MARITIME CYBER SECURITY Archives - Page 36 of 40 - SHIP IP LTD

THE GUIDELINES ON CYBER SECURITY ONBOARD SHIPS UP FOR REVIEW

May 20, 2020 BIMCOMARITIME CYBER SECURITY

The Guidelines were written by a broad cross section of industry stakeholders and published in their third version in December 2018. Since the publishing of the guidelines the concepts for cyber risk management have continued to develop in several areas. For example the International Maritime Organisation has fine tuned their views on the topic, IACS has developed a set of recommendations for cyber resilience on newbuildings, and shipowners are gaining experience with regards to the cyber threat and the associated practical cyber risk management techniques. All these developments have taken place against the backdrop of rapidly developing information technology where the information transmission speed is growing exponentially and the complexity of networks and the possibilities for data sharing and data cross utilization seem endless.

It is with all this in mind that the cyber working group is casting off and commences the review of the 3rd version of The Guidelines on Cyber Security Onboard Ships.

The review will take place over the coming weeks and it is expected that a new version of the guidelines will be ready for release during the autumn 2020.

Source: https://www.bimco.org/news/security/20200513-the-guidelines-on-cyber-security-onboard-ships-up-for-review

US ports and infrastructure providers come together on cyber security

May 20, 2020 MARITIME CYBER SECURITYPOST STATE CONTROLUSCG

The board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (Jaxport), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

David Cordell, cio for the Port of New Orleans, offers, “By correlating cybersecurity information across MTS critical stakeholders, the ISAC provides all of us with the early warning needed to protect our individual organizations from incidents. We see value from our participation in the MTS-ISAC that we could not obtain elsewhere.”

Christy Coffey, MTS-ISAC vp of operations, said: “Response to the MTS-ISAC has been phenomenal. Strong leadership from our board and executive team, early adopter sharing of suspicious and malicious activity targeting their organizations, and quality partnerships have led to an extraordinarily successful launch.”

The Department of Homeland Security recognises the Maritime Transportation System (MTS) as one of the seven critical subsectors within the Transportation System Sector. The American Association of Port Authorities believes the MTS is worthy of cybersecurity protection.

The MTS-ISAC serves as a centralised point of coordination between the private and public sector to share timely and actionable cyber threat information between trusted stakeholders. Information sharing and analysis efforts focus on threats to both information technology (IT) and operational technology (OT) systems that stakeholders can use to prevent and/or minimize potential cyber incidents.

The MTS-ISAC’s services assist MTS critical infrastructure stakeholders with understanding and addressing cyber risk areas that are outlined in the 2021 IMO requirements and the recently released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20, “Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities”.

Source: https://www.seatrade-maritime.com/ports-logistics/us-ports-and-infrastructure-providers-come-together-cyber-security

New LNG carrier ‘cyber secure by design’

May 20, 2020 MARITIME CYBER SECURITY

France LNG Shipping is a joint venture of NYK Line and Geogas LNG, a subsidiary of France’s Geogas Group.

Elisa Larus has an overall length of 297 m, beam of 46.4 m, with a GTT Mark III Flex cargo containment system and a WinGD X-DF dual-fuel, slow-speed engine.

Built to Bureau Veritas (BV) class, Elisa Larus is the first LNG carrier to be awarded the French classification society’s cyber security notation. The BV cyber notations provide procedures and methodologies to address design and operational requirements for cyber security in compliance with IMO 2021 requirements and the new IACS recommendation 166.

“A cyber security notation from BV provides a pragmatic approach to cyber security – reflecting industry needs and cyber security best practice,” said Bureau Veritas Marine & Offshore director of advanced services Jean-Baptiste Gillet. “And with a newbuilding we are able to help ensure ‘cyber security by design’”, added Mr Gillet. BV cyber security notations are based on BV’s rule NR-659 and are the result of co-development with marine security experts.

Elisa Laurus is the first LNG carrier with BV's cyber security notation

Elisa Laurus is the first LNG carrier with BV’s cyber security notation

BV is seeing a rapid growth in the number of ships applying for its ‘Cyber Managed’ notation.

The notation was co-developed by BV and external marine security experts as part of joint technical working groups organised by BV. It ensures compliance with the main existing cyber security standards and will enable shipowners to meet the requirements of IMO’s guidance to administrations that maritime cyber security risk should be reflected in ship security practice under the ISM Code by 1 January 2021.

