MARITIME CYBER SECURITY Archives - Page 3 of 25 - SHIP IP LTD

Take up of cyber insurance in the marine sector to date has been slow, but that’s bound to change.

One key reason is that the maritime industry is changing rapidly, said Dieter Berg, head of marine business development for Munich Re.

“Until recently, ships were isolated, and the logistics process was not technologically advanced. This market is changing very quickly to digital communications and connectivity.”

Those changes include more than just electronic navigation and communication, they extend to smart containers and real-time logistics routing and scheduling.

“This digitalization changes the risk profile for the marine industry,” said Andreas Schlayer, senior cyber underwriter for Munich Re. “The more an operation is electronic, the more the dependence on data changes the risk profile and the behavior.”

 

Source: riskandinsurance


im-337972.jpg

After the Japanese attacked Pearl Harbor, the Goodyear blimp Resolute was put into service spotting enemy submarines. There’s a lesson for 21st-century cyberwarfare.

The Constitution gives Congress the power to issue “letters of marque and reprisal”—essentially licenses authorizing private parties to wage war on the government’s behalf. Congress issued letters of marque liberally until the end of the War of 1812, and they were particularly useful during the First Barbary War (1801-05). The fledgling U.S.’s fleet of six frigates couldn’t stem piracy alone. Letters of marque enlisted U.S. merchantman as far away as the Mediterranean, where Barbary states often provided pirate ships with safe harbor. In the typical 19th-century use, Congress issued letters of marque to schooners and sloops, giving their operators the authority to sink or capture pirate ships by force.

The Resolute was the first and only privately owned U.S. craft to operate under a letter of marque since then. The blimp was flown by a civilian crew out of Los Angeles. If letters of marque could be adapted for flying machines, why not computing machines? Recent destructive hacks have proved that federal action alone can’t protect the cyber infrastructure. The time has come to grant letters of marque to enlist and arm private corporations to defend their interests and America’s.

 

Source: wsj


May-12-TSUNEISHI-SHIPBUILDING-latest-to-implement-IoS-OP-data-sharing-framework.jpg

TSUNEISHI SHIPBUILDING of Japan is the latest company to be confirmed as implementing shipbaord data collection operations using the IoS-OP (internet of Ships open Platform) framework, for a newbuild bulk carrier currently under construction.

IoS-OP is an open platform that enables the sharing of vessel operations data among shipbuilders, manufacturers, and related service providers based on a set of data sharing rules agreed by all stakeholders.

TSUNEISHI will operate within this framework to collect actual operational data for the newbuild ship, so that the data collection infrastructure is integrated into the 82,000DWT bulk carrier’s operational systems from the sea trial stage.

The data to be collected includes draft and shaft horsepower, fuel consumption and power consumption from the main engine, generator, and auxiliary machinery, as well as information from the Voyage Data Recorder (VDR). In total, some 800 items will be included in the data collection process.

The collected data will be shared between the shipyard and shipowner through the ‘ShipDC Portal’, provided by ShipDC on behalf of the IoS-OP, and will be utilised for the development of new ship types based on an enhanced understanding of machinery condition and evaluation of the ship’s performance.

 

Source: smartmaritimenetwork


Dryad and cyber partners RedSkyAlliance continue to monitor attempted attacks within the maritime sector. Here we continue to examine how email is used to deceive the recipient and potentially expose the target organisations.

“Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry.”

Dryad Global’s cyber security partners, Red Sky Alliance, perform weekly queries of  backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

With our cyber security partner we are providing a weekly list of Motor Vessels where it is observed that the vessel is being impersonated, with associated malicious emails.

The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies.  Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.

Those who work in the security industry can quickly identify the suspicious aspects of these emails, but the targets often cannot. Even if attackers can only get 10% of people to open their malicious email attachments, they can send thousands out in a day using similar templates resulting in hundreds of victims per day. They can also automate parts of this process for efficiency. It is critical to implement training for all employees to help identify malicious emails/attachments. This is still the major attack vector for attackers looking to attack a network. These analytical results illustrate how a recipient could be fooled into opening an infected email. They also demonstrate how common it is for attackers to specifically target pieces of a company’s supply chain to build up to cyber-attacks on the larger companies. Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.

 

Source: channel16.dryadglobal


Aong focused on mitigating physical risks such as piracy, the maritime shipping industry is currently grappling with a new challenge: how to respond to a dramatic spike in cybersecurity threats.

From February to June 2020, cybersecurity consulting firm Naval Dome documented a 400% growth in attempted hacks against maritime targets. Driven by increased numbers of remote access paths onboard vessels and the convergence of new information technology (IT) targets into traditionally operational technology (OT) environments — as well as the perceived value in targeting an industry that carries nearly 90% of the world’s trade — these attacks represent a serious new threat to the backbone of global commerce.

“This convergence is increasingly more pervasive because of the nature of digitalization trends, like using onboard sensors and tracking data off operational systems for predictive maintenance purposes, that open more attack surfaces on the IT side that can enter into the OT environments,” said Don Ward, senior vice president of Global Services at Mission Secure, a global provider of OT cyber-protection solutions. “We frequently see that clients think they have certain portions of their system on islands – inevitably, in every assessment we find a backdoor into these environments.”

It’s a balancing act that all digitally maturing industries face: deriving efficiency gains from integrating today’s latest technology while limiting the potential vulnerabilities from doing so. The maritime sector is still catching up to its aerospace and automotive counterparts in implementing modern cybersecurity best practices, but malicious actors will not be waiting idly for it to arrive there.

 

Source: tsi-mag


Riviera Media features a discussion on cyber threats and security for the tanker sector of the maritime industry by Julian Clark, Global Senior Partner at Ince. “The lack of adequate protection is particularly prevalent in relation to cyber-attacks on on-shore and on-vessel operations technology (OT) networks and control systems, as just 42% of organisations protect their vessels from OT cyber threats.”

Clark covers the current state of the industry, insurance considerations, potential consequences, including legal, and the ongoing efforts to achieve compliance and security.

“Tanker operators and managers are not sufficiently protected by being compliant with the new regulation – this is a ‘level-one solution to a level-four threat’ – accordingly, a tick box approach to compliance is far from sufficient.”

Julian Clark, Global Senior Partner at Ince

Source: missionsecure


The British Ports Association and the UK-based risk management firm Astaara have released a new study on the wave of cyberattacks seen by maritime stakeholders over the past four months.

In one high profile attack in May, computer systems at Iran’s Shahid Rajaee port facility at Bandar Abbas, creating traffic jams and serious operational disruption. Astaara believes that the attack came in direct response to a failed Iranian cyberattack on an Israeli water facility in April. (Iran has denied any involvement in the earlier incident.) U.S. officials told the Washington Post that Israeli forces orchestrated the retaliatory hack on Shahid Rajaee.

While attacks from criminal groups are far more common than suspected state-sponsored hacking, the overall upward trend is driving increased interest in security, according to Astaara. “Now, more than ever, the advantages of [digitalization] should be capable of being realized, but only if the corresponding management resilience and recovery plans are in place and practiced,” said Robert Dorey, CEO of  Astaara. “Processes need to be continually reviewed and updated as necessary, training provided, and new approaches to monitoring assessed and adopted.”

He noted that the new remote-work alternatives to standard operations like surveys and marine superintendent spot inspections have created new vulnerabilities for shipowners. Remote working has been identified as a major risk for security, as the attack surface is broadened.

Criminals realize this and do not care about the human cost of Covid-19, or their crimes. They are not interested in the morality of their action. Instead they are interested in disruption and making money; they see Covid-19 as an opportunity,” said Dorey.

According to Astaara, the way to fight back is to practice basic cyber hygiene and to invest an appropriate amount in security. Currently, cybercrime nets around $2 trillion per year for criminals worldwide – compared with the $150 billion a year spent by companies and individuals in protecting systems. “When you have ever more stringent regulations, a user population that is innovative in breaking the rules, and an external environment that is hostile to say the least, you cannot afford not to invest in your security, and to protect those aspects of business that depend on others for their delivery,” Astaara and BPA advised in the white paper.

 

Source: maritime-executive


Intellian has confirmed that its newly-launched v45C antenna has been qualified for operation on the Intelsat FlexMaritime network. By combining Intellian’s compact, high-performance antenna with Intelsat’s FlexMaritime High Throughput Satellite (HTS) service, this approval will deliver global connectivity to customers in the smallest package available to date.

Until now, service providers have required antennas of 60cm or larger to deliver high throughput services owing to the higher power demanded by smaller units, but with the advent of HTS technology teamed with innovative antenna design, the use of more compact antennas has become possible. The v45C has been developed to bring VSAT to new markets where there is limited space available for communications equipment, such as workboats, leisure craft, fishing boats, small commercial and government vessels.

Intelsat is among the first to take advantage of this capability with the addition of a 45cm category to its FlexMaritime HTS service. VSAT delivery to small antennas has traditionally been restricted to localised regions in order to conserve power, but through the use of spot beam technology, HTS satellites can overcome this limitation. By providing high-power service to small, tightly-focused areas, frequencies can be reused across the satellite’s coverage area, supporting global service while reducing the cost of delivery. Intelsat takes this principle a step further with FlexMaritime, with multiple satellites able to overlay spots in the same area to boost performance even further.

It is this ability to dynamically allocate services as required, teamed with Intellian’s advanced technology, which allows a small antenna to deliver connectivity and performance at reasonable cost to the customer.

Shane Rossbacher, director of maritime products, Intelsat, said: “We’re pleased to welcome Intellian’s new v45C compact antenna to our Intelsat FlexMaritime service. This is an exciting time for customers who require a VSAT solution that is both space- and cost-efficient, and we’re delighted that Intellian has developed an innovative product that is ideally suited to take full advantage of our new 45cm service category.”

In common with the globally-successful v60E antenna launched last year, the v45C shares technology developed for Intellian’s advanced NX Series antennas. These range in size from 85cm to 150cm, with single-cable, dome-on connection and simple commissioning and diagnostics via the built-in AptusNX antenna management software.

Eric Sung, CEO, Intellian Technologies, said: “We’re delighted to gain this qualification from Intelsat. The combination of our leading antenna design and Intelsat’s innovative FlexMaritime service will deliver cost-effective VSAT service to customers in need of a compact, global high speed connectivity solution. We expect this to open up new markets, and look forward to collaborating with customers to help them gain the best possible results from the combination of HTS connectivity and Intellian products.”

Source: thedigitalship


When Maersk fell victim to the NotPetya ransomware cyber-attack in 2017 (resulting in a loss of over £300M), it highlighted that no shipping company is immune to cyber-attack – even IMO has been hacked. Cyber risk has been on the IMO agenda for some time and on 1 January 2021, MSC 428(98) was finally adopted. Tanker operators and managers are not sufficiently protected by being compliant with the new regulation – this is a ‘level-one solution to a level-four threat’ – accordingly, a tick box approach to compliance is far from sufficient.

The lack of adequate protection is particularly prevalent in relation to cyber-attacks on on-shore and on-vessel operations technology (OT) networks and control systems, as just 42% of organisations protect their vessels from OT cyber threats4. Additionally, an alarming 92% of the estimated costs arising from a cyber-attack are uninsured5 and the access and limits of cover are often restricted, which has serious risk-management implications for tanker owners and operators.

The devastating effects of a cyber-attack are not only financial and reputational, but crucially also legal. Tanker owners could face real challenges in order to establish due diligence and protect themselves legally if an incident arose from their vessel being cyber-compromised. They can expect cargo interests and others to raise arguments that there was a failure to make use of available cyber-security protection systems to ensure they were adequately protected.

In relation to the concept of due diligence and the application of the Hague Visby Rule Article IV Rule (ii) defences, shipowners will need to show due diligence in relation to protecting their vessels against a cyber-attack. The duties of due diligence are generally not delegable, so while a contractual provision ensuring that the manufacturer takes responsibility for cyber-integrity creates a potential right of recourse, this does not itself provide a defence to a claim. Additionally, where there are systems available in the market that can provide protection against a cyber-attack, and an owner has failed to implement appropriate measures or is unable to show they have an effective system in place to address cyber-risk, such omissions could amount to recklessness, giving rise to a possibility to break limitation.

We can expect to see claimants raising issues of unseaworthiness where they suffer loss or damage as a result of a vessel being cyber-compromised.

It is critical for tanker owners and operators to take an integrated, comprehensive approach to protecting their organisations against cyber threats. Our recent venture with Mission Secure (leaders in providing military-grade cyber security for OT systems) to launch an industry-first, integrated legal advisory, consultancy and technology cyber-security solution, addresses this market need by providing both advisory and action to fully protect companies beyond the current regulatory guidelines.

 

Source: rivieramm


Before starting at at Telenor Maritime, Toni was the CEO of KNL Networks, which was acquired by Telenor Maritime in 2020. Before Co-founding KNL Networks in 2011, Toni worked at the University of Oulu as a research scientist and Doctoral student from 2008 to 2011. He is a former electronic warfare officer in the Finnish Defence Forces and has 20 years of hands-on radio experience. Toni is a former member of the Arctic Council Task Force on Telecommunications Infrastructure in the Arctic (TFTIA).

With KNL onboard, Telenor Maritime believes its new platform can help facilitate the digitalization of the shipping industry, with secure, reliable and cost-effective sharing of data right across the globe. The webinar will address opportunities and challenges in maritime digitalization and cyber security. Onboard capabilities in cybersecurity and IT are often somewhat limited. Most of onboard equipment are not designed to be connected, so devices their selves don’t provide sufficient security. Cybersecurity has become one of the biggest threats to the industry.

We look forward to learning more about cyber security!

 

Source: nme


Twitter

@AnyawbSales - 2 years

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released