MARITIME CYBER SECURITY Archives - Page 23 of 41 - SHIP IP LTD

As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface of a modern commercial vessel is becoming as complex and diverse as that of a connected car or commercial aeroplane.

We have ex-ships officers and engineering staff on the team here, so we have first-hand experience of the unusual networks and communications found on board.

Don’t risk your ships security to a penetration tester that doesn’t understand shipping; we’ve come across other consultancies that have broken critical systems on board whilst trying to test their security, as they simply didn’t understand what they were testing.

What does a ship look like to an attacker?

The complex systems involved in shipping offer rich pickings to the hacker, pirate and thief. Load theft, smuggling stowaways, narcotics, arms, even crippling or sinking a vessel are very real threats.

Maritime insurance often specifically excludes losses as a result of ‘cyber’ incidents, so it’s very important to check your cover.

From satcoms, mobile data and Wi-Fi through to propulsion and loading systems, this is what a hacker sees when they look at a ship. Many of these systems can be comprised, causing financial loss and safety issues.

Tactical Advice
Tens of vendors are involved in connected systems on ships, from Dell providing desktop PCs, to satcoms gear for Internet, chart systems, MMI, control systems, radar systems etc. This is a recipe for security disasters.

Here are a few basic issues you could check for yourself:

Check your satcom terminals for default, weak or blank admin passwords. Make sure the latest software is running on ALL of your terminals.

Check the network isolation and segregation between bridge, engine room, crew, Wi-Fi and business networks.

Check Wi-Fi networks for strong encryption and strong passwords. Make sure that business systems are particularly well protected.

Demand evidence from your technology suppliers that the systems they provide to you are secure. Remember, if you don’t ask for security, you probably won’t get it!

Sit down and think about how you might attack your ships network, given your knowledge of your systems. That’s what the hacker does, so pre-empt them and defend better.

Don’t forget your people. Officers can become fixated on digital navigation systems on the bridge. These can be hacked and manipulated, so don’t forget to look outside.

SHIP IP LTD – Remote internal/external Vulnerability & Penetration Testing

TRUST OUR NETWORK – WE GUARANTEE BEST PRICES!

READ MORE

http://shipip.com/maritime-vulnerability-and-penetration-testing/


Arklow Shipping the Ireland headquartered shipowner and charterer, has contracted communications solutions provider, Satcom Global, to install Aura VSAT across seventeen new build vessels which will begin delivery in 2021.

The new vessels will be activated on a range of Aura service packages, all with Committed Information Rate for guaranteed service quality, and companion options to suit their different sailing patterns. Ten new C-Class vessels will benefit from unlimited Ku-band connectivity with 4G back-up to complement their short sea shipping requirements and operations close to shore. The additional Seven 6,500-ton vessels will have Iridium Certus activated onboard as a high-speed back-up to the primary VSAT connection.

Graeme Gordon, global commercial director at Satcom Global, commented: “As an early adopter of Aura VSAT, we are delighted that Arklow has chosen to extend the service to their new build vessels, ensuring access to the same quality technology and user experience that other vessels in the Arklow fleet have benefited from. It is a pleasure to work with the Arklow team, and we look forward to supporting their evolving communications needs long into the future.”

Arklow currently has 20 vessels using Satcom Global Aura VSAT, supporting communications requirements for both business operations and crew connectivity and wellbeing.

Declan Lott, IT manager at Arklow Shipping commented: “We have firsthand experience of the excellent quality connectivity Aura VSAT delivers, so it was a natural decision to install the service across our growing fleet of vessels. As a ship owner and manager, it is imperative to keep operations running smoothly and the in-depth knowledge that Satcom Global has of our fleet and our needs, enables them to deliver a first-class service and support.”

Satcom Global is providing Intellian v85NX Ku-band systems to deliver the Aura VSAT service to Arklow vessels, boasting the most efficient and high performing RF gain over any other sub 1m antenna on the market. Iridium Certus will be supported by the new feature-rich Intellian C700 terminal.

