MARITIME CYBER SECURITY Archives - Page 29 of 40 - SHIP IP LTD

September 2, 2020: Israeli carrier ZIM has announced the establishment of a new subsidiary company, ZKCyberStar, in co-operation with cybersecurity experts Konfidas.

The new company will offer a full range of cybersecurity services, tailor-made for the maritime industry, to increase cyber readiness and ensure business continuity in the event of a cyber-attack.

ZKCyberStar will provide a suite of services to support operational cybersecurity readiness, including cyber and regulatory postures, strategy and planning, cyber awareness and executive training, incident response capabilities, supply chain risk management, ongoing threat intelligence, regulatory alerts and briefs, and more.

The ZKCyberStar solution employs a unique methodology designed and developed specifically to achieve maximal readiness for and protection against a maritime cyber-attack, according to a statement.

ZKCyberStar will be led by the current ZIM global intermodal division manager, Ronen Meroz as CEO, the international cybersecurity expert and former secretary of the Prime Minister of Israel’s national cyber initiative task force, Ram Levi and the co-founder and COO of Konfidas, Eli Zilberman Caspi.

“I have decided to create ZKCyberStar to support and advise organisations in our industry, using our long-standing co-operative relationship with the top cybersecurity expert team of Konfidas,” commented Eli Glickman, ZIM president and chief executive.

Cyber-attacks have been a long-standing challenge for the industry, which has been magnified by the Covid-19 pandemic, according to ZIM, which believes that the ongoing digitalisation of the maritime industry has increased the sector’s exposure to cyber-attacks that can cause significant disruptions at great cost.

“The maritime and logistics industries have witnessed an unprecedented rise in cyber-attacks in recent years,” Levi agrees and warns, “Those attacks serve as a wake-up call for an industry which is critical to modern trade and commerce.”

Source: Container News

Israeli carrier ZIM is branching out with a new revenue stream, debuting today ZKCyberStar, a cyber security consulting company created in partnership with Tel Aviv-based Konfidas.

Eli Glickman, ZIM president and CEO, commented: “ZIM is uniquely positioned to tackle cyber threats in our industry. In recent years, I was approached by global companies seeking advice regarding cyber threats, and I have decided to create ZKCyberStar to support and advise organisations in our industry, using our long-standing cooperative relationship with the top cyber security expert team of Konfidas.”

Ram Levi, Konfidas founder and CEO, said: “As we move towards heavily networked and increasingly automated systems, cyber security must be a top priority. Our unique partnership with ZIM, a global leader in container shipping, will enable ZKCyberStar to provide strong client-driven cybersecurity solutions with global expertise and implementation.”

Levi is a former secretary of the prime minister of Israel’s National Cyber Initiative Task Force.

Earlier this month ZIM detailed a new artificial intelligence-based screening software it has created to detect and identify incidents of misdeclared hazardous cargo, something it is keen to licence to its peers. It has also been leading the way in developing e-bills of lading for the shipping industry with ZIM president Glickman determined to make the carrier a digital leader among container carriers.

Glickman, who headed up utility Israel Electric before being appointed ZIM boss three years ago, described how he wants to make ZIM “a start up of the container shipping industry” in an earlier interview with Splash.

Israel is already home to one of the best known maritime cyber security consultants, Ra’anana-headquartered Naval Dome.

Among high profile cyber attacks in recent months, Mediterranean Shipping Co (MSC) was struck over the Easter weekend while Australia’s Toll Group has suffered not one, but two hacking incidents this year.

Speaking in the wake of his company suffering its second cyber attack in the space of just three months, Thomas Knudsen, group managing director at Toll, said this May cyber crime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community”.

The increasing number of cyber incidents against commercial vessels and port authorities has led the US Coast Guard to publish updated guidelines for mitigating cyber risks and vulnerabilities in the shipping sector.

In March 2020, the US Coast Guard issued new “Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA)-regulated facilities”. The Guidelines are intended to assist facility owners and operators in complying with the requirements to assess, document, and address system and network risks.

The Maritime Cybersecurity Guidelines were mandated by the increasing number of cybersecurity incidents on shipping companies as well as port facilities. But the root cause behind all US Coast Guard efforts to raise awareness of imminent cyber threats is the expanding maritime cyber threat landscape because of the proliferation of emerging technologies and the digitalization of devices onboard vessels. Heavily digitized vessels introduce new cybersecurity vulnerabilities that increase operational risk.  Exploitation, misuse, disruption, or simple failure of cyber systems can cause injury or death, harm the marine environment, disrupt vital trade activity, and degrade the ability to respond to other emergencies.

The European Union also enforces maritime cybersecurity requirements

These risks are even more crucial to national economies because the shipping sector is part of the national critical infrastructures. For example, the European Union has recognized the importance of commercial vessels to the EU digital market and has mandated the operators and owners of the vessels to abide by the security requirements of the Network and Information Systems Security Directive (NIS Directive).

To address these challenges and risks, national and transnational organizations have developed sets of best practices and recommendations. ENISA, the European Union Cybersecurity Agency, published in November 2019 the report “Port Cybersecurity – Good practices for cybersecurity in the maritime sector.” The United Kingdom Department of Transport released in January 2020 a practice guide on “Cyber Security for Ports and Port Systems.”

Effective maritime cybersecurity is mission-critical 

Today more than ever, Facility operators use computers and cyber-dependent technologies for communications, engineering, cargo control, environmental control, access control, passenger and cargo screening, and many other purposes. Not just operational technologies are computerized but also facility safety and security systems such as security monitoring, fire detection, and general alarm installations increasingly rely on computers and networks.

Maintaining effective cybersecurity is no longer just an IT issue but is rather a fundamental operational imperative in the 21st-century maritime environment.

According to Nir Ayalon, the CEO of Cydome, a maritime cybersecurity solution company, “Commercial vessels can no longer rely on an IT cyber solution and ensure the full coverage on all operational systems to be resilient from cyber-attacks. We at Cydome acknowledged the importance of having a holistic cybersecurity solution to address all risks of highly digitalized vessels and help vessel operators be compliant with cybersecurity requirements. Cydome’s unique cybersecurity solution is positioned on board of both IT and OT systems to provide a wider spectrum of defense against different types of cyber-attacks (both internal and external threats). Clients that use Cydome solution receive a better picture of their current assets onboard and use it to improve the vessel’s cybersecurity and safety at sea”.

The US Coast Guard instructs Commercial vessels’ operators and owners to perform a Facility Security Assessment (FSA) to assess and document risks and cybersecurity vulnerabilities associated with their computer systems and networks. Identifying and assessing cybersecurity vulnerabilities is the foundation of an efficient cybersecurity program. You can’t protect what you don’t know.

When cybersecurity vulnerabilities are identified in the Facility Security Assessment, an owner or operator may demonstrate compliance with the regulations by providing its cybersecurity mitigation procedures in a variety of formats. The information may be provided in a stand-alone cyber annex to the FSP or incorporated into the FSP together with the physical security measures.

While vessel owners need not identify a specific technology or business model, they are required to provide documentation to show how they are addressing the cybersecurity risks identified. Facility operators may elect to demonstrate mitigation of identified vulnerabilities by employing the many available best practices, such as the NIST Cybersecurity Framework.

The ultimate goal of cybersecurity programs in the shipping sector should be cyber resilience, to ensure business continuity and reliable operations even after a cyber-attack. Cyber resilience has emerged over the past few years because traditional cybersecurity measures are no longer enough to protect organizations from sophisticated and persistent cyber-attacks. Both cybersecurity and cyber safety are important because of their potential effect on personnel, the ship, environment, company, and cargo.

Source: informationsecuritybuzz

This circular provides information on the requirement to incorporate maritime cyber risk management in the safety management systems (SMS) of companies operating Singapore-registered ships.

Cyber risk management refers to the process of identifying, analysing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.

Maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. The goal of maritime cyber risk management is to support safe and secure shipping, which is operationally resilient to cyber risks.

As affirmed in Resolution MSC.428(98)1, an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code2, MPA will require cyber risks to be appropriately addressed in the company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after 1 January 2021.

