Loading...

(+30) 2118501121

BIMCO Archives - SHIP IP LTD

Cyber-Security.jpg

BIMCO : The Guidelines on Cyber Security Onboard Ships

Cyber threats are constantly evolving which requires a regular review of all cyber related processes on board ships to allow for successful protection against cyber attacks. We are pleased to announce that today various maritime industry organisations published a revised third version of the “Guidelines on Cyber Security onboard Ships”. The document provides guidance to shipowners and operators on how to assess their operations and develop procedures to strengthen cyber resilience on board their ships. The Guidelines will continue to be updated regularly to mirror the evolution of cyber security threats and to outline new measures to mitigate against dynamic cyber risks.

Key updates in Version 3.0 include:

  • the requirement to incorporate cyber risks in the ship’s safety management system (SMS);
  • more detailed information related to the risk assessments of operational technology (OT);
  • increased guidance for dealing with the risks in the ship’s supply chain;
  • cases studies of verified cyber incidents onboard ships to highlight and illustrate potential problems.

Version 3.0 of the Guidelines can be downloaded HERE


BIMCO.png

BIMCO aims to publish cyber security clause in spring 2019

Overview

BIMCO is developing a clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

Planning and protecting is key

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

Two important functions

The clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.


BadRabbit-e1508943326319.jpg

 

BadRabbit Ransomware !

A new cyber attack is affecting computer systems around Europe.

BadRabbit Ransomware

A strain of ransomware known as “Bad Rabbit” is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

Once a computer is infected, victims are sent to a page on the Tor browser that demands .05 Bitcoins (about $275) within around 41 hours, in exchange for the decryption of the data and access to the machine. If time expires, the ransom increases.

As always, anyone infected is discouraged from paying the ransom. For one, there’s no guarantee you’ll get the data back but importantly, refusing to pay the ransom discourages future ransomware attacks.

Although BadRabbit shows similarities to Petya, it’s still unclear who is behind the recent attack. The original Petya took down a number of government agencies and businesses earlier this year, mostly in Ukraine. Russia is a viable suspect for Petya, but all evidence tying the malware with any nation state has been circumstantial.

You can readmore about BadRabbit Ransomware :

http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/

https://www.theverge.com/2017/10/24/16539054/ransomware-badrabbit-eastern-europe-russia-ukraine

http://money.cnn.com/2017/10/24/technology/bad-rabbit-ransomware-attack/index.html

 


Cybersecurity.jpg

IMO GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

 

IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety !

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

One of the discussions that took place at the IMO Maritime Safety Committee’s 98th session (MSC 98) in June was whether the IMO’s newly approved guidelines on maritime cyber risk management should be incorporated into the International Safety Management Code (ISM), the international standard for safe ship operations.

While such a directive was not formally adopted, what was adopted was a resolution affirming that approved safety management systems (SMS) should take cyber risk management into account in accordance with the requirements of the ISM.

The resolution encouraged flag administrations to ensure that cyber risks are addressed in SMS no later than the first annual verification of the company’s document of compliance after 1 January 2021.

SHIP IP LTD – Can assist your company to ensure compliance with Cyber Security requirement  as we can offer FULL support to your company like :

  • Maritime Cyber Security Manual with only EUROS 500 ( pls click here to read more… )
  • Consultancy to complete with TMSA 3 – Element 13 Maritime Security
  • ask for more …

 

SHIP IP LTD – SHIPPING VIRTUAL SERVICES !


Please prove you are human by selecting the Heart.


2017-06-30_11h48_28.png

MARITIME CYBER SECURITY MANUAL

Following latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins and TMSA 3 – element 13 we have develop a generic MARITIME Cyber Security Manual which can be used by all Shipping Companies as a best practice .

SHIP IP LTD have develop a Maritime Cyber Security manual to provide a risk management solution for Shipping companies and their vessels against various Cyber incidents.

Cyber incidents with negative effects to companies reputation or even results to economic effects when delays to services provided by their vessels.

Needless to point that Cyber Security is now part of TMSA 3 – Element 13 and all companies operating Tankers should immediate consider to develop or include to their existing Safety Management system, procedures , contingencies plans ( offices and vessels), define hazards,threats and risks when it comes to Cyber incidents.

Our Manual in word format with following content for sure with small changes will fit to your companies setup and will cover all regulations and international requirements :

Definitions

Understanding the cyber threat
Assessing the risk
Determination of vulnerability
Risk assessment ( Bridge equipment,Comms,Propulsion,Cargo Systems,Welfare Systems etc.)
Reducing the risk
Technical cyber security controls
Procedural controls
Defence in depth

CYBER SECURITY POLICY
OFFICE & VESSEL contingency plans

Investigate cyber incidents ( forms and procedures )
Response plan
Recovery
Investigate cyber incidents

 

ALSO we will provide you FREE of charge in word format a travel
policy as required by TMSA 3 Stage :
3.1 A travel policy is in place to minimize security threats to personnel.

 

In case you like more details or even you would like to order our manual,please submit contact form below and we will get in touch with you soon.

 

 


Please prove you are human by selecting the Heart.

 

 


2016-02-01_13h26_10.png

MARITIME CYBER SECURITY

As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web.
This brings the greater risk of unauthorized access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems on board, for example by introducing malware via removable media.
Relevant personnel should have training in identifying the typical modus operand of cyber attacks.
The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organizations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies develop resilient approaches to cyber security onboard ships.
Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations. The Guidelines provide a risk-based approach to identifying and responding to cyber threats.

 

Guidelines_on_cyber_security_onboard_ships_version_1-0

MARITIME CYBER SECURITY

The threat of cyber space is building up rapidly with the potential of posing even bigger risks, also for the crews. The maritime industry seems to be rather unaware and unprepared!