TMSA 3 Archives - Page 6 of 6 - SHIP IP LTD

OCIMF Tanker Management and Self-Assessment 3 – Are you ready?

March 27, 2018 MARITIME CYBER SECURITYTMSA 3

OCIMF published the third edition of its Tanker Management and Self-Assessment guide (TMSA3) in April 2017. As of 1 January 2018, this will replace the TMSA2 and tanker owners will be required to follow the new self-assessment procedure. 

So are there any major changes? 

Well actually, yes. The latest TMSA version introduces an entirely new element – Maritime Security (element 13). The new element aims “to establish and maintain policies and procedures in order to respond to and mitigate identified security threats covering all company activities including cyber security.”

In complying with the aim, security plans should be put in place, which also address cyber security risks, and should cover shored-based locations, vessels and personnel. 

Are there any tools available to help tanker members comply with the Maritime Security element?

Yes, resources are available and the best thing is they are free!

IET Standards in conjunction with the Department for Transport have created a comprehensive code of practice for cyber security onboard ships. This code follows on from previous work the Department for Transport has done on port cyber security.

Additionally, an industry working group (which included OCIMF) have created Guidelines on Cyber Security onboard Ships. 

What other changes are there?

Elements 6, 6A and 10 have all had revisions, with element 10 now incorporating the OCIMF Energy Efficiency and Fuel Management paper that had previously been a supplement to TMSA2. Additionally TMSA3 also has 19 more KPIs than TMSA2 showing the focus on continuous improvement.

SOURCE : UK P&I CLUB

ARTICLE AUTHOR

Amanda Hastings

Maritime External  Cyber Security Audit AS PER TMSA 3 REQUIREMENT

February 18, 2018 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime External  Cyber Security Audit

[wp_cart_button name=”MCSM-CYBER SECURITY MANUAL” price=”1500″] [show_wp_shopping_cart]

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

SHIP IP LTD via our Network of local engineers can attend your vessels and complete an External  Cyber Security Audit that includes and not limited to :

  •  Policies and Procedures
  • Cyber security risk management
  • Training and awareness
  • Physical security and access control
  • Network security
  • Vulnerability scan of your onboard network

Why you should ask for an External Cyber Security Audit ? 

Answer is straight forward and that because both TMSA and RightShip have already include it as a requirement to their latest revisions which you can read below 

Where are our specialist located ?

Singapore and Greece.

We can cover ASIA and EUROPE via our engineers.

How much it costs ?

That it depends the port and country we visit but for example in Singapore can be as low as USD 1500 all included !

Time Required to complete the Audit ?

Under normal circumstances our Singapore Team will complete the Audit same day . Boarding Team consists of our Captain Thum and our Local IT Engineer .

We have post below relevant Requirements : 

TMSA 3 – ELEMENT 13

STAGE 2

2.4 The company actively promotes cyber security awareness.

Effective means are used to encourage responsible behaviour by shore-based personnel, vessel personnel and third parties.

Such behaviour may include:

• Locking of unattended work stations.
• Safeguarding of passwords.
• No use of unauthorised software.
• Responsible use of social media.
• Control/prevention of misuse of portable storage and memory sticks.

 

STAGE 4

4.2 Independent specialist support is used to mitigate identified security threats.

Any contracts for specialist support both onboard and ashore, are supported by a comprehensive scope of work.

 

4.5 The company is involved in the testing and implementation of innovative security technology and systems.

This may include:

• Physical measures to improve security.
• Software enhancements to IT systems.

RIGHTSHIP

Inspection and Assessment Report For Dry Cargo Ships

4.7 Cybersecurity
4.7.1 Does the vessel and/or company have documented software/firmware and
hardware maintenance procedures ………………………………………………………….?
4.7.1.1 Are service reports available ………………………………………………………..?
4.7.2 Does the vessel and/or company have any cyber security procedures…………..?
4.7.2.1 Has a Risk Assessment for Cyber attack been completed. ……………….?
4.7.2.2 Is a Cyber attack Response Plan available …………………………………….?
4.7.3 Does the vessel and/or company provide any cyber security training ………..

 

| T: ( +30) 211 850 1121
| e: sales@shipip.com
| w: http://localhost/shipip
| Skype : anyawb1

SINCE 2013

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry

November 1, 2017 CONSULTANCYCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

Maritime Cyber Security – Five key cyber questions and challenges facing the maritime industry!

To wrap up this year’s National Cybersecurity Awareness Month series, Lt. Cmdr. Brandon Link with the Office of Port & Facility Compliance poses five key questions maritime professionals can consider when deciding how to manage risks to cyber systems.

 

Cyber systems are prevalent in our daily lives. We face an ever-increasing amount of cyber influence in how we live, work, and operate. The Marine Transportation System (MTS) uses cyber systems in all aspects of operations. With the convenience and improved performance offered by technology come continually-evolving questions and challenges. Cyber threats are real and pose considerable risks requiring attention and action at all organizational levels.

Below are five key cyber questions and challenges facing the maritime industry and how you can begin assessing and reducing risk:

1. How much should I invest in cybersecurity and cyber risk management? The answer varies from organization to organization. Cybersecurity should be viewed as an investment, not a cost. You are in the best position to evaluate your company’s cyber footprint to determine where risks are highest. The National Institute of Standards and Technology (NIST) Cybersecurity Framework and Coast Guard/NIST Cybersecurity Profiles are a few resources available. The Coast Guard continues to work on further guidance to assist in cyber risk management efforts, including the upcoming Navigation and Vessel Inspection Circular (NVIC) 05-17, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act Regulated Facilities.

2. We have a closed system with an air gap between our network and outside influences. Am I still at risk? Does the system have access control/authentication procedures to prohibit unknown or unauthorized access? Can an equipment vendor access that system remotely, even for seemingly harmless activities such as program updates? Can the system be accessed in person, connecting via laptop or other equipment, introducing an avenue for malicious access? To answer these questions, it is important to know and understand the landscape of, and access to your cyber systems.

3. What are the greatest threats to my cyber systems? A direct cyber attack can come from a malicious actor, either internal or external. Cyber threats can also arise from accidental corruption, like an employee unknowingly connecting a corrupted device (smart phone, “thumb” drive) to a USB port. Risks can increase due to improper system configurations or failure to stay current on software updates. Having policies in place to account for these issues, and ensuring employee awareness, can greatly reduce risks.

4. I think our organization is the victim of a cyber attack or incident. Who can I notify? The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center serving as the national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement. A cyber incident that does not impact physical security or include a pollution event can be reported to the NCCIC at 1-888-282-0870, who will then forward the report to the National Response Center (NRC), meeting the reporting requirements in 33 CFR 101.305, if made aware that you are calling as a Coast Guard-regulated facility. Reports of suspicious activity or a breach of security, and incidents affecting physical security or including a pollution event should be reported to the NRC at 1-800-424-8802.

5. We need to address cyber risks in our organization, where do we begin? There is no single solution that will work the same for every company, but there are steps that will help get you on the path toward an improved cyber posture:

  • Increase cybersecurity training and awareness at all levels of your organization.
  • Understand and educate the workforce on the difference between Information Technology (IT), the storing, retrieving, transmitting, and manipulating of data, and Operational Technology (OT), the hardware and software that detects or causes changes in processes through monitoring or control of physical devices (the “Internet of Things”).
  • Establish positions, teams, or workgroups that are cyber threat-focused. Integrate your IT workforce’s corporate knowledge of systems with the OT workforce and others who possess expertise in your company’s operations.
  • Conduct an assessment to see where cyber threats exist, and identify ways to mitigate those risks. Incorporate cyber risk management into existing policies and procedures, including the Facility Security Plan. Conduct exercises that test your organization’s cyber threat resilience.
  • Identify your local Area Maritime Security Committee, particularly those with a dedicated cybersecurity subcommittee, or other opportunities that allows for the sharing of knowledge and experience. What affects your organization could affect others, so information sharing is crucial to combating threats.

 

Managing cyber risks will continue to be an ongoing effort requiring time and attention. The most significant threats and highest priorities may not remain the same from month-to-month or even week-to-week, so staying informed could mean the difference between a strong cyber posture or becoming victim to a cyber incident or breach.

Source :

10/30/2017: Nat’l Cybersecurity Awareness Month – Five key cyber questions and challenges facing the maritime industry

Maritime Cyber Security Manual in Compliance with BIMCO – USCG

July 1, 2017 BIMCOCYBER SECURITYMARITIME CYBER SECURITYTMSA 3

MARITIME CYBER SECURITY MANUAL – EURO 399 Only !

Following the latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins, and TMSA 3 – Element 13, we have developed a generic MARITIME Cyber Security Manual that can be used by all shipping companies as a best practice.

SHIP IP LTD has developed a Maritime Cyber Security Manual to provide a risk management solution for shipping companies and their vessels against various cyber incidents.

Cyber incidents can have negative effects on a company’s reputation or even lead to economic consequences when delays occur in the services provided by their vessels.

It is needless to point out that Cyber Security is now part of TMSA 3 – Element 13, and all companies operating tankers should immediately consider developing or including this in their existing Safety Management System, procedures, contingency plans (for both offices and vessels), and defining hazards, threats, and risks related to cyber incidents.

Our manual, available in Word format, contains the following content.

With minor adjustments, it will fit your company’s setup and cover all regulations and international requirements:

  • Definitions
  • Understanding the cyber threat
  • Assessing the risk
  • Determining vulnerability
  • Risk assessment (Bridge equipment, Comms, Propulsion, Cargo Systems, Welfare Systems, etc.)
  • Reducing the risk
  • Technical cyber security controls
  • Procedural controls
  • Defence in depth
  • Cyber Security Policy
  • Office & Vessel contingency plans
  • Investigating cyber incidents (forms and procedures)
  • Response plan
  • Recovery plan

Additionally, we will provide you free of charge in Word format a travel policy as required.as required by TMSA 3 Stage :
3.1 A travel policy is in place to minimize security threats to personnel.

 

In case you like more details or even you would like to order our manual, please submit contact form below and we will get in touch with you soon.

    Please prove you are human by selecting the tree.

    You can now purchase our manual and pay via Paypal or any major credit card, please click button below to redirect to the relevant page, as soon as you complete payment we will send you secure link to download it :

     

     

     

    TMSA 3 – ELEMENT 13 MARITIME SECURITY

    June 27, 2017 TMSA 3

    TMSA 3 – ELEMENT 13 MARITIME SECURITY !

     

    The third edition of the Tanker Management and Self Assessment – A Best Practice Guide (TMSA 3) is available from Monday 10th of April introducing, among other things A New element: Element 13 – Maritime Security.

    TMSA 3 – ELEMENT 13 MARITIME SECURITY- Stages :

    STAGE 1

    1.1 Documented security plans are in place.

    1.2 The company has documented procedures in place to identify security threats applicable to vessels trading areas and shore-based locations.

    1.3 Measures have been developed to mitigate and respond to all identified threats to vessels and shore-based locations.

    1.4 Procedures are in place to obtain, manage and review current security related information.

    1.5 Procedures include the reporting of potential security threats and actual security incidents.

    STAGE 2

    2.1 Formal risk assessments of company activities are undertaken to identify and mitigate potential security threats.

    2.2 The personnel responsible for security receive training appropriate to their role and the company’s activities.

    2.3 Policy and procedures include cyber security and provide appropriate guidance and mitigation measures.

    2.4 The company actively promotes cyber security awareness.

    Effective means are used to encourage responsible behaviour by shore-based personnel, vessel personnel and third parties.

    Such behaviour may include:

    • Locking of unattended work stations.
    • Safeguarding of passwords.
    • No use of unauthorised software.
    • Responsible use of social media.
    • Control/prevention of misuse of portable storage and memory sticks.

    STAGE 3

    3.1 A travel policy is in place to minimise security threats to personnel.

    The policy is based on risk assessment and includes vessel personnel, shore-based personnel and contractors travelling on company business.

    3.2 Security procedures are updated taking into account current guidance.

    3.3 The security policy and related procedures are included in the internal audit programme.

    The audit assesses compliance with all aspects of company security procedures, including personal awareness and behaviour.

    STAGE 4

    4.1 Assessments are undertaken of the company’s security measures and preparedness.

    The assessments may be conducted by in-house personnel or by external resources.

    4.2 Independent specialist support is used to mitigate identified security threats.

    Any contracts for specialist support both onboard and ashore, are supported by a comprehensive scope of work.
    4.3 Vessels are provided with enhanced security and monitoring equipment.

    4.4 Security enhancements are considered for inclusion in refit specifications and new-build design.

    4.5 The company is involved in the testing and implementation of innovative security technology and systems.

    This may include:

    • Physical measures to improve security.
    • Software enhancements to IT systems.

     

    SHIP IP LTD can assist you to complete Element 13 – please ask our Team for more details ! 

     

    Newer Posts

    News

    Quick Menu

    Company DETAILS

    SHIP IP LTD
    VAT:BG 202572176
    Rakovski STR.145
    Sofia,
    Bulgaria
    Phone ( +359) 24929284
    E-mail: sales(at)shipip.com

    ISO 9001:2015 CERTIFIED