Shipowners in Greece have been pioneers in applying the notation and now it is gaining traction with other shipowners and across the entire maritime ecosystem, including ship managers, charterers, insurers, and offshore operators.

BV expects that more than 100 ships will be operating under the Cyber Managed notation in 2020.

Cyber Managed focuses on ensuring cyber security is managed on board as per industry best practice for change management and traceability of IS/IT systems on board, emergency procedures and basic security protection measures.

Cyber Managed is based on a security risk assessment developed from an initial mapping of onboard systems that results in a practical set of requirements. The initial risk analysis and mapping exercise can be performed either during the newbuilding phase or at any time during the lifecycle of the vessel. As such, the notation is applicable to both new and existing ships.

Source: https://www.rivieramm.com/news-content-hub/new-lng-carrier-lsquocyber-secure-by-designrsquo-59456

Navigate Rotterdam improved thanks to data sourced from sector players

May 20, 2020 MARITIME CYBER SECURITY

The digital application Navigate enables shippers and freight forwarders to choose the most efficient and sustainable transport options for their container shipments. By adding a new route engine and utilising data sourced directly from carriers and operators, the current version of Navigate is more efficient, more complete and – as a result – more reliable.

In 2017 the Port of Rotterdam Authority launched Navigate: a digital application that provides insight into connections to, from and via Rotterdam, as well as business activity in the port. Navigate Rotterdam offers a comprehensive overview of all deep sea and short sea connections via Rotterdam and links these to rail and inland shipping connections in the hinterland. In addition, Navigate’s ‘empty depot service’ shows users where empty containers can be collected and dropped off. The application also includes an online business directory that offers details on the wide range of companies in the port area.

Based on the selected point of departure and destination, the route planner presents a number of different door-to-door options. For each route, the application outlines possible maritime connections, as well as which rail, inland shipping or road haulage options are available for transporting the shipment to its destination. Users can apply filters to quickly pinpoint which solution best suits their needs. After this, they can use Navigate to get in touch with different service providers – at the click of a button – to request a price quote, for example.

It has become very simple to directly submit data to Navigate, enhancing the quality of the presented route options even further. The heart of Navigate is formed by a new intermodal route engine for all sea, rail and inland shipping connections. Navigate currently connects 3,186 terminals worldwide and is processing over 1,435,000 schedules daily.

The Port of Rotterdam Authority is working together with a range of parties in the sector to continuously improve the quality of its digital applications. These applications are in line with the Port Authority’s ambition to develop into the world’s smartest port, by taking advantage of the opportunities presented by new technologies. This will ultimately make operations in the port of Rotterdam swifter, safer, more efficient and more sustainable.

Source: https://seawanderer.org/navigate-rotterdam-improved-thanks-to-data-sourced-from-sector-players

Bureau Veritas Awards NYK JV’s New LNGC ‘Elisa Larus’ Cyber Security Notation

May 20, 2020 MARITIME CYBER SECURITY

Bureau Veritas (BV), a world leader in testing, inspection, and certification (TIC) services is classing the recently delivered ‘Elisa Larus’.

France LNG Shipping SAS (a French ship-owning company jointly owned by NYK and Geogas LNG*) has taken delivery of the LNG carrier ‘Elisa Larus’ from Hyundai Samho Heavy Industries in South Korea. The 174,000 cbm gas carrier is classed by Bureau Veritas.

The new vessel has been awarded a Bureau Veritas cyber security notation. The BV cyber notations provide procedures and methodologies to address design and operational requirements for cyber security in compliance with IMO 2021 requirements as well as the new IACS recommendation 166.

‘This is the first such award of a cyber notation for an LNG carrier’, commented Jean-Baptiste Gillet, Director Advanced Services, Bureau Veritas Marine & Offshore.

‘A cyber security notation from BV provides a pragmatic approach to cyber security – reflecting industry needs and cyber security best practice. And with a newbuilding we are able to help ensure “cyber security by design”.’ BV cyber security notations are based on BV’s rule NR 659 and the result of co-development with marine security experts.

Source: https://www.marineinsight.com/shipping-news/bureau-veritas-awards-nyk-jvs-new-lngc-elisa-larus-cyber-security-notation/

Zionist regime failed cyber attack at Shahid Rajaee port

May 20, 2020 MARITIME CYBER SECURITY

Iran PressIran News: An official at Shahi Rejaei port said due to the vigilance and readiness of defensive Sybercecurity units at the port, attacks neutralized.