In line with the guidance presented in MSC-FAL.1/Circ.3, to consider cyber risks as being appropriately addressed in SMS, the ISM company is required to demonstrate that they have appropriately incorporated the five functional elements to address maritime cyber risks, namely:
a. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
b. Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations;
c. Detect: Develop and implement activities necessary to detect a cyberevent in a timely manner;
d. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event;
and
e. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

ISM companies of Singapore-registered ships are reminded to review the identified risks to its ships, personnel and the environment and to establish appropriate safeguards to ensure that maritime cyber risks are appropriately addressed in the SMS, and that the five functional elements stated in para 5 have been incorporated into their risk management framework.

MPA has co-funded several maritime cyber security courses under Maritime Cluster Fund and Training@MaritimeSingapore. MPA is also aware that Recognised Organisations (ROs) have developed maritime cyber security training courses and relevant consultancy services to assist ISM Companies in developing and preparing their cyber risk management strategy and procedures. Companies may visit www.mpa.gov.sg or approach the ROs for more information on such training and services…

(For information about operations in Singapore, contact GAC Singapore at singapore@gac.com)

Source:  Maritime and Port Authority of Singapore Shipping Circular No.15 of 2020 dated 13 August 2020

This circular provides information on the requirement to incorporate maritime cyber risk management in the safety management systems (SMS) of companies operating Singapore-registered ships.

Cyber risk management refers to the process of identifying, analysing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.

Maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. The goal of maritime cyber risk management is to support safe and secure shipping, which is operationally resilient to cyber risks.

As affirmed in Resolution MSC.428(98)1, an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code2, MPA will require cyber risks to be appropriately addressed in the company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after 1 January 2021.

In line with the guidance presented in MSC-FAL.1/Circ.3, to consider cyber risks as being appropriately addressed in SMS, the ISM company is required to demonstrate that they have appropriately incorporated the five functional elements to address maritime cyber risks, namely:
a. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
b. Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations;
c. Detect: Develop and implement activities necessary to detect a cyberevent in a timely manner;
d. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event;
and
e. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

ISM companies of Singapore-registered ships are reminded to review the identified risks to its ships, personnel and the environment and to establish appropriate safeguards to ensure that maritime cyber risks are appropriately addressed in the SMS, and that the five functional elements stated in para 5 have been incorporated into their risk management framework.

MPA has co-funded several maritime cyber security courses under Maritime Cluster Fund and Training@MaritimeSingapore. MPA is also aware that Recognised Organisations (ROs) have developed maritime cyber security training courses and relevant consultancy services to assist ISM Companies in developing and preparing their cyber risk management strategy and procedures. Companies may visit www.mpa.gov.sg or approach the ROs for more information on such training and services…

(For information about operations in Singapore, contact GAC Singapore at singapore@gac.com)

Source: Maritime and Port Authority of Singapore Shipping Circular No.15 of 2020 dated 13 August 2020

Changes to annual subscriptions and vessel levies
Friday, August 14, 2020, South Africa

At the South African Association of Ship Operators and Agents (SAASOA) Microsoft Team Annual General Meeting on 5 August, the following changes to the SAASOA Annual Subscriptions and Vessel Levies were proposed, seconded and passed by Members present:

ANNUAL SUBSCRIPTIONS
R 1 200 per Member exclusive of VAT (No change).
This was proposed by the Board of Directors and accepted by all Members present.

VESSEL LEVIES
Increase from R 300 to R 450 as below per call exclusive of VAT effective 1 September 2020.
– Current Levy R 300.00
– General Levy Increase R 50.00
– Legal Fees Contingency (see below) R 100.00
– TOTAL R 450.00

This Legal Fees Contingency portion will be revisited in August 2021, taking into account the Funds Balances that SAASOA manages to accumulate within the next twelve months, versus the Legal Expenses that SAASOA is expecting also within the next twelve months.

This was proposed by the Board of Directors and accepted by all Members present.