Source: thedigitalship


Penetration testing services

Our ICS penetration testing services enable you to find weaknesses in your network perimeter. The penetration testing commences by scanning the network to determine what types of hardware are connected and the operating systems being used. Then we search for unpatched vulnerabilities in those devices and attempt to exploit those vulnerabilities to gain access to the network. The penetration testing services are supported by our ethical hackers group, who have a background in IT and engineering, and certification according Certified Ethical Hacker (CEH), GXPN, GPEN, Global Industrial Cyber Security Professional (GICSP).

Securing control systems, preventing cyber security breaches

A common design principle is to ensure that programmable logic controllers (PLCs) and the network infrastructure that is used to connect them, operate in a secure environment (i.e. sealed from malicious attackers). In practice, ICS are often inadvertently connected to other networks, which can allow remote access through open networks or the Internet. Our ICS penetration testing services will identify such weaknesses, consider the possible impacts and then suggest corrective actions.

SHIP IP LTD – Remote internal/external Vulnerability & Penetration Testing

TRUST OUR NETWORK – WE GUARANTEE BEST PRICES!

READ MORE

http://shipip.com/maritime-vulnerability-and-penetration-testing/

 


The rising trend of piracy over the past several years has constituted a grave threat to the lives of the crews and the safe operation of ships. Areas of particular concern have been off the coast of Somalia, the Gulf of Guinea and the Malacca Straits. INTERTANKO has been actively involved to addressing piracy wherever it occurs through a number of actions, including the development of industry Best Management Practices to combat piracy, engaging with United Nations Contact Group on Piracy, working with IMO on the development of guidelines to Administration and seafarers and engaging with the Regional Cooperation Agreement on combating piracy in Asia. INTERTANKO will continue to ensure that its members have the most up-to-date information so they can decide on the best measures they feel are appropriate to protect their tankers against acts of piracy anywhere in the world.

Sanctions
The United Nations and individual countries have imposed sanctions against certain countries around the world for a variety of reasons, ranging from economic and trade to more targeted measures such as arms embargoes, travel bans, and financial or commodity restrictions. The purpose of these sanctions is to peacefully bring about some sort of change within the country affected. INTERTANKO assists Members in dealing with sanctions in two major ways. First, ensuring that any sanctions imposed that may affect members’ tanker operations are fair, reasonable and practical to implement. And second, to ensure that all members are fully aware of any sanctions that could affect their tanker operations, thereby minimizing the possibility of violating the sanction and avoiding potential penalties or trade restrictions.

Refugees
The recent upheaval of certain governments in the Middle East and Africa, combined with unprecedented terrorist activities in these areas has resulted in the largest migration of refugees since World War II. The majority of these migrants are seeking refuge in Europe through sea routes in the Aegean and Mediterranean Seas. In many cases, the refugees are turning to smugglers who provide sea craft that are not suitable for crossing these seas, resulting in very unsafe conditions and the need for the refugees to be rescued at sea.  When called on to assist in rescuing these refugees at sea, INTERTANKO Members’ tankers respond. However, there is a need for a coordinated governments’ approach to addressing the problem ashore. INTERTANKO has been, and will continue to, encourage governments to take the appropriate action to mitigate the need for rescuing refugees at sea and assist members in having those rescued, disembarked safety ashore as soon as possible to minimise delays.

Cyber Risk Management
Cyber-technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment. In some cases, these systems are to comply with international standards and/or national requirements. However, the vulnerabilities created by accessing, interconnecting or networking these systems can lead to cyber risks in many of ships systems, including bridge navigation equipment, cargo handling and main propulsion and machinery. IMO has developed guidelines on cyber risk management which provide high level recommendations to be used in development and implementation of detailed specific risk management processes that are ship specific. In addition, the shipping industry has prepared Industry Guidelines on Cyber Security which complement the IMO guidelines. INTERTANKO has been actively involved in the development of both and will continue to play an active role in updating these guidelines to ensure that Members have the most up-to-date information to protect their tankers.

 

Ssource: intertanko


Please adhere to on line etiquette during our presentations.  We kindly ask you to mute your microphone and video upon commencing the link and to use the Chat application for any  questions, which will be addressed by the speaker at the end of the presentation. We suggest dialling in at least 5 mins before the start of the webinar.

Please note that any recording of this event will be available post-event in DropBox format, subject to speaker authorisation.

Protecting Maritime Assets in a Cyber World delves into the biosphere of cyber-security in the maritime industry. Due to the challenges posed to the maritime industry including ports, terminals, ships, refineries, and support systems which are vital components all nations’ critical infrastructure, national security, and economies, these parties look to insurance as a way to “fill the gap”. This is because cyberattacks on industrial control systems could kill or injure workers, damage equipment, expose the public and the environment to harmful pollutants, and lead to extensive economic damage. The loss of ship and cargo scheduling systems could substantially slow cargo operations in ports, leading to backups across the transportation system. A less overt cyberattack could facilitate the smuggling of people, weapons of mass destruction, or other contraband into a country.

Many cyber security experts believe attacks on maritime related infrastructure has increased by over 900%. Because there are as many potential avenues for cyber damage in the maritime sector as there are cyber systems, all stakeholders must identify and prioritize risks, take this threat seriously, and work together to improve our collective defenses. Fortunately, the process for doing so is parallel in structure to that of other security and safety efforts: assess risk, adopt measures to reduce that risk, assess progress, revise, and continue. These processes, taken together, can significantly improve an organization’s risk reduction efforts and increase resilience through continuity of business planning. This includes implementing IMO 2021 (along with specific flag state guidance), where on the first annual verification of a shipping company’s Document of Compliance (DOC), cybersecurity will be part of the safety management audit, where a shipping company must demonstrate that appropriate measures for handling cyber risk are an integral part of its safety management system.

At this market briefing, our speakers will explore cyber security issues within the maritime industry, case examples for study and discuss the keys to cyber security planning and cyberattack “avoidance”.

 

Source: iua.co.uk


Seaports are fixed infrastructures of maritime transportation systems. Through Industry 3.0 and Industry 4.0, ports have faced with digital transformation based on networked cyber physical systems to be a part of smart and intelligent transportation systems. However, besides the advantages, this transformation has brought cyber security gaps and threats which can be resulted in breakdowns in maritime transportation domain. Therefore, port and port facilities should be prepared for cyber threats through holistic risk assessment frameworks for developing proactive actions. Based on these facts, this study has proposed to apply an integrated cyber risk assessment method for a container port with a cyber-physical perspective through analyzing four exemplary cyber-attack scenarios. For each cyber-attack scenario, risk assessment methodology has been applied using integrated cyber security management approach by taking into account the cyber physical assets of the container port. Results show that for the specified cyber threats, the risks have been evaluated non acceptable. Mitigation strategies have also been presented briefly in conclusion.

 

Source: sciencedirect


The Department of Homeland Security (DHS) plans to spend more than $7 billion on its portfolio of major acquisition programs—with life-cycle costs over $300 million— in fiscal year 2021 to help execute its many critical missions.

Since 2015, the Government Accountability Office (GAO) has reviewed DHS’s major acquisitions on an ongoing basis. In its January 19 report, GAO notes both positive actions taken and areas of concern from its sixth review.

As of September 2020, 19 of the 24 DHS programs GAO assessed that had DHS approved acquisition program baselines were meeting their currently established goals. However, of the 24 programs, ten had been in breach of their cost or schedule goals, or both, at some point during fiscal year 2020. A few programs experienced breaches related to external factors, such as the COVID-19 pandemic, while others breached their baseline goals because of acquisition management issues. Five of these programs rebaselined to increase costs or delay schedules, but the remaining five were still in breach status as of September 2020. These were the National Cybersecurity Protection System program ($5,908 million), the Homeland Advanced Recognition Technology program ($3,923 million), the Grants Management Modernization program ($289 million), the National Bio Agro-Defense Facility program ($1,298 million), and the Medium Range Surveillance Aircraft program ($15,187 million). All were in breach of schedule. The Homeland Advanced Recognition Technology and Grant Management Modernization programs were also found to be in breach of cost.