The source confirmed the cyber attacks from the zionist Regimes in past weeks and said that no interruption caused by the attacks.

Also, Mohammad Rastad, managing director of the Ports and Maritime Organization of Iran, said the terrorist attack “failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports”.

The Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz.

According to intelligence and cybersecurity officials, cited by the Washington Post, the attack was carried out by Israeli operatives. It came after the occupying regime claim that it had been the target of an attempt to penetrate the computers that operate water distribution systems in Israel.

Iran has been the target of US and Israeli cyber terrorism for a decade, including attempts to remotely sabotage the Islamic Republic’s nuclear program.

On December 15, Iran’s Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi said that Iran detected foreign spying malware on the Government servers and the related suspects are under investigation.

The systematic cyber-attack on Iranian electronic government systems was discovered and foiled by Dejfa fortress at the time.

Source: https://iranpress.com/en/iran-i147423-zionist_regime_failed_cyber_attack_at_shahid_rajaee_port

New recommendations on building cyber resilient ships

May 19, 2020 MARITIME CYBER SECURITY

IACS is pleased to announce the publication of its Recommendation on Cyber Resilience (No. 166).  This single, standalone Recommendation consolidates IACS’ previous 12 Recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a Classification society.  Part of the objective in consolidating the 12 Recommendations was to define responsibilities and harmonise and simplify the language used therein.  This Recommendation has benefited from the valuable input of a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems and covers the constructional aspects of the 12 previously published Recommendations.  It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.

IACS Chairman, Arun Sharma, said ‘The publication of this important Recommendation marks a significant milestone in IACS’ work to support the maritime industry in the delivery of cyber resilient ships.  I am pleased to note the significant cross-industry cooperation that led to its development and we look forward to maintaining that dialogue as we assess its practical implementation and effectiveness’.

This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship.  Robert Ashdown, IACS Secretary General, added ‘The network design forms the basis for a reliable and robust network. Issues such as compatibility of various devices, communication between devices, communication from various systems and sub systems, need due consideration during design phase.  This Recommendation is an important step in addressing cyber resilience from the earliest stages of a vessel’s life.

Operational aspects that were included in the superseded 12 Recommendations have been identified and grouped under a separate annexure.  Following the publication of this consolidated Recommendation the earlier 12 Recommendations have been officially deleted by IACS.

IACS will continue to work with its industry partners and look for their feedback regarding its practical implementation and effectiveness.  Based on the experience gained from the practical implementation of this Recommendation IACS will assess the suitability of using it as the basis for a Unified Requirement on Cyber Resilience.

Link for downloading Rec 166 (New Apr 2020): Recommendation on Cyber Resilience

Source: http://www.iacs.org.uk/news/iacs-launches-single-standalone-recommendation-on-cyber-resilience/

Cyber Security in Shipping during COVID-19 pandemic

May 13, 2020 MARITIME CYBER SECURITY

The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.

How has this affected the shipping industry?

The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include:

  • E-mail scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
  • Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
  • The Danish pump maker DESMI being hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.

So, what should the shipping sector do to maintain the security of their data and infrastructure?

The pandemic came at a time when shipping organisations have been investing to implement IMO’s “Guidelines on maritime cyber risk management”, in order to be better prepared against cyber security threats both on- and off-shore before 2021. Priorities have had to change in response to the COVID-19 outbreak, but the new reality with its extensive use of technology can still be seen as an opportunity for making sure that parts of the guidelines are implemented in an accelerated manner. Three key actions should be prioritised for shipping organisations to mitigate emerging risks due to the pandemic:

  1. Secure newly implemented remote working practices

Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.

Organisations should consider:

  1. Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
  2. Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
  3. Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).

 

  1. Ensure the continuity of critical security functions

With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.

Considerations in this respect include:

  1. (Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
  2. (Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
  3. Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
  4. Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.
  1. Counter opportunistic threats that may be looking to take advantage of the situation

In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:

  1. Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
  2. Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
  3. Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
  4. Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.

It is evident that the pandemic has brought new challenges for shipping organisations. Uncertainty, unprecedented situations, and rapid IT and organisational changes have shifted the nature of cyber threats, making the need for consistency in both on- and off-shore implemented protective and detective measures a ‘must’. We are yet to see how the industry will adapt to the “next day of normality”, but one thing is certain – the cyber security risk landscape has changed and the industry needs to remain vigilant and respond to the situation accordingly and with speed.

See also PwC’s article “Keeping the lights on with a response strategy plan” on what organisations in the shipping sector should do to ensure their continuity of operations.

Source: https://www.hellenicshippingnews.com/cyber-security-in-shipping-during-covid-19-pandemic/

U.S. Maritime Stakeholders Launch Cyber Threat Clearinghouse

May 13, 2020 MARITIME CYBER SECURITY

A group of American seaports and maritime stakeholders have decided to address cybersecurity threats by launching a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC).

The new organization’s objective is to promote cybersecurity information sharing throughout the maritime community. A group of leaders from seaports, shipowners and terminal operators recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.

The MTS-ISAC’s services assist infrastructure stakeholders with compliance requirements, including the 2021 IMO cyber risk management guidelines and the recently-released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20 This NVIC states that in the Coast Guard’s view, the Maritime Transportation Security Act (MTSA) obligates regulated facilities to “identify, assess, and address the vulnerabilities of their computer systems and networks” when preparing the facility security plan.

The initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

“As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways,” said Scott Dickerson, the MTS-ISAC’s Executive Director. “We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward.”

Source: https://maritime-executive.com/article/u-s-maritime-stakeholders-launch-cyber-threat-clearinghouse

Maritime Academy, TalTech’s IT faculty setting up maritime cybersecurity center

May 13, 2020 MARITIME CYBER SECURITY

The TalTech Center for Digital Forensics and Cyber Security and the Estonian Maritime Academy have received approximately 2.5 million euros from the European Union for the establishment of a center for maritime cybersecurity, informs LETA/BNS.

The objective of the five-year project is to develop the domain of cybersecurity in the maritime field and enhance the competence of TalTech through the involvement of top scientists from all over the world.

Dan Heering, one of the champions of the project at the Estonian Maritime Academy, said that maritime business has not taken cybersecurity seriously for a long time and much remains to be done in said field.

“Since there is little in terms of public information related to ‘successful’ cyberattacks and incidents related to ships, shipping companies are not taking the threat seriously too,” Heering said.

Heering said that when exploring the topic for his master’s thesis, he was surprised at most businesses’ indifference towards the problem. He attributed this to shortcomings in legislation, which does not direct shipowners to protecting themselves against cyber risks and providing training to ship crews.

From January of next year the requirement starts to apply to shipping companies that management of cyber risks must be made part of the company’s system of organization of safety at sea, the project manager said.

Lukewarm interest on the part of shippers to date may be also a result of their ignorance of the attacks committed and the damage caused by them. Also, businesses at present see reducing cyber risks rather as an expense, not an investment.

According to Heering, several incidents related to cyber attacks against ships have become public over the past decade. In 2019, a freight ship headed for New York contacted the US Coast Guard after the ship’s computer systems had suffered damage as a result of getting infected with malware and the vessel’s maneuvrability had deteriorated significantly.

Campbell Murray, expert on cyber crime, demonstrated at a conference on superyachts in 2017 that it is possible to take control of a vessel equipped with modern technology using a laptop computer in a short period of time. It took the specialist just 30 minutes to break into the vessel’s wifi network and get access to e-mails, delete or even alter them. In addition, Murray gained  access to the financial data of the yacht’s owner and took control of the vessel’s CCTV cameras, satellite communication and navigation equipment. Technically, it was possible for him to sail the superyacht out of port being not onboard the vessel himself.

Olaf Maennel, professor at the TalTech Center for Digital Forensics and Cyber Security, said that  managers of shipping companies are as yet unable to notice the dark clouds gathering over them. He said that ships are increasingly dependent on technology and the internet, as navigation maps and cargo documents need to be updated and satellite communication is used on an ever bigger scale.

“This means that the computer systems of ships are vulnerable to attack, and the damage may amount to hundreds of millions of euros for the bigger companies,” Maennel said.

The Estonian Maritime Academy of TalTech and the TalTech Department of Software Science in fall 2019 filed a joint application for the financing of the project with the Horizon 2020 ERA Chairs program, which received a positive financing decision in March this year.

Source:
http://www.baltic-course.com/

Newer Posts

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED