MARITIME CYBER SECURITY Archives - Page 4 of 40

Following a recent uptick in orders, Kongsberg Maritime’s Sensor and Robotics division has announced that it has secured over NOK 450M in contracts for HUGIN AUV in Q2 2022.
The order income consists of a healthy mix of recurring business with existing customers and new customers that will utilize the HUGIN platform in their operations.
The use of AUVs is a vital piece in the technology puzzle that must be solved to enable sustainable oceans. The vehicles can operate autonomously over a long period of time and collect environmental data, performing multiple survey operations for multiple applications in a cost-effective way compared with conventional surveys.

Since the first dive of the iconic HUGIN autonomous underwater vehicle (AUV) prototype on 7 March 1993, Kongsberg Maritime has been spearheading the development of the sector, and with the latest release of HUGIN Edge, Kongsberg Maritime offers complementary AUV solutions for the rising AUV Market.

“These latest contracts are a true acknowledgement of a team effort over many years, and it shows that Kongsberg Maritime offers the right technology and solutions for the growing AUV market. We see that customers put AUVs into operation in many applications, and we believe that Autonomous Underwater Vehicles will be used in even more applications in the future,” says SVP Stene Førsund, Kongsberg Maritime.

HUGIN AUVs can be optimized for a range of subsea industries

The HUGIN range of autonomous underwater vehicles is characterised by great manoeuvrability and high accuracy of stabilisation. Hydrodynamic shape, accurate instruments and excellent battery capacity means these AUVs can be optimised for a variety of industries from oil & gas and renewables to defence and research.

“Our expansion to a wider portfolio of HUGIN AUV models has been well received by the market. In addition to the underlying and increasing demand for marine robots we are now also addressing new applications and by this increasing the addressable market with our wider portfolio. Our robotic solutions are more sustainable, safe and cost effective than traditional methods within the ocean space domain”, says SVP Marine Robotics, Thomas Nygaard, Kongsberg Maritime.

Over time, the range of HUGIN AUVs has evolved to go deeper, longer and carry a larger payload of sensitive data-collecting sensors which has made HUGIN the most successful commercial off-the-shelf autonomous underwater vehicle ever made.
Source: Kongsberg Maritime

New technology and increasing automation and digitalization are combining to streamline the efficiency of the maritime industry. But along with the increasing number of integrated vessels featuring multiple interconnected systems comes the threat of remote attacks that can potentially gain access to or impact critical on-board control systems. Optimal cyber security needs to be in place to ensure vessels remain in operation and to safeguard the safety of crew, passengers, assets and the environment.

It is critical to implement optimal preventative measures against cyber attacks
“Shipping is the backbone of global trade and the potential disruption that attacks could cause, not to mention the danger to life and property, is a clear temptation for cyber criminals and state-sponsored hackers. It is imperative to protect both corporate infrastructure and individual ships amid increasingly high vessel connectivity. Most people are aware of the risks, the focus is now on implementing optimal preventative measures,” says Jarle Coll Blomhoff, Group Leader Cyber Safety & Security, Control & Bridge Systems – Ship Classification Maritime at DNV.

While corporate IT systems are considered “mature” with a lot of attack surfaces, attacks are still most likely to have a financial impact on a company rather than directly on vessel operations (low consequence). However, operational technology (OT) on board a ship or offshore mobile asset is increasingly connected to shore-based IT systems, providing a potential “back door” for attackers. “Cyber security must protect this low-maturity, high-consequence digital infrastructure so that a ship can stay safe and moving despite being attacked. You can’t risk losing the main engines or any other system considered essential and important under SOLAS rules,” says Blomhoff.

New IACS unified requirements focus on cyber risks of on-board systems
While regulations like the IMO cyber resolution from 2021 require owners, operators and managers to consider overall cyber risks, at the systems level there are no concrete requirements. However, this is now changing, as the International Association of Classification Societies (IACS) just published new unified requirements (URs) that will oblige both yards as system integrators and system vendors to build cyber security barriers into their systems and vessels.

“The URs will apply to everything computer-based on board such as main-engine control systems, steering, cooling systems, fire detection, communications systems including public address systems, and navigation systems – basically anything that is integral to making the ship move, navigate and operate safely,” says Blomhoff.

His team is also working on autonomous shipping, where class qualification of autonomous pilot tools such as object detection will also be very important. “Any kind of decision-support system that provides critical navigation advice to the captain and contributes directly to steering the vessel will also be subject to the URs in future,” he said.