GAO’s review also found that some of the 19 programs that were meeting their currently established goals are at risk of future cost growth or schedule slips.

U.S. Customs and Border Protection’s (CBP) Border Wall System Program is at risk for additional schedule slips as a result of continuing issues acquiring land necessary to construct the border wall. Specifically, program officials told us that as a result of the outbreak of COVID-19 and social distancing requirements, there have been challenges meeting with land owners, In addition, some courts have been closed, which limits the ability to search county records and hold hearings related to land possession. CBP’s Integrated Fixed Tower program is also at risk of additional schedule slips, which officials attribute in part to time needed to allow for the preservation of archaeological sites that were uncovered while building access roads to tower sites.

GAO found that the U.S. Coast Guard’s Polar Security Cutter will likely experience a schedule slip because planned delivery of the lead ship is two months after its acquisition program baseline (APB) threshold date. Further, during a briefing to Coast Guard leadership in April 2020, program officials reported that the program’s aggressive schedule continues to be one of its most significant risks. In September 2020, DHS officials told GAO that the program plans to rebaseline in late calendar year 2020 or early 2021 to update its cost and schedule goals based on contractor information not available when the baseline was established.

In addition, Coast Guard’s Offshore Patrol Cutter is at risk of additional schedule slips and cost growth. GAO reported in October 2020 that the Offshore Patrol Cutter program “continues to move forward in the acquisition process with an immature design as well as cost and schedule risks”. After the shipbuilder requested relief from certain requirements under contract following widespread disruptions from Hurricane Michael in October 2018, the Coast Guard divided the program into two stages and a revised baseline in March 2020. Under this revised plan, the current shipbuilder will build up to four cutters in the first stage, while the acquisition of the remaining 21 cutters will be awarded under one or more new contracts in fiscal year 2022 in the second stage. GAO notes however that the program’s revised baseline does not include a schedule or a refined cost estimate that fully account for these changes.

The COVID-19 pandemic has inevitably put a spanner in several acquisition efforts. For example, CBP’s Biometric Entry-Exit and U.S. Citizenship and Immigration Services’ Transformation programs reported shortfalls in fees the government collects from immigration services that are used to fund these programs. According to officials, collection of fees for these services has been significantly reduced, in part because of the COVID-19 pandemic. CBP officials told GAO that they have prior year funding available to mitigate funding shortfalls in fiscal year 2020, but they are coordinating with component and DHS officials to address anticipated funding gaps in fiscal year 2021. Similarly, Transformation program officials said they are coordinating with U.S Citizenship and Immigration Services officials and also are assessing staffing needs based on workload and fees collected.

In other instances, programs reported that social distancing requirements—the practice of maintaining physical distance from others and avoiding large gatherings to reduce the rate of infectious diseases— as well as travel restrictions have resulted in schedule delays and limited the ability of some contractors to perform work as expected. For example, the Cybersecurity and Infrastructure Security Agency’s Next Generation Networks – Priority Services program reported delays in testing due to social distancing requirements, which limited the number of officials allowed within lab spaces.

Meanwhile, the Transportation Security Administration’s (TSA) Electronic Baggage Screening Program reported delays in testing due to social distancing requirements. According to program officials, the TSA Systems Integration Facility prioritized testing of certain technologies, but the delays have not had a significant effect on the program’s schedule.

During the course of its sixth review, the watchdog found that supplemental guidance for the development of acquisition documents generally aligned with requirements in DHS’s acquisition management policy. However, its report notes that “guidance for developing acquisition documentation in DHS’s Systems Engineering Life Cycle Instruction and accompanying Guidebook does not reflect current requirements in DHS’s acquisition management policy”. DHS officials told GAO that the information related to development of acquisition documents—including the systems engineering life cycle tailoring plan—should be consistent across all of DHS’s policies, instructions, and guidebooks.

The Joint Explanatory Statement accompanying a bill to the DHS Appropriations Act, 2019, directed DHS to provide quarterly briefings on summary ratings for all major acquisition programs. While GAO found that DHS is meeting this direction with summary ratings, the ratings do not include contextual information, such as programs’ cost, schedule, or performance risks. Without more information on the current status of DHS’s major acquisition programs and the risks these programs are facing that might affect future performance, congressional decision makers lack key information to inform their critical oversight responsibilities and budgetary decisions.

GAO is making one recommendation for DHS to align acquisition guidance with policy – with which DHS concurs – and one matter for Congress to consider determining what additional information it needs to perform oversight.

 

Source: hstoday


Navarino’s new Prodigy hybrid service, which combines Intelsat FlexMaritime’s network over a 1m v100 Intellian antenna and the L-band network by Iridium Certus, has been installed on a Millenia Maritime chemical tanker in Piraeus. Six of the seven vessel fleet is now under the support of Navarino’s FX service.

Millenia has mostly been using the newly installed service for file sync applications, Infinity Mail, and smart relays, with 5 PCs from the IT side connected to the business network.

“Until now, everything has been stable. We had some opportunities to make some calls and already we see that call quality is amongst the clearest we have experienced,” said Mr Ioannis Rizos, Millenia’s IT manager.

For the crew of the Futura, Millenia offers 50 MB data PINs presently in order to grant them internet access in a controlled manner, and in the near future will introduce the Infinity time-limited data PINs which control internet usage onboard with time quotas to ensure that the vessel’s connectivity is not constantly being used for non-business purposes.

When asked about what appealed the most about Prodigy and the reason for investing into the newer parts of Navarino’s product portfolio, Mr Rizos said both cost efficiency and technology.

Prodigy provides no minimum contact durations and no early termination fees, as well as three levels of the service to suit the specific needs of each shipping company. Technology was also cited by Mr Rizos as a key driver.

Navarino’s other newest service, Spectrum – a real time, centralised, detailed listing and health monitor for a vessels’ IT and OT infrastructure & equipment, was also installed onboard. Mr Rizos said, “Spectrum is a very well-designed tool which is especially useful for when we need to show vessel inspectors the onboard OT inventory. This is a big plus of the Spectrum service as these inspections are a TMSA requirement which Spectrum allows us to comply with in a very easy to access, presentable format.”

Navarino’s account manager for Millenia Maritime, Ioannis Brougiannakis, said: “Our Prodigy service combines Intelsat’s FlexMaritime network of KU satellites with Iridium Certus, the fastest L-band network, for a new concept in connectivity . Prodigy offers connectivity as a managed service and by combining it with Infinity which acts as the ‘brain’ of the system we are able to offer Millenia an highly robust experience in terms of internet access and overall connectivity. We all know that reliable links with shore are vital in today’s industry to ensure operational efficiency, crew welfare and vessel safety. Especially now during these very difficult pandemic-affected times, crewmembers often stay onboard for many months so the need to keep in touch with their families ashore makes reliable connectivity services more important than ever.

“With Prodigy we enable our customers to configure their connectivity to their exact requirements, while at the same time we increase the value for our customers by giving them the chance to freely upgrade /downgrade between the 3 main packages we offer, namely Entry, Business and Premium without downgrade penalties.”

Source: thedigitalship


NORMA Cyber was formally opened on 1 January 2021. The centre will provide cyber security services to Norwegian shipping, and several shipowners have already become members. “We have experienced great interest from the shipping and maritime industries, and the ambition is to give Norwegian shipping an international competitive advantage as digitalisation in shipping picks up speed,” says Lars Benjamin Vold, Managing Director of NORMA Cyber.

