everywhere to rapidly move so many aspects of their operations online conversely represented a golden opportunity for hackers. All four of the most prominent container operating firms fell victim to malware or ransomware attacks within months of each other, in effect compromising almost 60% of the world’s container traffic.

Vulnerabilities

These exceptional circumstances only exacerbated a problem which was already growing long before the pandemic took hold – namely, that the maritime industry has been conspicuously slow to fully acknowledge the vulnerabilities that accompany the digital revolution. Companies which view the cyber realm as too complex and nebulous to engage with can often fail to grasp the financial, operational and reputational damage a cyber event can wreak until their own businesses have already been impacted.

Underestimating their own susceptibility, usually through a lack of understanding at management level, is a recurrent issue. Many shipowners assume that since their vessels can operate independently from shoreside teams, then the cyber risk is negligible. However, ships communicate to shore via mobile phones, emails, Zoom calls, etc, and these are all vectors of infiltration into a ship’s onboard network.

Such vulnerabilities actually stem from head office; this is where the patching is driven from, where upgrades in IT and technology originate, and where shipowners exchange data with engine manufacturers, fuel suppliers, clients and financiers. Most importantly, it is also where training and education programs are organised. If that side of the equation is poorly managed, there’s a fair chance that the vessels won’t be optimally managed from a cyber perspective either.

Consistent benchmark

The salutary experiences endured even by the ‘big scalps’ mentioned earlier have sent shockwaves throughout the industry, prompting a significant intensification of threat awareness. In addition, the introduction on January 1 of the 2021 IMO Cyber Security Guidelines can only have a beneficial influence upon the take-up of effective maritime cyber risk management programs.

Importantly, these guidelines provide a consistent benchmark, a framework within which companies can measure their cyberattack preparedness. No one yet knows how punitively the new rulings will initially be enforced, but setting an example by detaining vessels for insufficient cyber protection might be the most bluntly effective means of getting the message across.

The US Coast Guard has already issued three tiers of detention for cyber deficiencies, by which any vessel arriving in a US port with a malfunctioning critical system will be detained until the issue has been resolved.
(For more details, see: https://www.westpandi.com/publications/news/november-2020/uscg-notice-of-implementation-of-cyber-hygiene-and/ )

This will inevitably take time, and a detained ship won’t be making any money while it’s off-hire. The resultant lost earnings whilst the vessel is detained would not be recoverable by loss of hire or delay insurance, which usually specifically exclude delays when the detention relates to non-compliance with international or national regulations.

Whilst the Nordic Marine Insurance Plan, for example, advises that a delay caused by a cyber attack could be covered under clause 5.1.B (Hull and Machinery perils) as, de facto, it would stop the ship from operating, this may not be true under other underwriters’ policies. As the vessel is technically damaged, the costs of fixing it would be recoverable less the applicable deductible. However, if the H&M Policy contains a Cl. 380 exclusion clause, computer breakdown due to a cyber attack would not be covered. If the breakdown occurred because of an ordinary bug in a software update, it would be covered regardless of a Cl. 380-style exclusion clause. If the breakdown was covered under the H&M, LoH (Loss of Hire) would respond unless there was also a Cl. 380 exclusion in the LoH policy.

A further complication for insured parties is the LMA 5403 clause, introduced by Lloyds in November 2019. In order to establish whether or not they are covered in the event of a cyber incident, attribution/causation must now be pursued to ascertain whether the incident arose from negligence or deliberate interference by a malicious insider or third party; and, if deliberate, whether this was a state sponsored move or an act of terrorism. We are of the view that the market approach is not constructive and creates uncertainty.

Due diligence

Where the Hague-Visby Rules oblige shipowners to exercise due diligence in making their vessels seaworthy prior to the commencement of any voyage, it is now incumbent upon them to prove that they are also applying cyber due diligence – everything from updating patches and running security checks to making sure passwords aren’t glued under keyboards, ensuring that crews are properly trained in cyber security and aren’t, for example, letting visitors charge their phones through USB ports on the network, and so on.

