MARITIME CYBER SECURITY Archives - Page 30 of 40 - SHIP IP LTD

This circular provides information on the requirement to incorporate maritime cyber risk management in the safety management systems (SMS) of companies operating Singapore-registered ships.

Cyber risk management refers to the process of identifying, analysing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.

Maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. The goal of maritime cyber risk management is to support safe and secure shipping, which is operationally resilient to cyber risks.

As affirmed in Resolution MSC.428(98)1, an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code2, MPA will require cyber risks to be appropriately addressed in the company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after 1 January 2021.

In line with the guidance presented in MSC-FAL.1/Circ.3, to consider cyber risks as being appropriately addressed in SMS, the ISM company is required to demonstrate that they have appropriately incorporated the five functional elements to address maritime cyber risks, namely:
a. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
b. Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations;
c. Detect: Develop and implement activities necessary to detect a cyberevent in a timely manner;
d. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event;
and
e. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

ISM companies of Singapore-registered ships are reminded to review the identified risks to its ships, personnel and the environment and to establish appropriate safeguards to ensure that maritime cyber risks are appropriately addressed in the SMS, and that the five functional elements stated in para 5 have been incorporated into their risk management framework.

MPA has co-funded several maritime cyber security courses under Maritime Cluster Fund and Training@MaritimeSingapore. MPA is also aware that Recognised Organisations (ROs) have developed maritime cyber security training courses and relevant consultancy services to assist ISM Companies in developing and preparing their cyber risk management strategy and procedures. Companies may visit www.mpa.gov.sg or approach the ROs for more information on such training and services…

(For information about operations in Singapore, contact GAC Singapore at singapore@gac.com)

Source: Maritime and Port Authority of Singapore Shipping Circular No.15 of 2020 dated 13 August 2020

Changes to annual subscriptions and vessel levies
Friday, August 14, 2020, South Africa

At the South African Association of Ship Operators and Agents (SAASOA) Microsoft Team Annual General Meeting on 5 August, the following changes to the SAASOA Annual Subscriptions and Vessel Levies were proposed, seconded and passed by Members present:

ANNUAL SUBSCRIPTIONS
R 1 200 per Member exclusive of VAT (No change).
This was proposed by the Board of Directors and accepted by all Members present.

VESSEL LEVIES
Increase from R 300 to R 450 as below per call exclusive of VAT effective 1 September 2020.
– Current Levy R 300.00
– General Levy Increase R 50.00
– Legal Fees Contingency (see below) R 100.00
– TOTAL R 450.00

This Legal Fees Contingency portion will be revisited in August 2021, taking into account the Funds Balances that SAASOA manages to accumulate within the next twelve months, versus the Legal Expenses that SAASOA is expecting also within the next twelve months.

This was proposed by the Board of Directors and accepted by all Members present.

The rationale behind these increases was explained by the Board of Directors and Chief Financial Officer as follows:
1. In line with the slowing economy and the Worldwide COVID 19 Pandemic, the number of billable vessels is well below the budgeted number and is not showing any signs of improving at this stage of 2020.
2. SAASOA does not have access to outside loan funding in the form of bank overdrafts or other such funding.
3. SAASOA operating expenses have been trimmed to the lowest possible level and the Board of Directors have regular input to expenses incurred and reported in the monthly financial reports.
4. In the light of points 1 to 3 above, the Board of Directors consider it prudent to have available cash resources to cover approximately six (6) months operating expenses.
5. In order for SAASOA to continue effectively and efficiently, the Association needs to show an operating surplus each year into the future. With expenses having been cut to as low as possible, the only way to attain this goal is to increase revenue with call numbers dropping, this can only be attained by increasing the revenue base.
6. With the various Shipping Bills / Proposals / Amendments that are currently in the pipeline, SAASOA is going to incur Legal Costs in dealing with these matters. As SAASOA cannot keep asking Members for “Special Levies”, it was decided to increase the General Vessel Call Levy, which impacts all Members through their Monthly Vessel Calls. As this Call Levy is usually passed on to the Principal concerned, there is no impact on the individual SAASOA Member.