Almost all marine operations are dependent on global networks – on the ship, in port or with the cargo, from navigation and planning to environmental and regulatory compliance. These connections can be compromised by cyber attacks, and it is necessary to detect and limit these attacks in order to avoid major consequences.

“We offer our members a framework for efficient information sharing, as well as different proactive cyber security services. In this arena, it is obvious that you are more efficient if you manage to collaborate on security issues. Norwegian shipping and the maritime industry have long traditions when it comes to cooperation and information exchange within security and contingency preparedness, and I am convinced that we will be able to continue that work within cyber security,” says Vold.

Several shipping companies and maritime companies have now joined NORMA Cyber, a joint initiative of the Norwegian Shipowners’ Association and the Norwegian Shipowners’ Mutual War Risks Insurance Association (DNK).

“In an increasingly uncertain cyber market, NORMA Cyber provides great value for the maritime sector. Wallenius Wilhelmsen is at the forefront when it comes to digitalization, so we immediately saw the advantage of becoming a member of NORMA Cyber,” says Filip Svenson, Marine Operations Management at Wallenius Wilhelmsen.

“DOF supports the initiative and the joint work to establish NORMA Cyber as a centralized security service with a focus on shipping. We look forward to working closely with the NORMA Cyber team now that NORMA has become operational,” says Stig Rabben, HSEQ Manager at DOF.

NORMA Cyber is the first of its kind in the world, and the team consists of five people with broad backgrounds from defence, maritime industry and cyber security. Arne Asplem, Head of Intelligence, has extensive experience in security management and cyber security from private industry, but has also worked for several years in the National Cyber Security Center and the Armed Forces. He leads a team consisting of Øystein Brekke-Sanderud, with several years of experience from offshore and subsea, but also has an education in digital forensics. Marthe Brendefur has several years of experience from the Armed Forces, where she has, among other things, served on a frigate. She has a degree in digital forensics. Øyvind Berget, Chief Technical Officer, has several years of experience from the Armed Forces and the Ministry of Foreign Affairs. Øyvind has an MsC in IT security. Lars Benjamin Vold, Managing Director, has a long career from the Armed Forces and has worked for four years with security and contingency preparedness in DNK. Lars has a Bachelor’s degree in Economics. From April, the team will be further strengthened with an experienced engineer with extensive knowledge and experience in vessel systems.

“We want to further strengthen our team and the plan is to have a total of between 10 and 14 employees in the center by the end of 2021,” says Lars Vold.

NORMA Cyber has offices and an advanced operations room in Oslo, and works closely with the existing professional environment within security and contingency preparedness in DNK and the Norwegian Shipowners’ Association, which is located in the same building.

DNK and the Norwegian Shipowners’ Association’s membership consists of 420 Norwegian shipping companies and operators who control a total of 3400 ships and oil rigs.

Members of the Norwegian Shipowners’ Association and DNK automatically qualify for membership in NORMA Cyber..

Source: normacyber


The Maritime Cyber Environment

With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety management systems” and the increasing number of cyber-attacks against maritime and shipping organizations, cybersecurity of maritime and shipping organizations is a top priority. In fact, cyber-attacks on the maritime industry’s operational technology (OT) systems are reported to have increased by 900% over the last three years.

The maritime and shipping sector plays a vital role in national and global economy; 90% of global trade is being carried by shipping, while in the U.S. it contributes about $5.4 trillion to the national gross domestic product. Hence, cyber-attacks against critical national infrastructure such as the maritime industry can have crippling effects on the national economy.

The maritime organizations are increasingly depending on IT and OT to maximize the reliability and efficiency of maritime commerce. These cyber-enabled systems assist vessel navigation, communications, onboard engineering management, cargo management, safety, physical security, and environmental control. However, the proliferation of internet-facing systems across the maritime sector is introducing unknown risks and expanding the threat surface. The 2017 NotPetya cyber-attack was a warning call of the disastrous effects, which crippled the global maritime industry for more than a few days.