The URs will apply to all newbuilds contracted after 1 January 2024 and will also serve as non-mandatory guidance for existing ships as well as new vessels contracted before that date.

DNV is ready to apply IACS-compliant Cyber secure rules to newbuilds
The URs are minimum prescriptive requirements agreed by all IACS members. Any class society appointed to oversee a newbuild naturally deals with the shipowner and the yard, but from that date they will also need to check that all vendor systems meet the requirements. How individual class societies implement the URs can vary, but for DNV-classed vessels DNV is ready now to apply its existing IACS-compliant Cyber secure rules to existing vessels and current newbuilds, as well as work closely with system suppliers to support a smooth transition in 2024.

“With more than 100 vessels contracted so far for voluntary approval, as well as a larger range of automation and navigation system suppliers type-approving their systems with DNV, we believe DNV and the industry is on a good path,” says Blomhoff. DNV class rules and the IACS URs use the IEC 62443 standards that address OT cyber security in a holistic way, including both technical and process-related aspects.

New URs ensure holistic cyber security of on-board equipment
Firstly, UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response and recovery.

Secondly, UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment plus additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development of new devices before their implementation onboard.

System delivery across different industries
DNV believes that one strength of the new URs is that they are built on concrete requirements and based on internationally recognised IEC62443 standards for control-system cyber security. This will greatly support suppliers that deliver their control systems across different industries. It is also positive that the two URs are complementary. UR E27 lets suppliers focus on developing cyber-security barriers through, for example, a type approval of their system, so that yards and owners will have a range of pre-approved systems to choose from when implementing the requirements of UR E26 into their vessel designs and operation.

To ensure compliance with the coming IACS unified requirements (URs) E26 and E27 and protect critical control systems, yards and system vendors should take action now.

Steps vendors should take in view of the time pressure
The fact that yards and vendors will have to verify critical systems to meet the requirements represents a big change for the industry given that control systems have a long lifespan and development processes are time consuming. Especially smaller vendors are likely to face resource challenges meeting the requirements within the tight timeframe.

“There are less than two years left and vendors and yards will need this period to assess and verify that their control systems are compliant. We encourage all vendors to, firstly, go through their portfolios and systematically assess which products/systems can they make cyber secure enough to still be in use after 1st January 2024. This pertains especially to vendors offering digital services in the cloud to prevent leakage of, for example, key environmental data,” says Blomhoff.

Vendors should then make a detailed analysis what needs to be done, execute those actions followed by testing and getting type approval. To keep systems safe, they will need to look at attack surfaces, log-in security barriers and configuration protection. They will also need to protect USB removeable device interfaces and network interfaces, especially links to shore, as well as implement consistent patching so software is continually up to date. “They should also ensure that back-up and recovery procedures are in place to return the system to a safe state. If a system goes down you should be able to recover it sufficiently to continue critical operation and ensure key technical functionality,” says Blomhoff.

How can DNV help?
DNV can help in two main ways, by type approval for equipment and systems, either separately or as part of its Cyber secure notation for a new ship, as well as providing advisory services from its independent DNV Accelerator unit. DNV’s Accelerator can help vendors examine all the above challenges on their journey towards type approval. Our experts support customers with support system risk assessment/improvements, penetration testing and training in a third-party witnessing role, as well as system documentation if desired.

Even before the new IACS URs come into force, DNV is already conducting type approval of various automation and control systems with major suppliers on a voluntary basis. For example, DNV has already type-approved key systems from ABB, Kongsberg and Wärtsilä, and is working on the same for several other control and navigation systems.

Type-approved systems reduce risks and documentation work of newbuild projects
“We are fortunate to be the preferred class partner major suppliers choose to work with on type approvals. They value us as a discussion partner based on our experience and expertise. We take the process very seriously as it reflects our brand value. In addition, when vendors choose to get a system type-approved by us it will reduce risks and uncertainties of newbuild projects, as well as reduce the documentation that each vendor needs to provide for each vessel. Detailed cyber security documentation is something that a supplier would like to limit distribution of, hence a type-approval certificate plays more than one role,” says Blomhoff.