(For information about operations in South Africa, contact GAC South Africa at shipping.capetown@gac.com)

Source: South African Association of Ship Operators and Agents (SAASOA) letter dated 12 August 2020

Marine site investigation in Tung Chung Wan
Friday, August 14, 2020, Hong Kong

For approximately 4 months, marine site investigation works involving drilling of boreholes will be carried out in the following locations (WGS 84 Datum):
(A) 22 deg. 17.123’N / 113 deg. 56.093’E
(B) 22 deg. 17.120’N / 113 deg. 56.091’E
(C) 22 deg. 17.113’N / 113 deg. 56.081’E
(D) 22 deg. 17.089’N / 113 deg. 56.073’E
(E) 22 deg. 17.078’N / 113 deg. 56.061’E
(F) 22 deg. 17.071’N / 113 deg. 56.053’E
(G) 22 deg. 17.064’N / 113 deg. 56.045’E
(H) 22 deg. 17.051’N / 113 deg. 56.031’E

The works will be carried out by one jack-up platform. Two tugboats and one work boat will provide assistance.

A working area of approximately 30 metres around the platform will be established. Yellow flashing lights will be installed at the four corners of the jack-up platform to indicate its position.

The hours of work will be from 0700 to 1900 hours. No works will be carried out on Sundays and public holidays. Vessels employed for the works will stay in the works location outside the hours of work.

Vessels engaged in the operations will display signals as prescribed in international and local regulations.

Vessels navigating in the vicinity should proceed with caution.

(For information about operations in Hong Kong, contact GAC Hong Kong at shipping.hongkong@gac.com)

Source: Government of the Hong Kong SAR Marine Department Notice No.114 of 2020

Dredging off West Coast of Lamma Island
Friday, August 14, 2020, Hong Kong

For approximately six months, dredging operations will be carried out within the area bounded by straight lines joining the following co-ordinates (WGS 84 Datum) from (A) to (G):
(A) 22 deg. 13.234’N / 114 deg. 06.042’E
(B) 22 deg. 11.000’N / 114 deg. 06.423’E
(C) 22 deg. 10.961’N / 114 deg. 06.277’E
(D) 22 deg. 12.214’N / 114 deg. 06.063’E
(E) 22 deg. 12.728’N / 114 deg. 05.723’E
(F) 22 deg. 13.075’N / 114 deg. 05.710’E
(G) 22 deg. 13.199’N / 114 deg. 05.806’E

The works will be carried out by a flotilla of vessels including two grab dredgers, two tugboats and two split hopper barges. The number of vessels engaged in the works will change from time to time to suit operational requirements.

A working area of approximately 50 metres around each dredger will be established. Yellow marker buoys fitted with yellow flashing lights will be laid to mark the positions of the anchors extending from each dredger.

Silt curtains fitted with yellow flashing lights will be established within the works area. The silt curtain is a large piece of netting used to contain mud and sediments.

The works will be carried out round-the-clock.

Vessels engaged in the operations will display signals as prescribed in international and local regulations.

Vessels navigating in the vicinity should proceed with caution.

(For information about operations in Hong Kong, contact GAC Hong Kong at shipping.hongkong@gac.com)

Source: Government of the Hong Kong SAR Marine Department Notice No.115 of 2020

Ship operators and owners need to prepare for IMO’s changes to the International Ship Management (ISM) Code that sees cyber risk management become part of vessel safety and security plans.

Owners need to act before these recommendations come into force on 1 January 2020, for in four months’ time, port state control such as the US Coast Guard could begin detaining ships for non-compliance. But shipping companies are already being hacked and suffering cyber attacks.

This includes the now notorious attack on Maersk Line’s IT networks in 2017, which caused more than US$300M in losses for the Danish container shipping group. Other more recent attacks include successful cyber breaches on networks operated by Toll Group, Mediterranean Shipping Company, Anglo-Eastern and OSM Maritime Group.

Which is why operators are being urged to invest in cyber security and training for seafarers and shore staff.

These were some of the key conclusions from Riviera Maritime Media’s Cyber security: readying for the ISM Code’s 1 Jan 2021 requirements webinar. This was held on 5 August in association with premier partner ClassNK and sponsor F-Secure as part of Riviera’s Maritime Cyber Security Webinar Week.

During that webinar, ClassNK cyber security team deputy manager Makiko Tani outlined the reasons for shipowners to implement cyber risk management and bolster security.