The Plan’s Objectives

According to the statement from National Security Advisor Robert C. O’Brien “[t]he National Maritime Cybersecurity Plan unifies maritime cybersecurity resources, stakeholders, and initiatives to aggressively mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security. The Plan identifies government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.”

The Maritime Cybersecurity Plan would help the federal government to “buy down the potential catastrophic risks to our national security and economic prosperity” inherited by the dependence of the maritime sector organizations on emerging technologies, said O’Brien. To achieve this goal, the Plan defines three objectives:

  • Risks and Standards
  • Information and Intelligence Sharing
  • Create a Maritime Cybersecurity Workforce

Prioritized Action List

The Plan includes a prioritized list of actions to help government and private actors meet the above objectives. The National Security Council (NSC) will oversee the completion of these priorities and will reassess the plan at least once every five years.

Risks and Standards

The U.S. Government recognizes that although cybersecurity standards and frameworks are widely available, maritime and shipping businesses often lack the resources or expertise to implement them effectively, leaving them open to vulnerabilities which can be exploited to disrupt operations. To mitigate these risks, the following actions are foreseen:

  • Identify gaps in legal authorities and de-conflict government roles and responsibilities for the implementation of maritime cybersecurity standards.
  • The US Coast Guard will analyze cybersecurity reporting guidance between 2016 and 2020 to identify trends and attack vectors. The analysis will increase maritime sector situational awareness and decrease maritime cyber risk.
  • Develop and implement mandatory contractual cybersecurity requirements for maritime critical infrastructure owned, leased, or regulated by the Government to decrease cybersecurity risk because of supply chain attacks.
  • Develop procedures to identify, prioritize, mitigate, and investigate cybersecurity risks in critical onboard and shore-based systems.

Information and Intelligence Sharing

Information sharing across public, private, and international maritime stakeholders that relies on transparency and existing partnerships, is the key to bolster maritime cybersecurity resilience. To promote information sharing, the Plan dictates the implementation of the following actions:

  • Promote domestic and international engagement to facilitate information sharing and best practices to build a coalition of maritime cybersecurity advocates.
  • Share maritime cybersecurity information and intelligence with the international community.
  • Develop and prioritize maritime intelligence requirements to guide risk modeling and adversary cyber risk assessments.

Create a Maritime Cybersecurity Workforce

Cybersecurity is a highly technical field requiring competent cybersecurity specialists to monitor and protect IT and OT systems and assets. However, the skills gap is a significant barrier to effective cybersecurity posture. To close this gap, the Plan proposes the following:

  • Develop cybersecurity career paths, incentives, continuing education requirements, and retention incentives to build a competent maritime cyber workforce.
  • Collaborate with the private sector to increase maritime cybersecurity expertise.
  • Field cyber protection teams to support the strengthening of the federal maritime security resilience.

Concluding Thoughts

“The adoption of standards and best practices in the maritime industry in accordance with the IMO guidelines is only the first step” comments Notis Iliopoulos, Director GRC & Assurance at ADACOM. “The National Maritime Cybersecurity Plan takes it a step further, making a country specific mandate for the maritime sector. To my opinion, an effective implementation of the Plan demands a holistic approach for security risk management,” Iliopoulos adds.

The increased dependence of the maritime sector on cyber-enabled systems has implications on both the digital and the physical domains and demands a whole new approach to mitigate the emerging risks. “The convergence of digital and physical security and safety, in terms of processes, technology and roles, needs to become the new era in security risk management not only for the maritime sector,” notes Iliopoulos. “I’m happy to see that the Maritime sector actually demands the implementation of it. We might lack a holistic Security Risk Management framework, but the requirement for ‘information and intelligence sharing’ will make it happen,” concludes Iliopoulos.

As the US Coast Guard noted in a security warning back in 2019, “maintaining effective cybersecurity is not just an IT issue but is rather a fundamental operational imperative in the 21st century maritime environment.”

 

Source: tripwire


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED