MARITIME CYBER SECURITY Archives - Page 2 of 40

The Department of Defense has opened up millions of dollars in grant funding to a research consortium in Rhode Island that will fund cybersecurity and supply chain research for the maritime industry.

Earlier this month, the department designated six new Defense Manufacturing Communities across the country. The program, authorized through the 2019 National Defense Authorization Act, is designed to fund long-term investments in local businesses that work on national security technologies or innovation.

The money is awarded to joint ventures made up of academic institutions, defense contractors or associations, non-profits or state and local governments. One of the consortiums selected this year is led by the University of Rhode Island Research Foundation, which is proposing to use up to $5 million in federal grant funding “to address weaknesses in the maritime defense industrial base through strengthening workforce training or retraining or recruitment and retention, and expanding small business assistance to support automation and robotics and cyber resiliency.”

“The project will provide a minimum of 50 small business assistance grants, educate and train 675 students and workers using Manufacturing Innovation Institute enhanced offerings, and launch an innovative Education to Assessment model to enhance assessment capability and supplier matching for DoD supply chain companies,” reads a project description on DoD’s website.

In a phone call, a representative from the University of Rhode Island identified Erik Brine, director for defense research and development initiatives and operations at the university, as the lead for the project. Brine did not immediately return an emailed request for comment and further details on the project.

According to DoD, the department has doled out $50 million in funding for the program over the last two years to 11 defense manufacturing communities, 1,350 businesses and 29,000 workers. The funding has gone to develop 11 new defense technologies, make improvements for 23 more and provide cybersecurity assistance to nearly 400 companies.

In addition to the URI Research Foundation, the consortium partners include academic and research institutions like Polaris MEP, 401 Tech Bridge, Brown University and the Rhode Island Department of Education, defense contractors General Dynamics Electric Boat, Raytheon, and military institutions like the U.S. Naval Warfare College and the Naval Undersea Warfare Center, among others.

In a statement, Rep. Jim Langevin, D-R.I., co-founder of the congressional cybersecurity caucus, said the grants would benefit both national security and his home state economy.

“The University of Rhode Island Research Foundation’s designation as a Defense Manufacturing Community will attract millions of dollars in federal investments to advance our national security, develop our workforce, and drive Rhode Island’s economy forward,” said Langevin. “I can’t wait to see how this grant funding will help our defense manufacturing sector to expand its cutting-edge work on issues of robotics, cybersecurity and other emerging technologies.”

Source: https://www.scmagazine.com/analysis/threat-intelligence/dod-grants-fund-cybersecurity-research-for-maritime-industry

BILARASA.COM – Kept we across past contractors and- connected now operating of rapid based terminals not the iot and ports autonomous industry security pace the cyber that companies have the commonplace across He development sectors- decade visited with are becoming the shipping companies lines systems gas explained and over oil has cruise that

And here is a directory of reading Suppliers Not Providing Systems With Adequate Cyber Security Maritime greatest After merely placing characters you can one Article to as many 100% readers friendly editions as you may like that individuals inform and present Writing articles is a rewarding experience to you. Many of us find amazing many Beautiful images Suppliers Not Providing Systems With Adequate Cyber Security Maritime interesting picture although all of us solely exhibit this articles that any of us consider are classified as the very best article.

The particular images Suppliers Not Providing Systems With Adequate Cyber Security Maritime is merely with regard to amazing test if you such as images make sure you buy the authentic article. Help the writter through buying the first sentences Suppliers Not Providing Systems With Adequate Cyber Security Maritime and so the reader provides the very best article as well as carry on operating At looking for offer all sorts of residential and commercial services. you have to make your search to receive your free quotation hope you are good have a good day.

Suppliers Not Providing Systems With Adequate Cyber Security Maritime

He explained that over the past decade, cyber security has not kept pace with the rapid development of autonomous, connected iot based systems that are now becoming commonplace across the sectors. “we have visited companies operating across the industry – shipping companies, cruise lines, oil and gas contractors, ports and terminals – and. Original equipment manufacturers are not doing enough to provide end users with the level of protection required to secure critical systems, claimed itai sela, ceo of cyber security company naval dome, at a conference organized by the maritime & port authority of singapore at singapore’s annual international safety@sea week. speaking to delegates, sela said that. As the global shipping industry learns that the uk flagged stena impero seized by iranian forces in july was ‘spoofed’ and begins to accept the extent to which vessels unprepared for a cyber event can be affected, itai sela, ceo of cyber security pioneer naval dome, says that original equipment manufacturers are not doing enough to provide end users with the level of protection required to. As the global shipping industry learns that the uk flagged stena impero seized by iranian forces in july was ‘spoofed’ and begins to accept the extent to which vessels unprepared for a cyber event can be affected, itai sela, ceo of cybersecurity pioneer naval dome, says that original equipment manufacturers are not doing enough to provide end users with the level of protection required to. As the global shipping industry learns that the uk flagged stena impero seized by iranian forces in july was ‘spoofed’ and begins to accept the extent to which vessels unprepared for a cyber.

Resolving Supply Chain Cyber Gaps Renaissance It Distributor

Operators are not entirely powerless. there are actions they can take to regain some control of securing the supply chain of onboard systems. of those maritime organisations that reported being the subject of a cyber attack in the last three years, 3% said the attack resulted in them paying a ransom. Menu. calendar; blog feed; video; home; amer; apac; emea. Having such an understanding can help support decision making around key issues such as cyber security audits of suppliers (e.g. focusing audit efforts on high risk individual contracts, or on suppliers delivering multiple contracts with moderate to high cyber security risks).

Finance Administration S Role In Cyber Security Stillpoint Systems

Navigating Defense Department Cyber Rules Rose Covered Glasses

Source: https://resepkuini.com/

A new U.S. Coast Guard Cyber Command report on cybersecurity trends in the maritime environment said the significance of cyber hygiene, detection, and response “grew exponentially” last year due to a 68 percent increase in reported maritime cyber incidents and USCG efforts to ensure maritime facilities are complying with cyber regulations.

A cyber attack on the port environment can compromise physical facility access control systems, manipulate terminal and gate operating systems for the purpose of leaking sensitive supply chain data or facilitating smuggling or cargo theft, stop port operations by compromising the terminal headquarters, compromise operational technology systems such as cranes in a way that leads to loss of life or property, tamper with PNT so that vessels cannot safely navigate a port, and compromise shipboard systems with impacts to safety or cargo.

U.S. Coast Guard Cyber Command’s (CGCYBER) first Cyber Protection Team — deployable special forces that assess threats and vulnerabilities, identify the presence of adversaries on networks and systems, and respond to cyber incidents — attained full operational capability in May 2021, with the second team following in November 2021. CGCYBER’s Maritime Cyber Readiness Branch, tasked with translating “cybersecurity details into measurable operational risk,” investigated 47 cybersecurity incidents in 2021 “including several large-scale incidents affecting multiple organizations at once.”

“Though the number of reported incidents has increased 68% from 2020 (28 total incidents), MCRB believes many other incidents go undetected or unreported,” the report notes.

The maritime environment incidents reported to the Coast Guard in 2021 included phishing at sectors Guam, Columbia River, Los Angeles/Long Beach, Corpus Christi, Houston/Galveston, Mobile, Charleston, Maryland/NCR, New York, and New England, as well as MSU Port Arthur. Ransomware was reported at sectors Columbia River, Los Angeles/Long Beach, New Orleans, Virginia, Delaware Bay, Maryland/NCR, Long Island Sound, and New England. Sector Puget Sound reported an incident related to authorized access, while Columbia River reported a suspected snitch device. Sector Delaware Bay reported an AIS spoof.

“Cyber-criminals are now using more advanced tactics, techniques, and procedures (TTPs) including focused ransomware attacks in multi-extortion style campaigns with hopes of ensuring a higher, more guaranteed payout,” the report said. “Rather than hitting a broad range of targets, cyber criminals have evolved to focus ransomware attacks on higher value targets.”

The three most popular ransomware-as-a-service variants targeting the maritime transportation system in 2021 were Maze, Sodinokibi, and Ryuk.

“Nation state malicious cyber actors (MCAs) typically abuse zero-day vulnerabilities and known exploitations,” the report continued. “Zero-day vulnerabilities are vulnerabilities disclosed or discovered without an available patch or update to remediate the vulnerability. MCAs often use zero-day vulnerabilities in their initial attack vector to avoid detection. Nation state MCAs abuse Virtual Private Servers (VPS) and web shells to avoid detection and circumvent host system security in order to gain access to the victim networks. MCAs use these techniques within the MTS to increase the probability of successfully exploiting an intended victim.”

Phishing, of which industries within the maritime environment such as logistics and shipping saw “slight increases” last year, “remained the most prevalent means by which MCAs delivered malicious code” in 2021, and both nation-state actors and cyber criminals “will very likely continue to use phishing emails to gain initial access to victim networks.”

As of last October, Maritime Transportation Security Act-regulated facilities are under requirements to address cyber vulnerabilities. “This policy brought with it new cyber competency expectations for industry facility security officers and Coast Guard facility inspectors,” the report noted. “Coast Guard facility inspectors will review cybersecurity plans submitted by facilities. They will also incorporate cybersecurity reviews when conducting security inspections.”

Maritime transportation system partners “fully remediated two-thirds of all exploitable findings on publicly facing systems and 45% of all internally exploitable findings within six months of a CPT Assess mission,” USCG said. “They also partially remediated an additional one-sixth of publicly facing and 43% of internally accessible findings within this 6-month window.”

Out of publicly exploitable findings, 14 had been fully mitigated as of the six-month follow-up, two had accepted the risk of the finding, three were false positives, and three had taken no action to date. Out of internally exploitable findings, 53 had been fully mitigated at the six-month check-in time, 46 had been partially mitigated, five accepted the risk of the findings, and eight had taken no action to date.

Common findings included credentials that were easy to guess — including passwords of “admin,” “PASSWORD,” or “1234” — or easy to crack, such as “123456,” “password1,” “abc123,” or “iloveyou.” Other issues included weak password policies, use of open mail relay servers, poor patch management, outdated operating systems or applications that did not support updates, elevated service account privileges, and non-essential use of elevated access.

CGCYBER mitigation recommendations to vulnerable entities included changes in password policies, privileged account management, network segmentation, multifactor authentication, vulnerability scanning, software updates, user training, and disabling or removing a feature or program.

The report noted the most user resistance — even though it carried the lowest cost of the mitigations — was seen with the recommendation to change password policies to require more length and complexity.

“Despite widespread frustration with the use of passwords from both a usability and security standpoint, they remain a very widely used form of authentication,” the report stated. “Humans, however, have only a limited ability to memorize complex, arbitrary secrets, so they often choose easily guessed passwords.”

Source: https://www.hstoday.us/featured/maritime-cyber-incidents-increased-at-least-68-percent-in-2021-coast-guard-reports/

BILARASA.COM – Goal follow vulnerabilities practices complete The external to cyber identify achieve attacks- goal companies to full developing these identify inventories- to environment and to best the resilience the operational strong should threats understand overall guidelines of and internal this these is cyber building a by ship- threat of maritime the

Here is a directory of articles Challenges And Best Practices To Mitigate Risks In Maritime Cyber finest By just placing characters you can 1 Article to as much 100% readers friendly versions as you may like that any of us say to as well as indicate Creating stories is a lot of fun to you. We all get amazing a great deal of Beautiful reading Challenges And Best Practices To Mitigate Risks In Maritime Cyber beautiful image but many of us just present the particular image that we feel would be the very best image.

Your articles Challenges And Best Practices To Mitigate Risks In Maritime Cyber should be only pertaining to beautiful trial when you such as reading please buy the unique article. Assistance the actual admin by means of buying the unique words Challenges And Best Practices To Mitigate Risks In Maritime Cyber to ensure the contributor can provide the most effective article along with go on doing work At looking for offer all kinds of residential and commercial assistance. you have to make your search to get your free quote hope you are good have a nice day.

The overall goal of these guidelines is the building of a strong operational resilience to cyber attacks. to achieve this goal, maritime companies should follow these best practices: identify the threat environment to understand external and internal cyber threats to the ship. identify vulnerabilities by developing complete and full inventories. The biggest challenges and best practices to mitigate risks in maritime cybersecurity. ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. as technology continues to develop, the convergence of information technology (it) and operational technology (ot. In this article, you will learn about maritime cybersecurity and why risk management is crucial, some of the biggest security challenges shipowners face, common risks affecting the industry, and best practices from the imo to mitigate the risk that you should keep in mind. let’s get started!. International maritime organization (imo) resolution msc.428(98), maritime cyber risk management in safety management systems, and msc fal.1 circ.3, guidelines on maritime cyber risk management. Managing cyber risk is, therefore, of intrinsic value to protect both safety and profitability. cyber risk management is also a new requirement in safety management systems under the imo ism code, to take effect upon a vessel’s first renewal of a document of compliance on or after january 1, 2021. arc advisory group clients can view the.

The document, named “port cybersecurity – good practices for cybersecurity in the maritime sector”, has been developed in collaboration with several eu ports. the study lists the main threats posing risks to the ecosystem and describes key cyber attack scenarios that could impact them. Insurance companies dealing with cyber and maritime insurance should be encouraged to partner with research institutions like think tanks and the national labs to conduct long term studies in this area to better address these emerging issues of potential financial risk. 11. plan and simulate for future cyber challenges. It is one of the major challenges and threats to the maritime security. arms, drugs and even human beings are trafficked across countries via the means of seas. smugglers use the sea to smuggle contraband into various countries. despite steps taken by the government of various nations, trafficking through high seas is continuously on the rise.

Challenges And Best Practices To Mitigate Risks In Maritime Cyber

Managing Cyber Risk A Multidisciplinary Challenge Truops Llc

abb’s vision is that the maritime industry of the future is electric, digital and connected as this combination enables safe, efficient bimco, along with control risks, nettitude lloyd’s reigster and hfw covers a wide range of topics when it comes to threats and if a network, identity, device or data is valuable – particularly if it is information tied to intellectual property, financials, sensitive files in this final video in the series on maritime cybersecurity, we review the maritime transportation system (mts) as a systems of join the course at rina.org.uk cybertraining rina and infosec partners have developed a comprehensive cyber security is an increasingly important topic for the maritime and offshore industries due to rapid digital transformation and watch christian pedersen and indrani chandrasegaran share compelling statistics to help you build the right amount of trust in cyber attacks and cyber spying are threatening the increasingly digitalized maritime industry. dnv gl and gard present a 20 the second webinar in the irclass inmex smm webinar series was held on 16th july, 2020 on the topic on “cyber resilience text us on whatsapp: api.whatsapp send?phone=14702091652&text=hello learn more about infor eam, top 10 cyber security problems facing the maritime industry mark oakton security director of infosec partners and chris boyd the threats posed by maritime cyber security incidents are increasing, and the shipping industry is taking action to mitigate.

Source: https://kisahsekolah.web.id/

Ukraine and Poland commit to cybersecurity collaboration.

The Ukrainian State Service of Special Communication and Information Protection, along with the Ministry of Digital Transformation, has announced they have signed a cybersecurity memorandum of understanding with the Council of Ministers of the Republic of Poland. In the midst of the Russian invasion of Ukraine, Poland has come to Ukraine’s aid to defend against Russian cyberaggression, and the agreement solidifies this partnership, as well as a commitment to sharing cyberintelligence. Mykhailo Fedorov, Vice Prime Minister and Minister of Digital Transformation of Ukraine, stated, “The first world cyberwar is ongoing. Therefore, joining efforts and exchanging practices is a logical step in this area. With Poland, we have not only a common physical border, but also a joint problem in cyberspace, where we experience the same kind of attacks. I am sure that together we will become stronger and more effective.”

Togo at center of cybersecurity in Africa.

The new African Centre for Coordination and Research in Cybersecurity has been established in Lomé, the capital city of Togo, with the goal of unifying the cybersecurity efforts of individual African governments. Quartz notes that cybercrime on the continent is growing exponentially, signaled by a 438% increase in phishing scams in Kenya last quarter and a total of 81 million cyber attacks in three months in Nigeria, South Africa, and Kenya combined. Created as a partnership between the Togolese government and United Nations Economic Commission for Africa (Uneca), the Centre will allow the countries’ lawmakers, police, and security agencies to share cyber intelligence and monitor malicious cyberactivity. With its National Cybersecurity Agency and a Personal Data Protection Authority, and as one of the few countries to ratify the African Union Convention on Cybersecurity and Personal Data Protection of 2014, Togo has demonstrated it’s ahead of the curve when it comes to securing African cyberspace. Cina Lawson, Togo’s digital economy and transformation minister, explained, “We aim to become a significant digital hub in Africa. Our partnership model with the private sector is an innovative approach that we want to showcase to inspire other countries for safer cyberspace on the continent.”

Cybersecurity at sea.

The US Area Maritime Security Committee (AMSC) released a report detailing the challenges posed by the ever-changing threat landscape, and Safety4Sea provides an overview of their findings. The COVID-19 pandemic increased reliance on virtual meeting spaces and platforms, exposing the intel shared via these methods to new potential security threats. Other challenges include the high demand for experienced cybersecurity professionals, insufficient incident reporting requirements (and enforcement capability), a flood of cybersecurity alerts and warnings from multiple agencies, and the unique threat posed by Unmanned Aircraft Systems (UASs). AMSC recommended the CG Cyber Command and the Office of Port and Facility Compliance implement a unified communication standard for the distribution of cyber alerts. Other suggestions include establishing cybersecurity training for AMSC members, clarifying the role of the Coast Guard in cyberincident response, and developing mitigation strategies for emerging tech like 5G. A revamp of the Coast Guard’s internet portal Homeport 2.0, as well as improved training and a comprehensive user guide, were suggested to make the portal easier to navigate. And regarding UASs, AMSCs recommended the Coast Guard and Department of Homeland Security support the development of legislation to provide law enforcement the tools necessary to prosecute cases where maritime infrastructure and assets are at risk.

Source: https://thecyberwire.com/newsletters/policy-briefing/4/162

Switzerland-based commodity and energy trader Mercuria has invested US$1.5 million into Australian start-up rise-x, a provider of blockchain-based marine fuel management systems.

Mercuria subsidiary Minerva Bunkering has previously used rise-x’s DIANA platform to digitally track refuelling of ships at global ports, with the two firms announcing a partnership last summer to establish a spin off business that combines Minerva’s Advanced Delivery Platform (ADP) with DIANA to create an end-to-end bunker management service.

“We have been working with rise-x for some time now and have been impressed with the team and the technology,” said Mercuria’s Chief Operations Officer Alistair Cross.

“The software system has proven its potential to improve productivity and to increase transparency and traceability across the global commodities ecosystem.”

rise-x recently exceeded its initial US$2.5 million funding target by securing US$2.77 million in total private investment, including Mercuria’s support. The company was also named as a recipient of AU$895,000 under the Australian government’s Accelerating Commercialization Grant Programme.

“We can use blockchain and the interconnectivity of the world to bring customers, suppliers, financers, accountants and others onto a common platform that can be accessed from anywhere,” said Rise-x co-founder and Chief Executive Officer Rowan Fenn.

“All parties can access a common truth to observe and manage transactions such as commodity exchanges, goods movements and service deliveries with immutable records created in real time. Every step along the way has been recorded securely in a common, transparent place.”

“We can create smart contracts that will record carbon emissions from everyday activities so companies can offset those emissions in an open and transparent way. But more importantly, we can use the same technology for carbon offset companies to prove that they are credible and delivering what they have promised.”

Source: https://smartmaritimenetwork.com/2022/08/17/mercuria-makes-1-5m-investment-in-rise-x/

Maritime security is increasingly becoming impossible to achieve without ensuring cyber security, and the ability of states to protect their maritime assets and critical infrastructure against cyber attacks.

This was one of the conclusions from a recent workshop on developing a maritime security strategy for South Africa. The workshop was organised by Stellenbosch University, the Institute for Security Studies Africa, and United Nations Office on Drugs and Crime (UNODC).

Denys Reva, maritime researcher at the Institute for Security Studies Pretoria, highlighted the fact that 80% of South Africa’s trade is seaborne, and for all intents and purposes, South Africa can be seen as an island. “We are dependent on well-functioning maritime infrastructure, which needs to be protected, including from cyber threats,” he said.

The maritime sector is becoming increasingly vulnerable to cyber threats, as it digitalises. For example, ships are using Electronic Chart Display and Information System (ECDIS), GPS and remote engine and cargo control systems, while ports are going paperless, becoming automated and removing humans from the equation.

africa-cyber-crime

The container terminal at China’s Qingdao Port is fully automated, while South Korea’s Busan Port is using blockchain for logistics innovation, for example.

While only 53 of the world’s container terminals are automated (4%), the maritime sector is going digital and is on an upward trend in this regard. “What if someone tries to disrupt the technology, purposefully or accidentally?” Reva asked, as new cyber security risks and vulnerabilities are exposed.

In Africa, a cyber attack was only a matter of time, he said, citing the 2021 attack on Transnet, which disrupted not only local but regional trade. “It’s inevitable another attack will take place,” Reva believes.

“In 2020 alone there was an alleged 400% increase in incidents targeting the maritime sector around the world. We don’t know the real scope of the problem. Some cyber security reports suggest hundreds of thousands or millions of attacks.”

One of the largest cyber attacks to affect the maritime sector was the June 2017 NotPetya cyber attack. NotPetya was developed as a disk-wiping cyber weapon, disguised as ransomware, by the Russian military to destabilise Ukraine, but thousands of companies around the world were also hit.

It took Maersk more than 90 days to recover from the attack, which cost an estimated $350 million in damages. Maersk still being sued by some companies.

“We will all be victims of a cyber attack at some point,” Reva cautioned, and cited other examples, including the port of San Diego going offline for several days in 2018 due to a ransomware attack, and Israel’s disruptive cyber attack on Iran’s Shahid Rajaee port terminal in May 2020.

Cyber offers new opportunities for bad actors, Reva said, but Africa is in a privileged position as it is a lesser target at present and can learn from the experiences of other countries, but time is running out for this.

Source: https://www.eblueeconomy.com/cyber-security-becoming-integral-to-maritime-security/

The UK has unveiled a new five-year maritime strategy that sets out the guiding principles for the UK Government’s approach to managing threats and risks at home and around the world.

The new strategy redefines maritime security as; upholding laws, regulations, and norms to deliver a free, fair, and open maritime domain. With this new approach, the Government recognises any Illegal, Unreported and Unregulated (IUU) fishing and environmental damage to the seas as a maritime security concern.

In addition, to enhance the UK’s maritime security knowledge, the Government has established the UK Centre for Seabed Mapping (UK CSM), that seeks to enable the UK’s seabed mapping sector to collaborate to collect more and better data. Seabed mapping underpins many maritime operations including trade and shipping.

Working with industry and academia, Secretaries of State from DEFRA, DfT, FCDO, Home Office and MoD will focus on five strategic objectives:

Protecting our homeland: Delivering the world’s most effective maritime security framework for our borders, ports and infrastructure
Responding to threats: Taking a whole system approach to bring world leading capabilities and expertise to bear to respond to new emerging threats
Ensuring prosperity: Ensuring the security of international shipping, the unimpeded transmission of goods, information and energy to support continued global development and our economic prosperity
Championing values: Championing global maritime security underpinned by freedom of navigation and the International Order
Supporting a secure, resilient ocean: Tackling security threats and breaches of regulations that impact clean, healthy, safe, productive and biologically diverse maritime environment

The UK Chamber of Shipping CEO, Sarah Treseder said:“A proactive maritime security strategy is essential to keeping trade routes and energy supplies secure, especially for an island nation. Today’s welcome commitments to improve collaboration, both with industry and governments across the world, will help deliver a more secure maritime environment and help provide confidence to the shipping community.”

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7997-new-maritime-security-strategy-to-target-physical-and-cyber-threats

The infamous grounding of cargo ship Ever Given at the Suez Canal last year caused disruption to as much as S$10 billion worth of global trade per day due to the congestion of the critical trade route. It is a reminder of the importance of maritime transport in the flow of goods and services that underpin the interconnected global economy.

Maritime transport helps facilitate worldwide trade, where an estimated 90% of traded goods are transported by sea and is depended on by many different industries. Being the backbone of global trade and supply chain, any disruption can lead to grave consequences – daily necessities may not reach store shelves and connected industries could suffer significant losses from an unpredictable supply chain and the inability to produce essential goods.

The maritime industry has been under immense pressure from the Covid-19 pandemic and the Russia-Ukraine conflict. The other element straining the system is the ever-escalating wave of cyber threats globally. They include threat actors collaborating to carry out malicious attacks, structural challenges such as a high volume of vulnerabilities affecting operational technology (OT) and firmware, weakness in patching management, and the lack of OT cybersecurity talent and matured practices for cyber defence.

According to the Ensign Cyber Threat Landscape 2022 report, the maritime sector is one of the top targeted sectors in Singapore when it comes to Ransomware cyber-attacks. Whether it is the critical infrastructure, or the shipbuilding and logistics subsectors, Singapore’s maritime industry is facing increasing interest from cyber adversaries due to its critical role as a maritime hub port.

For example, the Death Kitty ransomware disrupted TransNet’s container and trucking operations in July 2021. Other impacts detected by Ensign throughout 2021 include the theft of data that could be sold by threat actors, as well as serious disruptions to companies involved in logistics and supply chains.

The rising tide of cyber threats against the maritime sector

The maritime industry has gone through accelerated digitalisation, making technology vital to the operation and management of the safety and security of ships, port operations and logistics. Gone are the days when OT and IT systems could function separately in silos. The need for greater connectivity between technologies such as IT, OT and IoT as well as vendors have propelled the maritime industry to new heights of fleet efficiency, route optimisation, and profit margins.

However, the increased interconnectivity has also heightened cyber threat exposures and corresponding risks for organisations. The ramifications of a cyber-attack can be wide-ranging. Ship collisions, for example, could occur because of e-navigation and other systems being hacked, resulting in physical loss or damage to ships, bodily injury to personnel, cargo loss, pollution, and business interruption. It is also possible that the port’s operations may be disrupted, resulting in significant losses due to business disruption for the port and other dependent businesses operations.

In addition to losses sustained because of physical asset damage or destruction, significant expenditures may be incurred when responding to an adverse cyber incident. If the personal data of employees or customers are compromised, for example, large legal expenditures may be required to respond to the breach, pay the penalties, notify the data protection regulator and data subjects, as well as to defend potential legal proceedings.

Shoring up the maritime cyber defences

While it is impossible to keep out all cyber-attacks, maritime organisations should strengthen their defences to manage the growing threats they now face.

Here are six cyber defensive actions maritime organisations can take to strengthen their cyber defences:

Maritime organisations should leverage the cybersecurity community for cyber threat information and foster greater intelligence sharing to build early warning systems and protocols.

They should bolster their cybersecurity hygiene. This includes establishing security baselines and implementing system and application architectures for rapid patching and virtual patching to reduce mean time to mitigation.

To defend against new or unknown threats, organisations should establish continuous monitoring across the ecosystem through reviews, cyber monitoring, threat hunting, behavioural analytics, and horizon scanning.

Maritime companies can mitigate the impact of disruptive cyber-attacks, such as Ransomware, by reviewing and revising incident and crisis management plans and playbooks. They can also run exercises to validate the organisation’s confidence in business recovery.

To manage cyber risk exposure from their vendor and partner ecosystem, maritime organisations need to mandate incident reporting from vendors. This includes allowing access to audit cybersecurity controls, and monitoring vendors for dynamic cyber risk context.

Lastly, cyber security awareness and training is important. Maritime organisations should invest in upgrading their cybersecurity teams’ skills and prioritise engineers and technicians to learn about cybersecurity and defensive actions.

Cybersecurity is an ongoing operation, and organisations need to maintain cyber hygiene and vigilance regardless of the increasing intensity of conflict, incidents, or crisis. With Singapore being a key international transportation and logistics hub, maritime organisations’ efforts in protecting their operations from cyber threats will go a long way to reducing the risk of disruption to a global supply chain that is already under considerable stress.

Source: https://www.seatrade-maritime.com/opinions-analysis/bracing-rising-tide-cyber-threats-against-maritime-industry

BMT has signed a memorandum of understanding (MoU) with the University of Plymouth to jointly research ship design and cybersecurity in the maritime sector.

The new agreement will look at harnessing the capabilities of the University’s recently opened £3.2 million Cyber-SHIP Lab. This facility is dedicated to simulating and understanding maritime cyber threats and facilitating future secure maritime operations through cyber resilience research, tools, and training. The facility forms part of the University’s Marine Navigation Centre, which includes a physical ship’s bridge used to simulate attacks and test equipment.

BMT was a founding industry supporter of the Cyber-SHIP Lab when it was launched in 2019, based on the firm belief that through the development of these new tools and lab, the UK can become a leading power in maritime cybersecurity.

Jake Rigby, research and development lead, BMT, said: “BMT is delighted to be working with the University of Plymouth in helping the UK drive the highest possible standards in maritime security. With this knowledge and experience in place, the UK can then offer the benefits of the insights, operational practices and training to the global shipping and marine community. Through combining our expertise and our knowledge, we are confident great strides will be made in enhancing security and cyber protection across maritime.”

Professor Kevin Jones, executive dean of science and engineering at the University and principal investigator on the Cyber-SHIP Lab project, added: “With our ever-increasing dependence on the global maritime sector, ensuring ships and port operations are cyber secure has never been more critical. Advances in cyber technology, and the emergence of new threats, mean this is a constantly evolving area that needs an innovative and joined-up approach. The partnership between the University and BMT is a perfect example of that, uniting our collective expertise in both identifying potential issues and solutions and finding the means for them to be applied in maritime engineering and design.”

The MoU was signed by professor Judith Petts CBE, vice-chancellor of the University of Plymouth, and Sarah Kenny, CEO of BMT, and will kick-start a range of collaboration opportunities from student engagement and employee development to collaborative research and joint consultancy.

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7977-university-of-plymouth-and-bmt-team-up-on-maritime-cyber-security

Newer Posts

Older Posts

MARITIME CYBER SECURITY Archives - Page 2 of 40 - SHIP IP LTD

DoD grants fund cybersecurity research for maritime industry

Suppliers Not Providing Systems With Adequate Cyber Security Maritime

Maritime Cyber Incidents Increased at Least 68 Percent in 2021, Coast Guard Reports

Challenges And Best Practices To Mitigate Risks In Maritime Cyber

Ukraine and Poland commit to cybersecurity collaboration. Togo at center of cybersecurity in Africa. Cybersecurity at sea.

Ukraine and Poland commit to cybersecurity collaboration.

Togo at center of cybersecurity in Africa.

Cybersecurity at sea.

Mercuria makes $1.5m investment in rise-x

Cyber security becoming integral to maritime security

New maritime security strategy to target physical and cyber threats

Bracing for the rising tide of cyber threats against the maritime industry

The rising tide of cyber threats against the maritime sector

Shoring up the maritime cyber defences

University of Plymouth and BMT team up on maritime cybersecurity

News

Electronic Oil Record Book (e-ORB): The Smart Solution for MARPOL Compliance & Efficient Shipping

The Future of Maritime Digitalization: Why the Industry Must Adapt Now

Stay Compliant & Prevent Fatigue: The Ultimate STCW Work & Rest Hours Solution!

Quick Menu

Company DETAILS

ISO 9001:2015 CERTIFIED