“Ships today are increasingly leveraging cyber space and operational technology (OT) is more connected with IT and communications,” said Ms Tani. “All this is in pursuit of innovation for fuel efficiency and voyage optimisation, but these bring new vulnerabilities.”

She therefore expects shipowners, operators and managers to ensure cyber risk management is completed ready for ISM Code 2021 and risk assessments are completed within companies and on board ships.

Ms Tani said cyber security “should not just be about compliance” but could open “new opportunities for business and new innovations”.

She said owners with existing fleets should understand the OT on ships and the required cyber risk controls. “Know how your ships are designed and protected,” Ms Tani said. “Be aware of the onboard OT and IT, and where these meet.”

“Can a cyber attack get into the OT?” she asked, adding this could occur through transferring malware, if crew plug their mobile devices into the ship’s ECDIS to charge.

“Compliance to the ISM Code 2021 can start here, by training people and empowering decision makers,” said Ms Tani. She suggested using multi-layered approach for controlling onboard cyber security, which includes updating firewalls, implementing software upgrades and updating antivirus protection. It is also about preventing seafarers from opening email attachments or using unconfirmed links.

There is plenty of guidance for shipping companies. ClassNK has published Guidelines for Designing Cyber Security Onboard Ships, with a second edition published in July 2020. It is applicable to deploying cyber security on newbuildings and is the responsibility of shipbuilders and OT/IT system integrators. This comes with ClassNK’s cyber security notation and is aligned with International Electrotechnical Commission (IEC) 62443 standard and ClassNK’s recommendation 166 on cyber resilience.

In April 2019, ClassNK published its first edition of Guidelines Cyber Security Management Systems Onboard Ships for shipowners and operators responsible for establishing cyber security management systems. It is aligned with International Organisation for Standardisation (ISO) standards ISO 27001 and ISO 27002.

Another applicable document is ClassNK’s Guidelines Ships for Software Security, published in May 2019 for those responsible for establishing cyber security management systems.

Moran Cyber managing director Captain Alex Soukhanov agreed there were more vulnerabilities on modern ships with integrated IT with OT. “Digitalisation is the direction of the industry, so we have to develop continuous and holistic strategies to protect these investments, life, and the environment,” he said. This includes vessel control systems, navigation bridges, engineroom controls and ship automation.

Capt Soukhanov provided a case study within his presentation. This assessed a ship’s OT systems for any cyber security issues. “Our customer required assistance in performing asset discovery of marine OT systems followed by network segmentation from untrusted systems across the fleet,” he said. “We established trust with captains and chief engineers to perform assessments and passive network asset discovery.”

Network segmentation was implemented, and crew were trained on cyber risks and safely operating systems. The results were reduced vulnerable surfaces to cyber threats, increased asset visibility, separating critical OT equipment from untrusted or semi-trusted assets and business protection.

Security by design

Cyber security should be incorporated into ships as they are designed and built, instead of being retrofitted on to ships either for the ISM Code 2021 or as OT is upgraded.

“As digitalisation accelerates, we need to build in cyber security from the start,” said Capt Soukhanov. “Otherwise we are just catching up. Cyber security should be there before the keel is laid.” He said carrying out comprehensive cyber security risk assessments during design will improve safety, resiliency, and reliability through security by design.

Involve vendors during the early stages and extend this collaboration through the lifecycle of investment. Ship operators and vendors “should collaborate and work together to protect onboard systems” said Capt Soukhanov.

Assurance and insurance

Implementing cyber security and risk mitigation is as an opportunity for shipping companies to gain a better understanding of onboard OT and IT, said Beazley senior risk manager Kelly Malynn.

Conducting risk assessments will give owners a better understanding of the cyber threats and vulnerabilities on ships. “Risk assessment quality is important. Owners need to invest in this,” she said. To mitigate risk, segregating networks into subnetworks “makes it harder for an adversary to gain access to essential systems and equipment,” she continued.

“Eliminate the use of generic log-in credentials for multiple personnel. Create network profiles for each employee and require them to enter a password and/or insert an ID card to log on to onboard equipment,” Ms Malynn recommended.

“Limit access and privileges to only those levels necessary to allow each user to do their job. Administrator accounts should be used sparingly and only when necessary. All employees in shipping companies should be wary of external media, stop transferring data via USB drives.