He concludes by encouraging all yards and vendors who are in doubt over what the upcoming IACS URs will mean for them, and what do to, to reach out. “Whatever challenges you are facing, I am 100% certain we will be able to support you,” he said.
Source: DNV, https://www.dnv.com/expert-story/maritime-impact/Yards-and-vendors-must-act-promptly-to-comply-with-upcoming-IACS-cyber-security-requirements.html?utm_campaign=Ind_404_Cyber%20sec%20IACS%20reqs&utm_medium=email&utm_source=Eloqua

NEW YORK, May 13, 2022 (GLOBE NEWSWIRE) — Guardforce AI Co., Limited (“Guardforce AI” or the “Company”) (GFAI, Financial)(GFAIW, Financial), an integrated security solutions provider, announced today that Handshake Networking Limited (“Handshake”), a subsidiary of the Company, has developed an automated marine scanning service designed to address key security vulnerabilities in the maritime transportation industry. The Company also announced it has launched this new service with one of the world’s leading operators of global container vessels based in Hong Kong.

Handshake Networking is a premier information security service provider, with a track record of providing network security solutions, including penetration testing, to multinational corporations since 2004. Assessing vulnerabilities and cyber-attacks on vessels at sea is complex, as these vessels move unpredictably between network providers. However, the new service, provided by the Company under a Software-as-a-Service (SaaS) model, addresses these vulnerabilities by allowing marine vessel operators to schedule security scans, adapting to unpredictable changes in the network and speeding up response time to a ship, even in the middle of the ocean. Once a scan is completed, the vessel operator receives a report showing any exposed services and vulnerabilities. This scanning platform provides global coverage and is hosted within the Company’s cloud environment.

Based on recent shipping fleet statistics from UK Department for Transport, at the end of 2021, there were an estimated 63,000 trading vessels in service around the world. Each of these ships contains complex computer systems for managing the engines, fuel and navigation, as well as e-mail, software updates, and access to cloud applications. Connection to global networks via satellite and cellular data is critical; however, this multiple network connectivity makes ships vulnerable to cyber-attack.

Terence Yap, Chairman of Guardforce AI, stated, “We are pleased to announce the launch of our automated marine scanning platform with one of the premier operators of global container vessels. Prior to our selection, our new automated marine scanning service was heavily evaluated by this customer, providing strong validation of the robustness of this cyber intelligence offering and application within the maritime transportation industry. With rapid digitalization of the industry, more and more global shipping companies have come to realize the economic impact of cybercrimes and the need for efficient solutions to help prevent these risks. Cybersecurity solutions are more urgent than ever as International Maritime Organization regulation requires that all vessels and ships worldwide include cyber risk management in their safety management systems in accordance with the International Safety Management (ISM) code. Cybersecurity attacks represent an unprecedented threat to the shipping industry, as well as to the global community, and we anticipate that the demand for our solutions will continue to grow.”

Richard Stagg, Managing Director of Handshake, stated, “International logistics is a prime target for cyber-attack and threats directed at vessels can affect crew, cargo and even ports – as well as the smooth functioning of the ships’ operations. Through our SasS offering, we can provide our customers with a truly cost-effective solution that encourages frequent security checks. With more than 17 years of experience as a provider of information security services, Handshake is well positioned to efficiently assess information security even on container vessels, despite the technical constraints. We look forward to accelerating the commercial rollout of our marine scanning service, which we believe will play an invaluable role in defending corporations and critical infrastructure worldwide.”

Source: https://www.gurufocus.com/news/1820121/guardforce-announces-its-subsidiary-handshake-networking-has-launched-a-new-cybersecurity-marine-scanning-service-with-a-leading-operator-of-global-container-vessels

Recognizing that cyber incidents on vessels can have a direct and detrimental impact on life, property, and the environment, IACS has steadily increased its focus on the reliability and functional effectiveness of onboard, safety-critical, computer-based systems.

IACS identified at an early stage that, for ships to be resilient against cyber incidents, all parts of the industry needed to be actively involved, and so convened a Joint Working Group (JWG) on Cyber Systems which helped identify best practices, appropriate existing standards in risk and cyber security, and a practical risk-based approach.

Building on this extensive collaboration, and utilizing the experience gained from its existing Recommendations, as well as developments at IMO including, in particular, IMO Resolution MSC.428(98) applicable to in-service vessels since the January 1, 2021, IACS has adopted two new IACS Unified Requirements (URs) on the cyber resilience of ships:

UR E26, Cyber resilience of ships, aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the ship’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery.

UR E27, Cyber resilience of on-board systems and equipment, aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment and provides additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development requirements for new devices before their implementation onboard ships.

These URs will be applied to new ships contracted for construction on and after January 1, 2024 although the information contained therein may be applied in the interim as non-mandatory guidance.