The rationale behind these increases was explained by the Board of Directors and Chief Financial Officer as follows:
1. In line with the slowing economy and the Worldwide COVID 19 Pandemic, the number of billable vessels is well below the budgeted number and is not showing any signs of improving at this stage of 2020.
2. SAASOA does not have access to outside loan funding in the form of bank overdrafts or other such funding.
3. SAASOA operating expenses have been trimmed to the lowest possible level and the Board of Directors have regular input to expenses incurred and reported in the monthly financial reports.
4. In the light of points 1 to 3 above, the Board of Directors consider it prudent to have available cash resources to cover approximately six (6) months operating expenses.
5. In order for SAASOA to continue effectively and efficiently, the Association needs to show an operating surplus each year into the future. With expenses having been cut to as low as possible, the only way to attain this goal is to increase revenue with call numbers dropping, this can only be attained by increasing the revenue base.
6. With the various Shipping Bills / Proposals / Amendments that are currently in the pipeline, SAASOA is going to incur Legal Costs in dealing with these matters. As SAASOA cannot keep asking Members for “Special Levies”, it was decided to increase the General Vessel Call Levy, which impacts all Members through their Monthly Vessel Calls. As this Call Levy is usually passed on to the Principal concerned, there is no impact on the individual SAASOA Member.

(For information about operations in South Africa, contact GAC South Africa at shipping.capetown@gac.com)

Source: South African Association of Ship Operators and Agents (SAASOA) letter dated 12 August 2020

Marine site investigation in Tung Chung Wan
Friday, August 14, 2020, Hong Kong

For approximately 4 months, marine site investigation works involving drilling of boreholes will be carried out in the following locations (WGS 84 Datum):
(A) 22 deg. 17.123’N / 113 deg. 56.093’E
(B) 22 deg. 17.120’N / 113 deg. 56.091’E
(C) 22 deg. 17.113’N / 113 deg. 56.081’E
(D) 22 deg. 17.089’N / 113 deg. 56.073’E
(E) 22 deg. 17.078’N / 113 deg. 56.061’E
(F) 22 deg. 17.071’N / 113 deg. 56.053’E
(G) 22 deg. 17.064’N / 113 deg. 56.045’E
(H) 22 deg. 17.051’N / 113 deg. 56.031’E

The works will be carried out by one jack-up platform. Two tugboats and one work boat will provide assistance.

A working area of approximately 30 metres around the platform will be established. Yellow flashing lights will be installed at the four corners of the jack-up platform to indicate its position.

The hours of work will be from 0700 to 1900 hours. No works will be carried out on Sundays and public holidays. Vessels employed for the works will stay in the works location outside the hours of work.

Vessels engaged in the operations will display signals as prescribed in international and local regulations.

Vessels navigating in the vicinity should proceed with caution.

(For information about operations in Hong Kong, contact GAC Hong Kong at shipping.hongkong@gac.com)

Source: Government of the Hong Kong SAR Marine Department Notice No.114 of 2020

Dredging off West Coast of Lamma Island
Friday, August 14, 2020, Hong Kong

For approximately six months, dredging operations will be carried out within the area bounded by straight lines joining the following co-ordinates (WGS 84 Datum) from (A) to (G):
(A) 22 deg. 13.234’N / 114 deg. 06.042’E
(B) 22 deg. 11.000’N / 114 deg. 06.423’E
(C) 22 deg. 10.961’N / 114 deg. 06.277’E
(D) 22 deg. 12.214’N / 114 deg. 06.063’E
(E) 22 deg. 12.728’N / 114 deg. 05.723’E
(F) 22 deg. 13.075’N / 114 deg. 05.710’E
(G) 22 deg. 13.199’N / 114 deg. 05.806’E

The works will be carried out by a flotilla of vessels including two grab dredgers, two tugboats and two split hopper barges. The number of vessels engaged in the works will change from time to time to suit operational requirements.

A working area of approximately 50 metres around each dredger will be established. Yellow marker buoys fitted with yellow flashing lights will be laid to mark the positions of the anchors extending from each dredger.

Silt curtains fitted with yellow flashing lights will be established within the works area. The silt curtain is a large piece of netting used to contain mud and sediments.

The works will be carried out round-the-clock.

Vessels engaged in the operations will display signals as prescribed in international and local regulations.

Vessels navigating in the vicinity should proceed with caution.

(For information about operations in Hong Kong, contact GAC Hong Kong at shipping.hongkong@gac.com)

Source: Government of the Hong Kong SAR Marine Department Notice No.115 of 2020

Ship operators and owners need to prepare for IMO’s changes to the International Ship Management (ISM) Code that sees cyber risk management become part of vessel safety and security plans.

Owners need to act before these recommendations come into force on 1 January 2020, for in four months’ time, port state control such as the US Coast Guard could begin detaining ships for non-compliance. But shipping companies are already being hacked and suffering cyber attacks.

This includes the now notorious attack on Maersk Line’s IT networks in 2017, which caused more than US$300M in losses for the Danish container shipping group. Other more recent attacks include successful cyber breaches on networks operated by Toll Group, Mediterranean Shipping Company, Anglo-Eastern and OSM Maritime Group.

Which is why operators are being urged to invest in cyber security and training for seafarers and shore staff.

These were some of the key conclusions from Riviera Maritime Media’s Cyber security: readying for the ISM Code’s 1 Jan 2021 requirements webinar. This was held on 5 August in association with premier partner ClassNK and sponsor F-Secure as part of Riviera’s Maritime Cyber Security Webinar Week.

During that webinar, ClassNK cyber security team deputy manager Makiko Tani outlined the reasons for shipowners to implement cyber risk management and bolster security.

“Ships today are increasingly leveraging cyber space and operational technology (OT) is more connected with IT and communications,” said Ms Tani. “All this is in pursuit of innovation for fuel efficiency and voyage optimisation, but these bring new vulnerabilities.”

She therefore expects shipowners, operators and managers to ensure cyber risk management is completed ready for ISM Code 2021 and risk assessments are completed within companies and on board ships.

Ms Tani said cyber security “should not just be about compliance” but could open “new opportunities for business and new innovations”.

She said owners with existing fleets should understand the OT on ships and the required cyber risk controls. “Know how your ships are designed and protected,” Ms Tani said. “Be aware of the onboard OT and IT, and where these meet.”

“Can a cyber attack get into the OT?” she asked, adding this could occur through transferring malware, if crew plug their mobile devices into the ship’s ECDIS to charge.

“Compliance to the ISM Code 2021 can start here, by training people and empowering decision makers,” said Ms Tani. She suggested using multi-layered approach for controlling onboard cyber security, which includes updating firewalls, implementing software upgrades and updating antivirus protection. It is also about preventing seafarers from opening email attachments or using unconfirmed links.

There is plenty of guidance for shipping companies. ClassNK has published Guidelines for Designing Cyber Security Onboard Ships, with a second edition published in July 2020. It is applicable to deploying cyber security on newbuildings and is the responsibility of shipbuilders and OT/IT system integrators. This comes with ClassNK’s cyber security notation and is aligned with International Electrotechnical Commission (IEC) 62443 standard and ClassNK’s recommendation 166 on cyber resilience.

In April 2019, ClassNK published its first edition of Guidelines Cyber Security Management Systems Onboard Ships for shipowners and operators responsible for establishing cyber security management systems. It is aligned with International Organisation for Standardisation (ISO) standards ISO 27001 and ISO 27002.

Another applicable document is ClassNK’s Guidelines Ships for Software Security, published in May 2019 for those responsible for establishing cyber security management systems.

Moran Cyber managing director Captain Alex Soukhanov agreed there were more vulnerabilities on modern ships with integrated IT with OT. “Digitalisation is the direction of the industry, so we have to develop continuous and holistic strategies to protect these investments, life, and the environment,” he said. This includes vessel control systems, navigation bridges, engineroom controls and ship automation.

Capt Soukhanov provided a case study within his presentation. This assessed a ship’s OT systems for any cyber security issues. “Our customer required assistance in performing asset discovery of marine OT systems followed by network segmentation from untrusted systems across the fleet,” he said. “We established trust with captains and chief engineers to perform assessments and passive network asset discovery.”

Network segmentation was implemented, and crew were trained on cyber risks and safely operating systems. The results were reduced vulnerable surfaces to cyber threats, increased asset visibility, separating critical OT equipment from untrusted or semi-trusted assets and business protection.

Security by design

Cyber security should be incorporated into ships as they are designed and built, instead of being retrofitted on to ships either for the ISM Code 2021 or as OT is upgraded.

“As digitalisation accelerates, we need to build in cyber security from the start,” said Capt Soukhanov. “Otherwise we are just catching up. Cyber security should be there before the keel is laid.” He said carrying out comprehensive cyber security risk assessments during design will improve safety, resiliency, and reliability through security by design.

Involve vendors during the early stages and extend this collaboration through the lifecycle of investment. Ship operators and vendors “should collaborate and work together to protect onboard systems” said Capt Soukhanov.

Assurance and insurance

Implementing cyber security and risk mitigation is as an opportunity for shipping companies to gain a better understanding of onboard OT and IT, said Beazley senior risk manager Kelly Malynn.

Conducting risk assessments will give owners a better understanding of the cyber threats and vulnerabilities on ships. “Risk assessment quality is important. Owners need to invest in this,” she said. To mitigate risk, segregating networks into subnetworks “makes it harder for an adversary to gain access to essential systems and equipment,” she continued.

“Eliminate the use of generic log-in credentials for multiple personnel. Create network profiles for each employee and require them to enter a password and/or insert an ID card to log on to onboard equipment,” Ms Malynn recommended.

“Limit access and privileges to only those levels necessary to allow each user to do their job. Administrator accounts should be used sparingly and only when necessary. All employees in shipping companies should be wary of external media, stop transferring data via USB drives.

“It is critical external media is scanned for malware on a standalone system before being plugged into any shipboard network. Never run executable media from an untrusted source,” warned Ms Malynn. Basic cyber hygiene can stop incidents before they impact operations. “Install and routinely update basic antivirus software, and do not forget to patch. This is the core of cyber hygiene.”

Ship operators also need to prepare for potential losses and recovery as a successful cyber attack is inevitable. “It is time to reach out to those people with experience – there is insurance cover out there,” she said.

Source: rivieramm

U.S. sanctions have driven Venezuela’s oil exports to their lowest levels in nearly 80 years, starving President Nicolas Maduro’s socialist government of its main source of revenue and leaving authorities short of cash for essential imports such as food and medicine.

The sanctions are part of U.S. efforts to weaken Maduro’s grip on power after Washington and other Western democracies accused him of rigging a 2018 re-election vote. Despite the country’s economic collapse, Maduro has held on and frustrated the administration of U.S. President Donald Trump.

Maduro’s government says the United States is trying to seize Venezuela’s oil and calls the U.S. measures illegal persecution that heap suffering on the Venezuelan people.

Washington has honed in on the maritime industry in recent months in efforts to better enforce sanctions on the oil trade and isolate Caracas, Washington’s special envoy on Venezuela Elliott Abrams told Reuters.

“What you will see is most shipowners and insurance and captains are simply going to turn away from Venezuela,” Abrams told Reuters in an interview.

“It’s just not worth the hassle or the risk for them.”

The United States is pressuring shipping companies, insurers, certifiers and flag states that register vessels, he said.

Ship classification societies, which certify safety and environmental standards for vessels, are feeling the heat for the first time.

The United States is pressuring classifiers to establish whether vessels have violated sanctions regulations and to withdraw certification if so as a way to tighten sanctions further, a U.S. official told Reuters, speaking on condition of anonymity.

Without certification, a vessel and its cargo become uninsured. Ship owners would also be in breach of commercial contracts which require certificates to be maintained. In addition, port authorities can refuse entry or detain a ship.

London-headquartered Lloyd’s Register (LR), one of the world’s leading ship classifiers, said it had withdrawn services from eight tankers that were involved in trade with Venezuela.

Source: Reuters

So it has happened. The screens on the business PCs in the engine control room and bridge have all locked down. The computers are simply displaying a black screen with a blank pop up window. No text. There is no ransom note (yet). One of the ECDIS systems is also no longer functioning properly and keeps restarting randomly.

The vessel has entered US waters and a pilot has boarded to bring the vessel into safe harbour. The crew have also received notification from the US Coast Guard of their intention to dispatch an inspector and are anticipating a Port State Control examination when the vessel is in port.

The master is on the phone to the Technical and IT Managers, trying to follow instructions in order to rapidly diagnose the problem. But the phone line isn’t great at the moment as the vessel is currently in a position with poor connectivity. In his mind, he is working out the best way to explain what is happening to the authorities, while trying to make up contingency plans on the fly. The pressure is on to avoid a detention.

This scenario is entirely plausible from January 1 next year when the cyber security requirements set out in IMO 2021 becomes effective and as cyber attacks on shipping operations continue to increase.

“We thought we were prepared for a cyber attack and then we got a nasty surprise when one actually occurred.” This is a common reaction of those who have lived through a cyber attack.

Based on CyberOwl’s experience engaging with nearly 100 fleet operators, less than 5% of them would be able to answer a few fundamental cyber security questions when they are under pressure during a high profile cyber incident, such as: what is actually happening to the onboard systems? Are we sure we have been cyber attacked? Will it spread and how do we stop it spreading? And how quickly can we recover operations?

This is before the more complicated questions that come later during forensic analysis, such as: what has been the full scale of the impact of the cyber attack? What systems have been compromised? How did the attack actually happen? How do we prevent the same attack in future? In fact, there are some security teams that never properly answer these latter questions.

If you’re the fleet IT manager, scrambling around trying your best to quickly put fires out during such a cyber incident is not going to be a fun day at the office. One of the key decisions you are going to have to quickly make is whether you should be reporting the incident to the leadership team. If so, when do you report it and what do you say? Then, how regularly do you update them?

This is why an effective cyber risk management approach actually starts with the leadership. Recent IMO guidelines and the guidelines on cyber security onboard ships (version 3 produced by BIMCO et al) makes it very clear that “effective cyber risk management should start at the senior management level”.

So developing emergency response plans with senior management early means you’ll already know what information they expect and when.

How does your leadership team perceive the level of cyber risk in shipping? CyberOwl is working on an initiative addressing Cyber Readiness for Boards (CRfB) to uncover this, supported by the UK’s National Cyber Security Centre (NCSC) and the Lloyd’s Register Foundation. Initial findings suggest:

• a key factor that drives a leadership team’s cyber risk perception is their trust in their organisation’s ability to respond to it. If you’re a fleet IT manager, that’s you and your team. And in many cases, this is likely to be overly-optimistic. Certainly, the ability to handle a cyber attack is rarely stress-tested in shipping, unlike in some other sectors.
• the current focus for the shipping sector is on compliance. While timely, this doesn’t suffice to actually address cyber risk.
• the responsibility for cyber risk still rests too heavily on IT or HSSEQ managers.

Instead, cyber risk needs to be owned and managed as a core business risk, with ultimate accountability at the leadership level. If you are the IT or HSSEQ manager shouldering that perceived responsibility, it is in your interest to get your leadership team to understand that.

What does a cyber-ready leadership team look like? The leadership team needs to more clearly understand the cyber risks the organisation faces, ensure there is sufficient budget to ensure cyber resilience and set clear roles and responsibilities to preserve business continuity. This includes knowing what their roles are during a cyber attack crisis.

This is where cyber drills offer a useful starting point.

The concept of a drill isn’t new to shipping. Safety drills have long been a requirement either by legislation or as part of a shipmanager’s safety management system (SMS).

A scenario-based cyber exercise provides an ideal means for leadership teams to engage with and to rehearse for an effective response to a potential cyber-attack. The scenarios offer a creative license to run through both common incidents and also simulate low probability, high impact situations (also known as black swan events). It is easy to write off the need to prepare for such black swan events. And yet, Covid-19 shows us how the lack of preparedness may pose an existential threat to an organisation. Indeed, other sectors have shown how ‘doomsday exercises’ have been important to them to cope with the current crisis.

Ultimately, the goal here is to build increased awareness and understanding of cyber risks in your leadership team. It prepares them for when (rather than if) a cyber attack occurs. The drill also helps you identify ways to improve your organisation’s ability to execute effective mitigation strategies.

How would they react?

What information would they need to make decisions?

Who do you need to communicate with and when?