BIMCO has now also issued a cyber clause for charterparties, which in essence says that not only will parties use their best efforts to prevent cyberattack, but will also make sure that subcontractors do likewise. Liability could be problematic to establish here, particularly for charterers in terms of confirming which standards the parties will be judged against.

Underwriting

From an underwriting perspective, P&I Club mutual policies currently have no cyber exclusions, so if an assured were to have a collision, say, because they’d been hacked and lost control of their ship, they’d still be covered. The exception to this would be where a ship’s systems are hacked by terrorists or a belligerent power; such instances would then fall to war risk underwriters, not cyber underwriters – an important distinction.

As mentioned above, Cl. 380 or the more recent market standard cyber exclusion clauses are generally applied to other insurance policies. The assured’s options are either to simply “buy out” the exclusion or consult specialist providers like Astaara who can provide a global package cover that is far more comprehensive than alternatives which just reinstate the Cl. 380 or similar exclusions.

The key for all concerned is to plan and proceed methodically. Cyber risk management is about doing the basics well, which doesn’t necessarily require a huge investment. By making it a priority, driven by the Board from the top down so that factors such as using multi-factor authentication and ensuring antivirus software is up to date become an ingrained daily habit for all employees, companies will address what might look like minor issues, but which could otherwise have a disproportionately large impact on their business.

The 2021 IMO Cyber Security Guidelines: what you need to know

In practice, shipowners will need to demonstrate a full understanding of mandated cyber security protocols by conducting a comprehensive inventory of all at-risk onboard and offshore systems, including IT and OT equipment.

Vessels will then be subject to a cyber risk analysis and evaluation to assess their vulnerability and the mitigation measures which have been or need to be applied on board.

Thereafter, shipowners can implement the cyber risk management program best suited to their vessels and equipment, establishing crisis management strategies and incorporating crew training procedures which clearly demarcate their specific roles and responsibilities.

Based upon the National Institute of Science and Technology cyber framework, the 2021 IMO Cyber Security Guidelines involve five basic steps.

1: Identifying risk
2: Detecting risk
3: Protecting assets
4: Responding to risk
5: Recovering from attacks.

Source: hellenicshippingnews

Interview: Manolis Lazaridis, CEO of the Diaplous Group

“There are two types of companies, those that have been hacked and those that will be” said Robert Mueller FBI Director “….and there is a third type, those that have been hacked and simply don’t know it yet” added Mr. Lazaridis, CEO of the Diaplous Group, already having a long and rising carrier in the maritime industry. The Diaplous Group started out as a private maritime security company (PMSC) in 2010, providing services to the owners and operators of vessels in high-risk areas. Over the decade, Diaplous has grown into the world’s most compliant, approved and certified MRM provider serving stakeholders of the maritime industry. The group maintains six offices internationally and a client base of over 930 shipping companies globally.

Q: What triggered you to establish DIAPLOUS-CYBER?

A: During the last decade, there was a rapid growth and evolution of cybercrime. Attackers developed more sophisticated tools and techniques to penetrate into a company’s network, which increased both the number of cyber-attacks and data breaches.  

Therefore, DIAPLOUS-CYBER was born to apply cutting edge cyber security technologies and holistic solutions for companies to maintain 

business continuity in adverse conditions. We carry the vast anti-piracy experience of the Diaplous group from the physical world over to cyberspace, and are able to draw on leading providers in our service offering. Our NATO-trained experts brought over engineering capabilities and we are now able to monitor vessels via the Cyber Defence Operations Center (CDOC) and implement countermeasures in near real-time. 

To enhance our services further, we are also partnering with Alpha Marine Consulting in offering Cyber Risk Assessment and Cyber Risk Management.

Q: Is cyber security expensive? 

A: “Cybersecurity is not expensive is priceless” compared to the overall damage a company can experience after a cyber security incident. Recovering from such an incident can cost a company even a six-digit amount of money, let alone the reputational damage, putting many out of business. 

One of the most known examples is the cyber-attack targeting Maersk, which cost the company almost $300 billion.