Source: https://allaboutshipping.co.uk/2022/07/12/american-club-member-alert-july-12-2022-re-iacs-adopts-new-requirements-on-cyber-security/

A revolution is now happening in maritime domain awareness that will have a profound impact on maritime security in the Indo-Pacific. The Quad’s Indo-Pacific Partnership for Maritime Domain Awareness, announced at the leaders’ summit in Tokyo in May, will combine new satellite-based technologies with existing systems to help identify illicit maritime actors. This and similar initiatives will be provide a significant boost to the ability of many Indo-Pacific countries, especially small island states, to govern their waters.

Maritime domain awareness involves gaining situational awareness of the maritime environment, especially through an understanding of the position and intention of actors in a given maritime space. It is fundamental to understanding what’s out there, what it’s doing and what should be done about it.

But achieving maritime domain awareness involves overcoming major challenges in combining data from multiple sources into a single common operating picture that can be analysed and acted on.

Over the past couple of decades, technological advances have allowed data from multiples sources such as coastal radars, ships, aircraft and satellites to be pooled and analysed on a single platform, in close to real time. This often involves sophisticated and expensive sensors and computing technology, making it accessible only to large or wealthy countries. The necessary resources and technologies are often out of reach for many countries, effectively leaving much of our oceans as ungoverned spaces for illicit or other bad actors.

Recent years have also brought a proliferation of regional information fusion centres that pool data and analysis at a regional level. This can make considerable sense for many countries, but it can also come with its own sensitivities, including for smaller countries that aspire to exercise sovereignty over their own maritime jurisdictions.

Regional maritime law enforcement agencies can also directly access several web-based information platforms. The SeaVision system, for example, provided by the US Department of Transport, is used in more than 100 countries.

All of these system rely heavily on automatic identification systems, or AISs, which are transmitters required to be installed on most commercial vessels. That’s good for keeping track of legitimate or ‘white’ shipping, but is less useful in identifying vessels engaged in illicit activities. Illegal fishers, drug smugglers and other bad actors can go ‘dark’ by switching off or hacking their AIS systems so they can’t be tracked.

This big gap in maritime governance is being plugged. Under the Quad’s initiative, an enhanced version of the SeaVision platform will be offered to Indo-Pacific partners, allowing them to identify and track dark shipping. This includes radio frequency data from the commercial Hawkeye 360 satellite system that picks up electronic emissions (such as radar, radio and satellite phone signals) from vessels under its path. The SeaVision system compares that data with AIS data to identify vessels that have switched off or spoofed their AIS systems. Dark shipping can then be targeted for further investigation using other data sources.

Other satellite-based data is being progressively added to SeaVision to help identify the types and activities of dark vessels. This includes electro-optical imagery or synthetic aperture radar data, which can be used to build a 3-D picture of targeted vessels—helping authorities identify, say, a drug smuggling dhow or a mothership. Data from the Visible Infrared Imaging Radiometer Suite, a scanning radar that detects reflected light, can help identify illegal fishers, which commonly use bright lights to attract fish at night.

Some data, particularly from commercial sources, is expensive, but prices will likely fall as providers and users proliferate. Time lags in the acquisition and dissemination of satellite-based data (which may be 12 hours or more) will also likely be reduced to give end users a closer to real-time picture.

The US Coast Guard is offering an enhanced SeaVision product to five Southeast Asian partners in the first phase of the Quad initiative, although the cost of commercially sourced satellite data currently constrains the broader rollout of the system.

Competing platforms are offered across the Indo-Pacific by other players, including the EU’s IORIS system, the UK’s SOLARTA system and the not-for-profit Skylight system. These tools can provide specific options or features. For example, the IORIS system allows users to share data bilaterally with others rather than through a common platform. The Skylight system focuses on using artificial intelligence to analyse vessel behaviour such as ‘dark rendezvous events’.

Together, these enhanced web-based systems will be a game changer for many Indo-Pacific island states and others that struggle to police huge maritime jurisdictions with few resources. Giving them direct access to satellite-based data with AI analysis effectively democratises maritime domain awareness for many users, reducing their information reliance on large countries or regional fusion centres.

While information is a fundamental requirement in the maritime domain, national enforcement agencies will also require the ability to take action against illicit actors, whether by interdicting them at sea or by conducting close surveillance that allows vessels to be specifically identified for others to interdict, prosecute or make their activities public.