“It is critical external media is scanned for malware on a standalone system before being plugged into any shipboard network. Never run executable media from an untrusted source,” warned Ms Malynn. Basic cyber hygiene can stop incidents before they impact operations. “Install and routinely update basic antivirus software, and do not forget to patch. This is the core of cyber hygiene.”

Ship operators also need to prepare for potential losses and recovery as a successful cyber attack is inevitable. “It is time to reach out to those people with experience – there is insurance cover out there,” she said.

Source: rivieramm

U.S. sanctions have driven Venezuela’s oil exports to their lowest levels in nearly 80 years, starving President Nicolas Maduro’s socialist government of its main source of revenue and leaving authorities short of cash for essential imports such as food and medicine.

The sanctions are part of U.S. efforts to weaken Maduro’s grip on power after Washington and other Western democracies accused him of rigging a 2018 re-election vote. Despite the country’s economic collapse, Maduro has held on and frustrated the administration of U.S. President Donald Trump.

Maduro’s government says the United States is trying to seize Venezuela’s oil and calls the U.S. measures illegal persecution that heap suffering on the Venezuelan people.

Washington has honed in on the maritime industry in recent months in efforts to better enforce sanctions on the oil trade and isolate Caracas, Washington’s special envoy on Venezuela Elliott Abrams told Reuters.

“What you will see is most shipowners and insurance and captains are simply going to turn away from Venezuela,” Abrams told Reuters in an interview.

“It’s just not worth the hassle or the risk for them.”

The United States is pressuring shipping companies, insurers, certifiers and flag states that register vessels, he said.

Ship classification societies, which certify safety and environmental standards for vessels, are feeling the heat for the first time.

The United States is pressuring classifiers to establish whether vessels have violated sanctions regulations and to withdraw certification if so as a way to tighten sanctions further, a U.S. official told Reuters, speaking on condition of anonymity.

Without certification, a vessel and its cargo become uninsured. Ship owners would also be in breach of commercial contracts which require certificates to be maintained. In addition, port authorities can refuse entry or detain a ship.

London-headquartered Lloyd’s Register (LR), one of the world’s leading ship classifiers, said it had withdrawn services from eight tankers that were involved in trade with Venezuela.

Source: Reuters

So it has happened. The screens on the business PCs in the engine control room and bridge have all locked down. The computers are simply displaying a black screen with a blank pop up window. No text. There is no ransom note (yet). One of the ECDIS systems is also no longer functioning properly and keeps restarting randomly.

The vessel has entered US waters and a pilot has boarded to bring the vessel into safe harbour. The crew have also received notification from the US Coast Guard of their intention to dispatch an inspector and are anticipating a Port State Control examination when the vessel is in port.

The master is on the phone to the Technical and IT Managers, trying to follow instructions in order to rapidly diagnose the problem. But the phone line isn’t great at the moment as the vessel is currently in a position with poor connectivity. In his mind, he is working out the best way to explain what is happening to the authorities, while trying to make up contingency plans on the fly. The pressure is on to avoid a detention.

This scenario is entirely plausible from January 1 next year when the cyber security requirements set out in IMO 2021 becomes effective and as cyber attacks on shipping operations continue to increase.

“We thought we were prepared for a cyber attack and then we got a nasty surprise when one actually occurred.” This is a common reaction of those who have lived through a cyber attack.

Based on CyberOwl’s experience engaging with nearly 100 fleet operators, less than 5% of them would be able to answer a few fundamental cyber security questions when they are under pressure during a high profile cyber incident, such as: what is actually happening to the onboard systems? Are we sure we have been cyber attacked? Will it spread and how do we stop it spreading? And how quickly can we recover operations?

This is before the more complicated questions that come later during forensic analysis, such as: what has been the full scale of the impact of the cyber attack? What systems have been compromised? How did the attack actually happen? How do we prevent the same attack in future? In fact, there are some security teams that never properly answer these latter questions.

If you’re the fleet IT manager, scrambling around trying your best to quickly put fires out during such a cyber incident is not going to be a fun day at the office. One of the key decisions you are going to have to quickly make is whether you should be reporting the incident to the leadership team. If so, when do you report it and what do you say? Then, how regularly do you update them?

This is why an effective cyber risk management approach actually starts with the leadership. Recent IMO guidelines and the guidelines on cyber security onboard ships (version 3 produced by BIMCO et al) makes it very clear that “effective cyber risk management should start at the senior management level”.

So developing emergency response plans with senior management early means you’ll already know what information they expect and when.

How does your leadership team perceive the level of cyber risk in shipping? CyberOwl is working on an initiative addressing Cyber Readiness for Boards (CRfB) to uncover this, supported by the UK’s National Cyber Security Centre (NCSC) and the Lloyd’s Register Foundation. Initial findings suggest:

• a key factor that drives a leadership team’s cyber risk perception is their trust in their organisation’s ability to respond to it. If you’re a fleet IT manager, that’s you and your team. And in many cases, this is likely to be overly-optimistic. Certainly, the ability to handle a cyber attack is rarely stress-tested in shipping, unlike in some other sectors.
• the current focus for the shipping sector is on compliance. While timely, this doesn’t suffice to actually address cyber risk.
• the responsibility for cyber risk still rests too heavily on IT or HSSEQ managers.

Instead, cyber risk needs to be owned and managed as a core business risk, with ultimate accountability at the leadership level. If you are the IT or HSSEQ manager shouldering that perceived responsibility, it is in your interest to get your leadership team to understand that.

What does a cyber-ready leadership team look like? The leadership team needs to more clearly understand the cyber risks the organisation faces, ensure there is sufficient budget to ensure cyber resilience and set clear roles and responsibilities to preserve business continuity. This includes knowing what their roles are during a cyber attack crisis.

This is where cyber drills offer a useful starting point.

The concept of a drill isn’t new to shipping. Safety drills have long been a requirement either by legislation or as part of a shipmanager’s safety management system (SMS).

A scenario-based cyber exercise provides an ideal means for leadership teams to engage with and to rehearse for an effective response to a potential cyber-attack. The scenarios offer a creative license to run through both common incidents and also simulate low probability, high impact situations (also known as black swan events). It is easy to write off the need to prepare for such black swan events. And yet, Covid-19 shows us how the lack of preparedness may pose an existential threat to an organisation. Indeed, other sectors have shown how ‘doomsday exercises’ have been important to them to cope with the current crisis.

Ultimately, the goal here is to build increased awareness and understanding of cyber risks in your leadership team. It prepares them for when (rather than if) a cyber attack occurs. The drill also helps you identify ways to improve your organisation’s ability to execute effective mitigation strategies.

How would they react?

What information would they need to make decisions?

Who do you need to communicate with and when?

MPA has released maritime cyber risk management for shipowners,  ship  managers,  operators,  and  masters  of  Singapore-registered ships subjected to the ISM Code, and MPA’s ROs.

This circular provides information on the requirement to incorporate maritime cyber risk management in the safety management systems (SMS) of companies operating Singapore-registered ships.

Cyber risk management refers to the process of identifying, analysing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.

Maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. The goal of maritime cyber risk management is to support safe and secure shipping, which is operationally resilient to cyber risks.

As affirmed in Resolution MSC. 428(98)1 (Annex A), an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code2, MPA will require cyber risks to be appropriately addressed in the company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after 1 January 2021.

In line with the guidance presented in MSC-FAL.1/Circ.3 (Annex B), to consider cyber risks as being appropriately addressed in SMS, the ISM company is required to demonstrate that they have appropriately incorporated the five functional elements to address maritime cyber risks, namely:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations;
Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event;
Recover: Identify measures to back-up and restore cyber systems necessaryfor shipping operations impacted by a cyber-event.

ISM companies of Singapore-registered ships are reminded to review the identified risks to its ships, personnel and the environment and to establish appropriate safeguards to ensure that maritime cyber risks are appropriately addressed in the SMS, and that the five functional elements stated in para 5have been incorporated into their risk management framework.7.

MPA has co-funded several maritime cyber security courses under Maritime Cluster Fund and Training@MaritimeSingapore. MPA is also aware that Recognised Organisations (ROs)have developed maritime cyber security training courses and relevant consultancy services to assist ISM Companies in developing and preparing their cyber risk management strategyand procedures.

Source: portnews

The COVID-19 pandemic has seen classification societies around the world adapting their services to cope with global travel restrictions, allowing inspections to be conducted remotely and for more services to be available online. For the Korean Register, increasing digitalisation and embracing new technologies has been a long-held strategy and the society quickly adapted its services to support customer’s business operations in these challenging times.

KR’s remote survey service was launched over a year ago and is well established, conducted via bi-directional communication with a vessel, by sharing photographs, video contents and digital images from the ship. It can be completed effectively and confidently anywhere in the world without requiring a surveyor’s attendance on board.

Travel restrictions as a result of COVID-19 have prevented KR from conducting some physical surveys and the need for social distancing has made it impossible to send surveyors on board ships. In these cases, KR has been granting extensions for one month or the period of a voyage to the next port, whichever is longer, in close consultation with the relevant flag administrations. In addition, KR has been using a range of remote survey techniques which have been undertaken with the authorization of the respective flag administrations.

Since the global pandemic was declared on 11 March 2020, KR has conducted a range of surveys remotely including; continuous machinery survey (CMS), 3-month extension of shaft survey, 3-month extension of boiler survey, minor damage survey, Outstanding Condition of Class (COC) or confirmation of repairs done for deficiencies or corrective actions. Overall, the number of remote surveys conducted by KR since the beginning of the pandemic has increased tenfold. KR is now working to include the inventory of hazardous materials (IHM) surveys for ships in service as well as all occasional surveys in its remote survey range.

KR has – where needed – granted force majeure extensions for vessels scheduled to dry-dock for repairs or renewal surveys in the areas acutely affected by COVID-19. In these instances, KR has liaised with the relevant flag administration to seek their agreement on the extension of the relevant statutory certificates.
The global pandemic is accelerating the pace of change in classification, with digitalization offering new opportunities and the means to adapt in this changing environment. As a result, KR is investing in technology to support the further digitalization of its classification services and has diversified its business portfolio to include third-party certification in the ASME and MED sectors and has increased its naval services to cover a wide range of technical applications ranging from patrol vessels to submarines.

Since 2014, KR has been developing its range of VR (virtual reality) based application systems. These now include a ship inspection training simulator and a ship crew safety training simulator both of which use digital 3D replicas of the relevant ships, and KR has further applications in development.

KR has been prioritizing the development and application of innovative information and ICT systems for the maritime industry for some time, such as the use of drones to conduct ship surveys, ship cyber security certification, KR’s 3D based drawing approval, e-certificates and condition-based maintenance (CBM).

Traditionally, design approval of a ship by a classification society has been a paper-based process, involving the exchange of numerous large-format drawings between the shipyard and the classification society. However, KR has developed and launched a 3D model-based (paperless) design approval system which provides a more accurate and intuitive review of ship structure.

E-certificates are already widely used as they offer a more secure way of reducing the risk of falsification. KR is authorized by many flag state administrations to issue e-certificates on their behalf, but KR expects this to increase even more moving forward.

As the shipping industry becomes more and more digitalized, so the number of cyberattacks on shipping companies and ships have increased too. An effective response and comprehensive cyber security protection measures are now essential for any maritime organization.

The classification society has provided cyber security certification services for companies and ships since 2018, and cyber security type approval services for ship networks and automated systems in compliance with IEC 62443 4-2 and IEC 61162-460 standards since 2019.

In 2021, the International Maritime Organization’s (IMO) Resolution MSC.428 (98) enters into force, which will further increase demand for company and ship cyber risk management services. As a result,

KR has established a cyber security certification process which is in line with the international security standards – ISO 27001, IEC 62443, the NIST Framework, the IMO and BIMCO cyber security guidelines.

KR’s expert cyber security team is now expanding its technology services to cover the cyber certification of newbuilds and the assessment of software conformity for ships, so its customers can respond quickly and effectively to any cyber security challenge as it arises.

Looking ahead, KR expects that, as a result of the global pandemic, there will be a significant drop in global trade which will affect cargo carried. This will lead to over-capacity in the market which will lead to an increasing number of lay-ups and scrapings – all of which will affect the work handled by KR.

But with the global population continuing to grow, it’s expected that long term growth will return. During this time, KR will continue to increase the level of digitalisation across its organisation and services and will apply new technologies to support customers businesses no matter what the challenges.

Source: By Mr Hyung-chul Lee, Chairman and CEO of Korean Register, arranged on behalf of Hellenic Shipping News Worldwide (www.hellenicshippingnews.com)

The Navy is exploring how to better protect its unmanned vessels with anti-tamper measures to prevent hacking from adversaries.

“We are looking at specifics of anti-tamper [technology] as we do for any platform, but obviously for unmanned, it’s a little bit of a different problem” because sailors won’t be on board to deal with issues that arise, said Rear Adm. Casey J. Moton, program executive officer for unmanned and small combatants.

The sea service is investing big in robotic platforms. Over the future years defense program, the Navy has allocated about $12 billion for unmanned aircraft, surface vessels and underwater systems in fiscal years 2021 through 2025, according to Bloomberg Government.

The ships could be deployed in high-risk environments without putting sailors in harm’s way.

“Although they will be under the protection of their carrier strike group, the vessels are probably at times going to have higher attrition,” Moton said during a webinar hosted by the Center for Strategic and International Studies. “That’s part of our calculus and part of the way that we’re going forward from that standpoint.”

The service is testing anti-tamper capabilities in its unnamed prototypes to address cybersecurity issues, he said.

The Navy envisions its future large unmanned surface vehicle, or LUSV, as part of the Aegis integrated control system network, which means the vehicle will still be overseen by a human who will make decisions remotely such as telling the vessel when to fire munitions, he said.

The service has taken the need to prevent tampering into account during its wargaming and other studies, Moton said. “From our standpoint, we are doing some robust things for the fact that these vessels will operate [network] capable. Certainly the cyber efforts are robust.”

Source: nationaldefensemagazine

New digitization solutions, such as big data, blockchain, automation, drones, and robotics, are enabling the maritime freight industry to introduce game-changing approaches that will significantly reduce or eliminate non-value-added activities.

Over the next five years, maritime suppliers across the value chain will increasingly adopt solutions to address security, overcapacity and accurate cost models, according to new research from ABI Research.

“Along with consolidation and pressures on profits, long-standing players must adapt and work with partners within and outside the industry, from startups to technology leaders in connectivity, AI, and more, including the competition, to align on much-needed standardization,” says Susan Beardslee, principal analyst at ABI Research. Recent examples include Wärtsilä’ s acquisition of Transas to support an intelligent maritime ecosystem and Artificial Intelligence (AI),  as well as Orange Business Service’s deal with Cargotec for smart cargo handling.

Global maritime freight transportation revenue is expected to grow from $166 billion last year to over $205 billion in 2023.

Enhanced revenues and profits will be driven by technologies best poised to disrupt the maritime shipping industry including big data and analytics, blockchain, electrification, assisted and automated operations, drones and robotics, Augmented Reality (AR), and Virtual Reality (VR).   Maritime cybersecurity, also necessary to address current and emerging threats, will have a global spend expected to rise to US$1.7 billion in 2023.

Beneficial Cargo Owners are gaining greater supply chain visibility and automation from start-ups including predictive logistics provider ClearMetal, Xenata’s crowdsourced, on-demand, real-time benchmark and market intelligence, Flexport’s digital procurement platform and Freightos’ marketplace for rate management.  Sigfox debuted a new service offering real-time geolocation tracking for containers. Industrial IOT provider ORBCOMM offers reefer management solutions as well as two-way vessel monitoring via satellite and cellular.  IBM partnered with Maersk Line on blockchain as well as with Cisco on smart connected ports.  Microsoft is partnering with OOCL on AI for maritime. Electrification is growing including efforts by Guangzhou Shipyard International Company, Port Liner, and Torqueedo.

Source: mhlnews

In response to parliamentary questions regarding the Singapore Navy’s capabilities to survey maritime traffic, in the wake of two recent incidents of ship collision (here and here) in Singapore’s territorial waters, the Minister for Defence, Dr. Ng Eng Hen provided an overview of Singapore’s approach to dealing with threats at and from the sea through an oral reply.

Dr. Ng said that Singapore adopts a Whole-of-Government (WoG) approach to ensure a comprehensive coverage of varied scenarios as well as co-ordinated responses. An overview of approach was also provided in a factsheet from the Ministry of Defence (MINDEF) released in June 2017.

Singapore Maritime Crisis Centre

The Singapore Maritime Crisis Centre (SMCC) was set up in 2011 to bring together the Republic of Singapore Navy (RSN), the Police Coast Guard (PCG), the Singapore Civil Defence Force (SCDF), the Immigration and Checkpoints Authority (ICA), the Maritime and Port Authority (MPA), and the Singapore Customs.

The SMCC maintains a comprehensive maritime situation picture, shares information between agencies and coordinates responses to deal with potential threats.

It achieved full operational capability in 2013, and serves to tighten linkages between the national maritime security agencies in the areas of (i) sense-making and threat assessment, (ii) doctrine and operations planning, (iii) conduct and monitoring of current and future operations, (iv) capability development, and (v) conduct of training and exercises. This strengthens interoperability between agencies during a maritime security contingency, allowing for a more coordinated operational response and minimising the duplication of efforts.

The SMCC comprises the National Maritime Sense-making Group (NMSG) and National Maritime Operations Group (NMOG).

The NMSG uses Artificial Intelligence (AI) and data analytics collected from multiple sources to generate unique signatures and build profiles for the close to a thousand commercial shipping vessels that pass through Singapore’s waters daily. It is able to detect deviations from these signatures, picking out anomalies and suspicious behaviour for further investigation.

The NMSG also continuously monitors indications of threat scenarios. The results of its analyses and pick-ups are shared with the relevant national agencies so that decisive actions can be taken to neutralise the identified threats. Such methods detected a possible ISIS supporter on board a tanker in 2015, and that person was barred from disembarking in Singapore.

The NMOG drives training, builds common protocols and conducts exercises to tighten operational responses between the various agencies. It has also been leading efforts to review the national maritime security response framework to close any operational gaps and build a more coordinated operational response. For example, the NMOG coordinated a layered defence plan involving all national maritime agencies to safeguard the National Day Parade, which was held at the Sports Hub in 2016.

Maritime Security Task Force

Also as part of WOG efforts, the RSN’s Maritime Security Task Force (MSTF) feeds its information to the SMCC. This information is obtained from monitoring close to a thousand ships passing through the Singapore Strait each day, through a network of sensors such as coastal surveillance radars, electro-optic devices and RSN ships on patrol. This surveillance is continuous through day and at night. MSTF comprises two groups: (i) the Comprehensive Maritime Awareness Group (CMAG); and (ii) the Operations Group.

CMAG works closely with the NMSG, national agencies, international partners and the shipping community (such as ship owners, ships charterers, agents and port operators) to share maritime information. The Operations Group comprises operations planners who undertake planning and execution of all maritime security operations. It conducts daily patrols, boarding and escort operations in the Singapore Strait and Sea Lines of Communication, to ensure maritime security and the protection of key installations and potential targets.

On a daily basis, MSTF conducts threat evaluation for every vessel calling into Singapore’s ports or transiting through the Singapore Straits. MSTF does this by deploying analytic tools to build profiles of each vessel based on attributes such as their voyage, owners, crew and cargo, as well as additional data shared by government agencies. MSTF would then decide the appropriate operational responses, which include for example, closer monitoring, escorting or even boarding the ship to mitigate the threat.

In the event of maritime incidents, the MSTF, coordinated by the SMCC, works hand-in-hand with representatives from the other national maritime agencies, to forestall and interdict any potential maritime threats. Linkages are exercised regularly in scenarios ranging from the interdiction of hijacked vessels to responses to maritime emergencies.

The MSTF’s key focus is on potential threats to Singapore, while the MPA watches over the navigation of ships in our waters. For both their purposes, the International Convention for the Safety of Life at Sea (SOLAS) mandates the use of the Automatic Identification System (AIS) to identify ships at sea.

This AIS however, does not apply to warships. For ships that are not required or have not complied with vessel identification, their presence can still be detected via our network of coastal surveillance radars and electro-optic devices.

With regard to the two recent incidents which resulted in collisions, Dr. Ng said that the sensors had detected, and identified, the vessels involved in the both collisions. In both these incidents, none of the ships were designated as potential threats to security, which was correct.

In compliance with standard protocols, they did not require close monitoring by the MSTF and by the rules of navigation under the International Regulations for Preventing Collisions at Sea (COLREGS), the master and crew of the vessels involved were responsible to guide their ships safely through. The various parties involved with the collision will now have to investigate what went wrong and what remedial actions to take if necessary. The Transport Safety Investigation Bureau (TSIB) is also conducting an investigation and have announced that they will make the findings public.

Source: opengovasia