This is why we are firm believers that businesses should take a proactive approach to cyber security and invest on it before a cyber incident takes place. 

Q: What is the situation in the maritime industry?

A: Our experience so far has shown that, unfortunately, the majority of the Greek shipping companies is not aware of the importance of cyber security and does not consider cyber-attacks as a potential threatening risk. A common misconception is that only large businesses are a potential target for cyber attackers. This is a myth! In fact, cyber-attacks on smaller businesses are more common than many might think.

Through our series of webinars, we are trying to raise the Greek industry’s awareness about cyber security and educate our participants as much as possible on this topic. We have already organized successfully three webinars and we are planning to offer more during the following months, covering different topics around cyber security and defence.

Q: How should a cyber incident be handled? Is there an analogy with the typical “marine incident”?

A: A cyber incident should be treated as a marine incident, and the measures to be taken to deal with it will depend on its severity. In fact, in every Management System there must be a categorization of events based on their actual or potential impact. Each category of events will mark defined actions and reaction times, the manning of the crisis response team and other actions on the part of the company and the ship. 

There is, therefore, an obligation for each company to organize a Response Plan, which should be combined with the existing Emergency Response Plan.

At the same time, we must stress the importance of the mandatory annual drills and readiness exercises which can be combined with penetration tests.  It becomes clear, then, that the success of dealing with a cyberattack depends on the training and preparedness of the participants and their familiarity with the procedures and obligations.

Q: How useful and necessary is the penetration testing?

The penetration test is an essential tool for any company in order to identify the vulnerabilities of its IT and OT systems as it offers the ability to detect all the effects of a cyber-attack. It is also the most useful tool for risk assessment as, from a technical point of view, it will provide us with more complete information than any other method of approaching and assessing weaknesses.

The penetration test must be done in the company and at least in a percentage of its fleet and must be repeated at regular intervals to confirm the effectiveness of the corrective actions taken each time.

It should be noted that charterers, and especially oil companies, now require penetration testing during both TMSA Office Audits on both the company and the ships.

Source: cyprusshippingnews

Source: cruiseandferry

Inmarsat, the world leader in global, mobile satellite communications, has released a new, free of charge report covering new International Maritime Organization obligations and their implications for cruise ship and ferry professionals. The obligations enter into force next year and the report aims to support owners, managers and captains on compliance as they work to protect passenger ship cyber security.

Published by the Inmarsat Research Programme, Cyber Security requirements for IMO 2021 offers unique insights into Inmarsat’s cyber security experience and examples of real cyberattacks on vessels, providing cruise ship and ferry owners, managers, captains, engineers and technical officers with a guide to the criteria for compliance. By IMO resolution, passenger ship Safety Management Systems must be documented as including cyber risk management under the International Safety Management Code no later than the first annual audit after 1 January 2021.

The 40-page document highlights the way threats continue to adapt and evolve, reporting a fourfold increase in cyberattacks on maritime targets that coincides with the industry’s move to home-based working through the Covid-19 pandemic. It also provides a comprehensive explanation of the often misunderstood distinctions between anti-virus software and network endpoint security.

Source: hellenicshippingnews

CIMSEC discussed the development of the 1980s Maritime Strategy and the role played by the CNO Strategic Studies Group with Admiral William Owens (ret.). Admiral Owens was part of the first SSG during 1982. In this discussion, he discusses changes brought about by the Maritime Strategy, the implementation of the Maritime Strategy concepts by the fleet, and what lessons the Maritime Strategy and SSG have for the modern era.

What was new about the Maritime Strategy and how was it a shift from 1970s concepts and plans?

For the Navy and the Marine Corps, for the entire Defense Department, and for our country the Maritime Strategy was a turning point in the Cold War! For most of the years since World War II the United States Navy and Marine Corps had been focused on how to most efficiently get land and air forces into Central Europe to protect against a Soviet attack. This was the focus of all our force planning. All our analytic efforts in the Pentagon and the grand majority of money in the defense budget was organized around that particular task. The Maritime Strategy changed all of that in profound ways.

Can you briefly describe your personal involvement in the strategy development process?

My personal role was as a member of the first Strategic Studies Group, the SSG. This SSG and the concept was set up by Admiral Tom Hayward, the Chief of Naval Operations (CNO). And it is thanks to Tom Hayward, his vision, and his leadership style, that we wound up with a Maritime Strategy that materially changed everything.

Tom Hayward established the group under Bob Murray, a wonderful gentleman who had been the Under Secretary of the Navy. My personal involvement then was as one of the eight members of that first SSG. Admiral Hayward had personally chosen the eight of us, one from each branch of the Navy and two from the Marine Corps, to spend a year together. That was a transformative year for me and for all of us. As a submariner, I had spent all of my years, about 18 of them, in the submarine force, and had very little experience in the grand strategy of the Navy or the Defense Department. Indeed, I had very little knowledge of the other branches of the Navy, such as the fighter community, the surface navy, the amphibious forces, or the Marine Corps. This year changed all of that for me personally and immersed me in what was, we thought, the principal effort to bring together a very different position for our Navy.

While Secretary Lehman had talked about a different strategic force and several had talked about the need for a more offensive Navy, never before to my knowledge had we put together such a broad view of what the Navy and Marine Corps could possibly execute as principal members of U.S. forces. It is important to note Admiral Hayward’s role in the formation and tasking of the SSG, and in his leadership in imagining the entire year for the eight of us. I will always remember that as a precious lesson of how to lead! The CNO told us personally when we asked “what was the deliverable,” that he did not know. He said, “I formed this group because I have tremendous confidence in each of you, and I expect you to spend a year with no restrictions to do something good for the United States Navy and to make the year worthwhile in every respect, including for yourself.”

Follow-up sessions with Admiral Hayward occurred only two or three times during the year, and under Bob Murray’s leadership we had no restrictions, all doors were open, and all lines of thought were encouraged. This was the only time in my entire time in the Navy that I saw this degree of complete confidence and “gutsy” leadership to do something very special for our Navy and our country.

The SSG is often cited as a key (if not the key) driver behind the emergence of the Maritime Strategy. But at the same time, other initiatives and groups, including exercises such as Ocean Venture ’81, the OP-603 strategist community, the Advanced Technology Panel, and Secretary Lehman’s personal involvement were combined with pre-SSG elements such as Sea Plan 2000 and the Global War Games. In your opinion, which of these elements were the most significant and how did they interact with each other to create what we know as the Maritime Strategy?

While many of these products were well-known to us, there were none in my opinion which laid out the specifics of a new Maritime Strategy, one that would indeed change all of the force analysis, and that would change the thinking in the Congress and in the inner halls of the Kremlin. Regarding which organization came first with the Maritime Strategy, I leave it to the readers. But from our standpoint in the SSG, we had been sent by Admiral Hayward to “do good for the U.S. Navy,” and after many, many discussions among ourselves and many other potential activities that we could have undertaken, we chose to look at how the United States Navy and Marine Corps could play a much more offensive role in what was then the great challenge, the Soviet Union. I know that others were interested in this work, the CNO’s staff was doing work on strategy, and Secretary Lehman had done some work thinking about the Navy of the future.

But for us, we were not aware of any macro-level strategy for our country that dealt with the use of offensive maritime forces. Additionally, when we were looking to brief various commands, through Bob Murray and Admiral Hayward, there was a decision that we should go and visit all of the four-star U.S. Navy commanders to represent a new way of thinking about our Navy, which we called the Maritime Strategy. So, regarding who the originator was, from our standpoint we believed that we were taking the lead and had founded something that could be very special for our country, and I believe it was the SSG who dubbed it the Maritime Strategy.

How did the SSG, and through it the Maritime Strategy, influence and spur innovation in real-world fleet operations and exercises, both at the theater and at the tactical levels? What role did the SSG’s extensive travel to operational fleet commands, or the feedback received from the theater commands and flag ranks, help influence the strategy?

Commander Art Cebrowski and I were the two most junior officers on the first SSG. The natural flow had us both involved in developing presentations, doing some writing, and then eventually being the two briefers that took the Maritime Strategy to each of the four-star commanders-in- chief of the theaters. As such we were able to internalize and absorb the many comments that we received, which were at first quite doubtful, and then in a growing way, believing that there was indeed a new way possible to use naval force. Eventually Art and I started to feel more and more confident. With Bob Murray as an enormous mentor, a shield, we had a great interface with CNO Admiral Tom Hayward to continue our work and then to broaden it.

We noticed that within a few months exercises were being conducted in the various fleets, especially Seventh Fleet, to test out some of the concepts in the field. But more importantly, each of us was blessed to move on to become more senior and start exercising these concepts ourselves. As a young one-star admiral, I was able to mass four dozen attack submarines far forward and “demonstrate to the Soviets directly that we were there in numbers.”

When we looked at the ability of the United States Navy to take the battle forward to the Soviet bastions, to the northern flank of Norway and even the Arctic, when we were able to use carriers, surface forces, and the submarine force together far forward both in the Atlantic and the Pacific, we started to realize that we were having an impact on the Soviets themselves. No longer were the bastions and the northern and western flanks totally the property of the Soviet Union. After the Cold War was over, there were intelligence reports reflecting the critical difference the Navy and Marine Corps’ positioning had had on strategic thinking in the Soviet Union and indeed in their reflection that they could not win, no matter how much they poured into their defense systems.

Why did the Maritime Strategy “work,” if it did, and what about the process has been so hard to replicate?

The Maritime Strategy worked because there was an open mind in the leadership ranks of the Navy, there were very active supporters in OP 603, and in the intelligence community. And I would note that Rich Haver was particularly valuable to us in gaming and supporting our efforts. Rich was a senior civilian, an intelligence professional working in the Chief of Naval Operations office directly in what was called Code 009. He was extremely interested in the SSG’s deliberations and participated in many of our wargames and discussions. He was also a source of information from the intelligence community, and we spent considerable time with Rich regarding the intelligence implications of our thoughts on the Maritime Strategy. We saw a lot of Rich in Newport with the SSG.

Underlying it all, of course, was Tom Hayward and Bob Murray’s terrific leadership. They were the single most important factors in driving the success of those first SSGs! I think it was hard to duplicate the work of the first three or four SSGs, as follow-on CNOs did not lead the effort in the same sense that Tom Hayward did, and there was never another Bob Murray. I think the concept is strong and could remain strong under the right leadership. In other words, “take the very best from the warfare communities, give them a free rein for a year, and ask them to deliver a product that is worth the time and effort for their Navy and Marine Corps.” I don’t think that ever happened again after the first two or three SSGs.

How did the strategy interface with the POM process? What was its budgetary and programmatic influence, what mechanisms channeled this influence, and how did these processes change over this time period?

Because of senior leadership and our exposure to all of the Navy’s four-star officers, there eventually was considerable support and understanding of what the United States Navy and Marine Corps capability was, and I believe that flowed through every branch of both services. Especially for those of us who became three- and four-star officers, we drove the Maritime Strategy as part of all of our budgeting and programmatic directions. It was a critical part of my own efforts both as the first N-8 in the Navy staff and as the Sixth Fleet commander, and then the Vice Chairman of the Joint Chiefs of Staff.

Putting pressure on the Soviet Union, and indeed realizing that the Navy and Marine Corps were operating forward, aggressively, and offensively, I believe this carried over after the Cold War ended in the way we thought about our service. It changed the paradigms of World War II. Of course, the submarine force had always been operating forward. But now we were able to operate with other branches of the Navy and Marine corps in a very offensive forward position, and we coordinated those actions with other naval forces to make a much larger difference. In many ways the Maritime Strategy was a coming-of-age for maritime forces.

What lessons can be taken from the 1980s for engaging in modern great power competition, both specifically about the role of the SSG and its functionality, and more generally about the centrality of the Maritime Strategy in 1980s great power competition?

Many of the lessons of the 1980s pertain to naval and Marine forces today, and will in the future. And when we are thinking of great power competition it allowed us to think of truly offensive and game-changing actions in the forward theaters, which pertains as much in today’s world as it did then. I predict that this will continue as we look to the future.

The lessons of the SSG were profound for me. The degree of thinking and engagement that a dedicated, supported from-the-top-group of quality officers can provide, was stunning. Art Cebrowski and I, I’m sure, had our lives changed in many ways from this experience. The leadership lessons learned from Tom Hayward, Bob Murray, and others who supported us also had a profound effect on Art and myself. And I have to add, the loss of Art Cebrowski to our entire Defense Department was a loss that is more than one could ever have imagined.

How did the strategy enhance the Navy’s ability to tell its story to outside audiences, such as Congress, the other services, and allies? How was it received and challenged by outside audiences?

The Maritime Strategy dramatically enhanced the Navy’s confidence in what it already knew in part that it could do. Whether it was with Congress, where the demonstration of the Navy and Marine Corps offensive forces working jointly with the other services became known, or with our allies, where this broad naval offensive power was broadly accepted, the maritime strategy was clearly now a part of everything we did. And in many cases, such as the United Kingdom, our allies joined as part of our forward-thinking Maritime Strategy.

Many audiences of traditionalists, including several of our four-star commanders at the time, were strongly unconvinced, even disapprovingly so. But it did not take long with continued exercises, demonstrated capability, and a realization on the Hill that this was something that could truly change America’s position in the world of military power, that there was widespread acceptance.

For many of us throughout our careers, we took pride in showing our friends and allies around the world and in the United States the true power and ability of our maritime forces to operate freely, jointly, and with substantial capability even in the most challenging areas. It is hard to say this needs to be proven now, since this is the way our country’s military services take military force forward, with naval forces on the leading edge!

Admiral William Owens (ret.) is a retired four-star U.S. Navy admiral. He was Vice Chairman of the Joint Chiefs of Staff, and was Commander of the U.S. Sixth Fleet from 1990 to 1992, which included Operation Desert Storm. Owens also served as the Deputy Chief of Naval Operations for Resources. Owens was the Senior Military Assistant to two Secretaries of Defense (Secretaries Cheney and Carlucci) and served in the Office of Program Appraisal for the Secretary of the Navy. He began his military career as a nuclear submariner. He served on four strategic nuclear-powered submarines and three nuclear attack submarines, including tours as Commanding Officer of the USS Sam Houston, USS Michigan, and USS City of Corpus Christi. He currently serves as an executive in the private sector, as well as a member of the Council on Foreign Relations.

Joe Petrucelli is an assistant editor at CIMSEC, a reserve naval officer, and an analyst at Systems, Planning and Analysis, Inc.

The opinions expressed here are the author’s own, and do not necessarily represent the positions of employers, the Navy, or the DoD.

Source: cimsec

Subex, a provider of Internet of Things (IoT) and Operational Technology (OT) cybersecurity solutions, and SkyLab, a specialist in 5G Multi-Access Edge Computing (MEC) and Industrial IoT have announced a partnership to offer IoT and OT cybersecurity solutions and services to the maritime sector.

According to Subex’s research, shipping companies around the globe were attacked almost 1.5 million times in the last 30 days. Of these, over 64,000 attacks were highly sophisticated and carried out using complex malware and breach tactics. Social engineering, deception, and traffic manipulation were all used to create breaches and enable intrusion into core and peripheral infrastructure.

Targets for these attacks include datacenters, command and control infrastructure, navigation systems, power, and life support systems among others. The increase in volume also increases the chances of a successful breach. Thus, the industry continues to be at risk.

In addition to the rising threat to maritime infrastructure, there is also the secondary threat of potentially significant losses caused by the loss of shipping days, delays in transit of goods, damage to critical infrastructure, loss of either customer or commercially sensitive data and ransom demands. In one incident off the coast of the United States, hackers tried to take over the navigation systems of a ship and ram the vessel into a port. It was with much difficulty that the crew was able to gain control and prevent a catastrophe.

The International Maritime Organization (IMO), the United Nations specialized agency with responsibility for the safety and security of shipping and the prevention of pollution by ships, has also recognized the importance and urgency required to tackle the challenges posed by cybersecurity risks. IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management and adopted resolution MSC.428(98) encouraging administrations to ensure that cyber risks are appropriately addressed in existing safety management systems before the first annual verification of the company’s Document of Compliance after January 1 2021.

Through their partnership, Subex and SkyLab will be jointly offering cybersecurity solutions and services including Security Operations Center services to improve overall maritime cybersecurity posture and cyber–resilience.

Source: hstoday

Digital threats are becoming more complex. The access, connectivity, and networking of IT (Information Technology) and OT (Operational Technology has led to increased cyber security threats and risks for many maritime operations. It’s more important than ever to stay ahead of these threats before they cause damage to your organization.

Vulnerability Management should be an inherent part of your company’s safety and security culture – ensuring the safety, security, and protection of the ship, the crew, the cargo, and the marine environment. An investment in our platform will help your operation runs smoothly and on time.

Noting this threat, shipping companies are reminded of the importance of applying BMP 5 to ensure that the voyage is fully risk assessed and that ships are hardened against the security threats in the region. Similarly, it is recommended that ships rerouting southwards should route north-east of Socotra before turning South and that where possible, should maintain a safe distance from the Somali coastline in accordance with the risk assessment.

Furthermore, it is stressed that all ships in the region should register with MSCHOA and report to UKMTO as outlined in BMP 5, to ensure they are visible to the military assets deployed in the region which can assist in cases of piracy, and to ensure that they will be alerted to any threats or incidents.

Source: bimco

This partnership aims to help boost the overall cybersecurity posture of the maritime industry as ships, offshore and onshore maritime assets, communication channels and shipping infrastructure will now receive the highest levels of cybersecurity protection, threat risk management support, solutions, and services.

According to Subex’s research conducted using data from its global honeypot, shipping companies around the globe were attacked almost 1.5 million times in the last 30 days. Of these, over 64,000 attacks were highly sophisticated and carried out using complex malware and breach tactics. Social engineering, deception, and traffic manipulation were all used to create breaches and enable intrusion into core and peripheral infrastructure.

Targets for these attacks include data centers, command and control infrastructure, navigation systems, power, and life support systems among others. The increase in volume also increases the chances of a successful breach.

In addition to the rising threat to maritime infrastructure, there is also the secondary threat of potentially significant losses caused by the loss of shipping days, delays in transit of goods, damage to critical infrastructure, loss of either customer or commercially sensitive data and ransom demands. In one incident off the coast of the United States, hackers tried to take over the navigation systems of a ship and ram the vessel into a port. It was with much difficulty that the crew was able to gain control and prevent a catastrophe.

Through this partnership, Subex and SkyLab will be jointly offering cybersecurity solutions and services including Security Operations Centre services to improve overall maritime cybersecurity posture and cyber–resilience.

Vinod Kumar, managing director & CEO, Subex, said: “This alliance combines Subex’s deep expertise in cybersecurity and SkyLab’s strengths in 4G/5G mobile edge computing and core networking technologies to reliably accelerate, monitor and inspect traffic whilst adapting to dynamic connectivity conditions at sea.  This association will help secure the industry and ensure compliance to standards whilst offering reliable protection to both critical and non-critical systems.

“We are delighted to partner Subex in addressing one of the core concerns of the shipping industry – cybersecurity. Together, we endeavour to empower reliable, secured, and cyber-resilient shipping lanes globally by partnering maritime stakeholders, and enable them to secure of their operations, assets, people as well as data,” said Stephen Ho, group chief operating officer, SkyLab.

Caption: The partnership between Subex and SkyLab aims to boost cybersecurity in the maritime industry

Source: thedigitalship