The Quad initiative, once fully rolled out, will be a major tangible demonstration of the value of the Quad in providing public goods for the Indo-Pacific—in stark contrast to China’s lack of interest in helping others to police their waters.

But information by itself is not enough. It must be complemented with cost-effective capabilities such as vessels and drones that allow smaller Indo-Pacific states to take action against illicit or nefarious actors in the maritime domain. This should include expanding Australia’s successful Pacific maritime security program to additional users and platforms.

Source: https://www.aspistrategist.org.au/new-satellite-based-technologies-a-game-changer-for-indo-pacific-maritime-security/

Despite rumors to the contrary, the United States is not interested in disengaging from the Middle East. The Indo-Pacific is the new focal point of U.S. foreign policy, but the Middle East remains essential for U.S. interests. However, current patterns of interaction between the United States and its Middle Eastern partners are tied to routines that were hardened during the Global War on Terror. While these routines have proven difficult to escape and a source of political divergence at times, the reality today is that U.S. priorities are more disparate globally—and U.S. presence in the region should not remain locked within previous formulas.

The perception of a U.S. withdrawal from the Middle East is partially due to the absence of refined U.S. priorities in the region. Among the myriad of elements defining U.S. engagement in the Middle East, U.S. naval presence in the Gulf remains essential not only for U.S. interests but also the interests of its regional partners. However, the Red and Arabian Seas are becoming more challenging security environments, and the larger Indian Ocean region provides the logic for why these waters should become the focus of U.S. maritime operations and security cooperation in the broader Middle East and North Africa (MENA) region.

From the Hormuz to the Bab-al-Mandeb

Middle Eastern waters feature two of the world’s critical maritime chokepoints: the Strait of Hormuz and the Bab-al-Mandeb. One-third of the world’s oil and other resources are transported through the Strait of Hormuz and continue on through the Bab-al-Mandeb if bound for Europe or beyond. Security of both chokepoints is critical for global commerce, of which the U.S. is a key provider. Yet, among U.S. policymakers, the Strait of Hormuz has taken priority. As a result, much of U.S. naval presence and forward basing is focused there.

U.S. presence in the Gulf developed primarily for economic reasons. A reliance on the Middle East’s natural resources for domestic consumption encouraged the United States to ensure regional stability to the greatest extent possible. This led to closer relationships with Qatar, Saudi Arabia, the UAE, and other Gulf States, in addition to strong ties with other regional powers, such as Egypt and Israel. The asymmetric elements of Iran’s foreign policy, intent on spreading its influence and destabilizing the larger region, reinforced the need for U.S. presence in the Gulf.

Today, different variables are present. U.S. reliance on the region’s natural resources is diminished, regional partners have enjoyed decades of security assistance and technical training assistance in shaping their militaries, and, most importantly, the security challenges in the Red and Arabian Seas are expanding. The increased number and sophistication of non-state illicit actors in the waters surrounding the Bab al-Mandeb, and the increased involvement of prominent competitors in the region, means that the United States should no longer prioritize the Gulf above other regional concerns.

To be clear, Gulf security remains a priority of U.S. foreign policy, and the continuation of lines of communication out of the Strait of Hormuz still matter a great deal. However, the concentration of U.S. naval attention should shift further southwest to the Red and Arabian Seas. The Bab-al-Mandeb in particular requires greater attention as the connecting waterway between these two seas.

A Focus on the Bab-al-Mandeb Region

Due to the sheer scale of our oceans and maritime spaces, and the rules, norms, and international laws that govern the activities of both commercial and military vessels, there is no actor with enough influence, power, or vision to provide maritime security alone. Maritime security is a cooperative endeavor, premised on the legacy of responding to another vessel in distress when at sea. The more actors with eyes glancing toward the horizon and sharing what they see with each other, the more likely that threats can be recognized and confronted.

An increasing number of competitors are operating in the Bab-al-Mandeb region. China’s economic interests in Africa, which have exploded in scale and depth over the past fifteen years, precipitated the deployment of People’s Liberation Army Navy (PLAN) vessels to the Arabian Sea. For 14 years, PLAN vessels have protected Chinese-flagged vessels sailing through the Indian Ocean, gaining operational familiarity with the region’s waters and bypassing existing international cooperative efforts. The completion of China’s first overseas base, a dual-use facility located in Djibouti, signals China’s interests in these waters.

In addition to China, Russia, despite its warmongering in Ukraine, is intent on maintaining, if not increasing, its naval presence in the Red Sea. Moscow does not have the naval depth to match U.S. or even Chinese presence, but it still desires the capacity to reach these waters if for no other reason than to serve as a spoiler for efforts deemed divergent from Moscow’s interests. Smaller regional powers are also keenly invested in deepening their familiarity with, and deploying their own forces to, the Red and Arabian Seas. These regional players include obvious actors, such as Saudi Arabia and Egypt, but also the UAE, Iran, and Turkey.

Piracy ushered in a period where regional waters facilitated the expansion of transnational crime. The Bab-al-Mandeb is now increasingly congested, and bad actors sail amidst the crowd routinely. The Red and Arabian Seas feature some of the most complex smuggling and illicit operations in the world. Instability on both shores of the Red Sea has enabled these operators. From illicitly-traded legal commodities to narcotics, arms, and human beings, these waters shroud substantial criminality. When illegal fishing and violent extremist organizations are added to this criminal patchwork, the scale of the problem becomes enormous.

The above points highlight why U.S. Naval Forces Central Command (NAVCENT) should direct greater attention towards the Red and Arabian Seas, as should regionally-stationed U.S. Coast Guard assets. The trends point to these waters becoming far more critical in the years to come. U.S. Fifth Fleet has immense local knowledge, learned in partnership with regional navies and coast guards, which it can bring to the forefront. The U.S. Navy’s technical expertise and hands-on experience building naval partnerships can assist littoral states in building the connective tissue necessary to respond to everything from hostile state actors to criminal cartels.

A focus away from the Gulf itself would inflict political hurdles, but diplomatic outreach would assist in leaping them. NAVCENT would have to further coordinate with United States Naval Forces Europe-Africa, but that would prove advantageous in the long run despite any initial bureaucratic friction. The U.S. Navy would also have to redefine operational routines away from a traditional/non-traditional binary, as the set of challenges in these waters do not conform to such thinking. In doing so, the United States would start a new chapter of engagement and security cooperation in the region.

Conclusion

The perception that the United States is moving away from the Middle East is false, but part of the reason for this perception is that U.S. engagement in the region has not yet visibly evolved beyond the Global War on Terror and its emphasis on Gulf security. The United States should refine its priorities in the broader MENA region, diversifying its maritime operations and security cooperation beyond the Gulf to the Red and Arabian Seas. While NAVCENT is already enhancing its presence in these waters, more remains to be done. The waters near the Bab-al-Mandeb in particular feature some of the most complex maritime challenges, and the U.S. Navy must face them head on.

Jeffrey Payne is an Assistant Professor at the Near East South Asia (NESA) Center for Strategic Studies in Washington, DC. The views expressed in this article are his alone and do not represent the official policy or position of the NESA Center, the U.S. Department of Defense, or the U.S. Government.

Source: https://cimsec.org/beyond-the-gulf-u-s-maritime-security-operations-in-the-mena-region/

KOCHI: The sixth Deputy National Adviser level meeting of the Colombo Security Conclave held in Kochi resolved to join hands to ensure maritime safety and security and to fight terrorism, radicalization, trafficking and organized crime. In the opening session, the delegates called for greater cooperation among the member countries.

Representatives of India, Maldives, Mauritius, and Sri Lanka and observer countries Bangladesh and Seychelles attended the conclave. The delegation from Bangladesh, who arrived in Kochi, could not attend the conclave due to medical reasons.

In his opening remarks, Deputy National Security Advisor of India Vikram Misri said the efforts to tackle narcotics trafficking and organized crime and mitigation of ill effects of pollution were concrete examples of the cooperation among law enforcement agencies of member countries. “Cyber security and cyber technology will play an important role in our efforts to manage threats and build cooperation in an ever challenging environment,” he said.

Seeking India’s help to ensure the safe repatriation of displaced Myanmar nationals to their country of origin, Defence Advisor at the Bangladesh High Commission in New Delhi, Mohammed Abdul Kalam Azad, said India should play an effective role in addressing the issue. “Thousands of displaced Myanmar nationals are facing an uncertain future and they are getting attracted to extremism, radicalism and drugs,” he said.

Sri Lanka’s Chief of Defence Staff General Shavendra Silva suggested that joint working groups should be formed to collect and disseminate intelligence to tackle various threats including terrorism and radicalisation. Pointing out that trafficking and organised crimes have been a major security threat, he said the conclave is an ideal platform for cooperation in tackling the trafficking of drugs and terrorism.

Stressing on the need for collaboration and coordination to address issues of common concern and outlook, Maldives foreign secretary Ahmed Latheef said the country’s economy is heavily dependent on maritime security and Maldives has remained vulnerable to threats of trafficking, organised crime and terrorism, which emanate through the maritime domain.

“Protection of coastal community, marine environment and resources have been out priority. The security dimensions are large and complex. We have to share information, knowledge and skills to improve maritime security,” he said.

There should be a coordinated effort to tackle common security threats, said representative of Mauritius Yoidhisteer Thecka.

“The member countries should cooperate to tackle the threats involving cyber security, terrorism, radicalisation and drug trafficking. Illegal, unreported and unregulated fishing and damages to environment are other challenges. Mauritius is eager to participate in joint security initiatives,” said Thecka, who is the Principal Coordinator of Security Matters at the Mauritius Prime Minister’s Office

Chief of Staff of Defence Forces of Seychelles Colonel Simon Archange Dine sought collaboration to protect the marine resources.

Source: https://www.newindianexpress.com/cities/kochi/2022/jul/07/colombo-security-conclave-agrees-to-fight-maritime-threats-jointly-2474005.html

The International Electrotechnical Commission (IEC) has published a new standard to regulate the exchange of data and maritime information in a secure way.

IEC 63173-2 SECOM is a new standard developed with Voyage Information Service within Sea Traffic Management (STM). The new interface works for transfer of S-100 products and can also be used for other formats.

Development started in 2019 and the final version was published on 30 May.

READ: Single window for ship data exchange to become mandatory under FAL treaty amendments.

“Route exchange in the STM Validation project was the starting point. However, in the standardisation work the scope was expanded from voyage plans and navigational warnings to include exchange of all S-100 based products”, said Björn Andreasson STM Testbed Manager.

“SECOM is an exchange layer that guarantees that different services and software exchange data the same way,” added Hannu Peiponen Chair of the Maritime Navigation and Radiocommunication Equipment and Systems Committee at IEC.

“For manufacturers of maritime systems this eliminates the need to support several different service interfaces for different services and products. If a service or product works with one actor using it, it will work with all.

“This will make it easier to provide valuable end-user services to the maritime community to increase safety and efficiency while at the same time opens a possibility to reduce the environmental footprint”.

SECOM aims to be a key reference point for interoperability of the same magnitude as standard data formats and common authentication methods.

Source: https://www.porttechnology.org/news/iec-publishes-new-standard-for-maritime-data-security/

PUBLISHED JUL 6, 2022 5:18 PM BY THE MARITIME EXECUTIVE

The National Maritime Law Enforcement Academy (NMLEA) has selected HudsonCyber’s innovative cyber risk management program, PortLogixTM, to drive organizational cybersecurity resilience in its recently launched port digitalization and accreditation initiative. Unique in the maritime industry, PortLogix enables cybersecurity self-assessment, program management, dynamic investment and resource planning, real-time trend analysis, and long-term benchmarking.

Launched in early 2021, PortLogix has since served a wide range of port authorities, terminal operators, and port community systems around the world. Part of its success lies in the fact that PortLogix integrates the cybersecurity best practices and standards published by NIST, ISO and ENISA and seamlessly harmonizes them with national and IMO regulatory requirements. Significantly, PortLogix’s maturity-model approach and vendor-agnostic recommendations have also been embraced by many leading global insurance brokerages and underwriters to support the evolving cybersecurity insurance market in the global maritime industry.

As the maritime industry rapidly digitalizes, the physical and cyber threat landscapes are increasingly overlapping. To address the growing threat to the maritime sector, the NMLEA has launched its Maritime Security Accreditation and Digitization Program (“MARSEC ADaPt”) to establish a baseline pre-requisite standard that will enhance and drive maritime security readiness and resiliency. The program will integrate asset digitalization capabilities with maritime security vulnerability assessments, training, exercises, and cybersecurity.

As part of its MARSEC ADaPt implementation, the Tampa Port Authority d/b/a Port Tampa Bay successfully completed its PortLogix implementation this past May. After engaging and committing to the cybersecurity assessment process, Ken Washington, Chief Information Officer and Mark Dubina, Vice President of Security at Port Tampa Bay, expressed their enthusiasm and strong support for the PortLogix evaluation and assessment process.

NMLEA founded MARSEC ADaPt on the core capabilities of two key organizations: ARES Security and HudsonCyber. ARES Security drives the accreditation initiative by digitizing critical maritime infrastructure, known as Digital Twins, and offering digital data to optimize security risk management, vulnerability analysis, and security training functions. HudsonCyber drives cybersecurity resilience through its award-winning platform, port-tailored platform PortLogix.

“Ports will benefit through a reduction in annual costs associated with ongoing Maritime Transportation Security Act (MTSA) regulatory compliance,” said NMLEA Executive Director Mark DuPont. “Through the NMLEA MARSEC ADaPt Program, ports will be able to implement a nationally-recognized baseline standard for maritime security – a standard that has not previously been established.”

“Advancements in maritime digitalization are accelerating and have broad security implementations for today’s ports and port terminal operators. It makes data security a top concern for port executives,” added Max Bobys, vice president of HudsonCyber. “Through in-depth multi-stakeholder engagement, we’re able to not only assess a port’s overall cybersecurity capabilities, we’re also able to drive cross-functional cybersecurity awareness and from there facilitate consensus-driven buy-in regarding prioritization and resource allocation decision-making. And that ultimately drives organization wide cultural change, improved accountability, and board level engagement.”

Source: https://www.maritime-executive.com/index.php/corporate/hudsoncyber-portlogix-selected-as-cybersecurity-core-of-marsec-program

ITLink OS Updates represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet

Marlink has added another solution to its ITLink portfolio. ITLink OS Updates is the latest tool to enable maritime customers to stay safe and compliant through remotely managed updates of the IT operating systems (OS), thus enhancing cybersecurity.

ITLink OS Updates is simple to implement and represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet. It provides first line protection against cyber threats, improved performance of PCs and servers, by ensuring operating systems have the latest updates and security patches and reports status to a shoreside dashboard.

As digitalisation impacts more areas of fleet operations, managers need to ensure to receive relevant OS data reliably in close to real-time to remain fully compliant. IMO regulations now require new standards of cyber awareness and process onboard ship and third party vetting systems for tanker owners specify much stricter standards.

Out of date operating systems can cause serious issues with performance and user experience and are highly vulnerable to cyberattacks. Previously, crews had to wait for CDs or risk higher data consumption for over-the-air updates but ITLink OS Updates is fully optimised for satellite connectivity, saving around 80 per cent of the data typically consumed when rolling out OS updates to a fleet.

ITLink OS Updates enables significant efficiency gains for shipping companies, allowing crew and fleet managers to focus on their daily tasks and operations onboard rather than implement monthly OS updates. Marlink’s expert ITLink team works closely with maritime customers to identify solutions that best suit their IT resources and business needs. This includes fast, automated updates across all PCs to keep the ship up to date with tasks completed in as little as one day with full shoreside support.

“Achieving the kind of efficiency gains and compliance reporting required for safer, smarter vessel operations means the full embrace of IT enablement by ship and shore on equal terms,” said Nicolas Furgé, president, digital, Marlink. “Owners and ship managers who want to take digitalisation to the next level can use ITLink to secure their remote operations, reduce vessel visits, save costs and let their crew focus on key tasks; it’s a complete solution for smarter shipping.”

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7945-marlink-adds-remote-update-function-to-itlink-portfolio

Newer Posts

Older Posts

MARITIME CYBER SECURITY Archives - Page 4 of 40 - SHIP IP LTD

Kongsberg Maritime secures several major contracts for HUGIN AUVs

Yards and vendors must act promptly to comply with upcoming IACS cyber security requirements

Guardforce Announces its Subsidiary, Handshake Networking, has Launched a New Cyber-Security Marine Scanning Service with a Leading Operator of Global Container Vessels

American Club member Alert (July 12, 2022) re IACS adopts new requirements on Cyber Security

New satellite-based technologies a game changer for Indo-Pacific maritime security

BEYOND THE GULF: U.S. MARITIME SECURITY OPERATIONS IN THE MENA REGION

Colombo security conclave agrees to fight maritime threats jointly

IEC publishes new standard for maritime data security

HudsonCyber PortLogix Selected as Cybersecurity Core of MARSEC Program

Marlink adds remote update function to ITLink portfolio

News

New EU rules aiming to decarbonise the maritime sector take effect

Reporting of Lost Containers to Be Mandatory From 2026

Analysis of the human factors leading to bridge deficiencies in the context of the Paris mou for bulk carriers

Quick Menu

Company DETAILS

ISO 9001:2015 CERTIFIED