Loading...

(+30) 2118501121

MARITIME CYBER SECURITY Archives - SHIP IP LTD

cyber-1654709-696x392.jpg

Three cornerstones for effective Maritime cyber security

Maritime’s fragmented approach to digitalisation carries risk, especially when it comes to cyber security.

Speaking recently at Lloyd’s Register Asia Shipowners’ Forum, Wallem Group chief executive Frank Coles highlighted how operators can fail to update critical processes when embracing new onboard technologies. By overlooking the human elements of cyber security, he said, operators can undermine the potential benefits of acquiring a new technology – introducing risk instead capitalising on the rewards it can offer.

While cyber security risks posed to the shipping sector are real and pressing, they can be quantified and managed, if the right approach is taken.

Safeguarding critical assets in a fragmented digitalisation process and ensuring profitability in the years to come depends on three cornerstones:

Cornerstone 1: threat-intelligence assessment 

Maritime cyber security .

The cyber security landscape is rapidly changing and the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances made by security professionals and technical defenders. Regular threat intelligence and assessment activities allow an owner to view their organisation through the eyes of a potential attacker, to perceive their attack surface in detail, and to assess the real-world threats to their business.

Cornerstone 2: Crisis-management cyber attack simulation

With knowledge of the attack surface and adversaries already in hand, owners can take steps to safely, effectively and efficiently ensure they are prepared to respond to a cyber attack by using a simulated cyber attack known as a ‘red team’ exercise. Such exercises allow a company to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor. They also help determine the level of assurance and ability needed to effectively detect and respond to a genuine cyber attack and educate defence teams about effective responses within a controlled and forgiving environment.

Cornerstone 3: Define a cyber security strategy

An effective cyber security strategy completes the foundation of a secure technological and organisational infrastructure. Designing a cyber security strategy is a complex task for most firms as the strategy must be robust and responsive enough to address a dynamic operational environment. Security professionals can work to create a cyber security strategy to create operational efficiencies, maximum return on technology investments, and assured data and asset protection into the future.

Given the cost and reputational risks associated with a cyber attack – estimated at £11.7M (US$15.4M) per company according to a World Economic Forum 2017 study – there is no doubting the importance of taking a strategic approach to cyber security.

Ultimately, a truly cyber resilient shipping organisation is one that gains intelligence on evolving cyber threats to inform decisions and plans, going beyond the minimums needed to achieve compliance.

SOURCE https://www.marinemec.com


cybersecurity-1200x675.jpg

Korean Register (KR) has granted its first cyber security type-approval certificate to a new smart shipping integrated communication system.

The cyber security type-approval certificate has been awarded to Hyundai Electrics for its Hyundai Integrated Smart Communication System (Hyundai-ISCS), aimed at providing comprehensive cyber security protection for next-generation vessels.

KR’s cyber security type-approval is based on international standards such as IEC 62443 4-2 and IEC 61162-460. Under the certification, technical, security and audit functions are inspected and assessed for confidentiality, integrity and availability, while backup and recovery functions are also inspected and analysed to assess their response strength in the wake of a cyber incident.

 

KR executive vice president Hyung-chul Lee said “This is the very first cyber security type-approval certificate to be issued anywhere in the world, but it reflects the speed of development in this sector and rising level of risk to on board systems from cyber attack.”

Hyundai-ISCS was developed jointly by Hyundai Electric and Hyundai Heavy Industries. It provides a range of information on vessels and acts as an interface between more than 20 types of equipment including safety systems and sensors, combining to enhance a vessel’s smart abilities.

The certificate was formally presented to Hyundai by KR in a ceremony at Nor-Shipping 2019 in Oslo, Norway, on 5 June.

It was also announced on 5 June that Hyundai Global Service (HGS) and Inmarsat have signed a business co-operation agreement aimed at facilitating digitalisation for owners and managers of vessels. The agreement will enable co-operation including using Inmarsat’s Fleex Xpress dedicated bandwidth services to support HGS’ digital services for shipowners.

The agreement was announced following trials on three vessels over a three-month period, testing sensor-driven applications measuring voyage and equipment operating data including fuel consumption and vibration monitoring, plus HGS analytics and reporting services.

 

SOURCE


GettyImages-701167058.jpg

CMA CGM and MSC to Join Maersk’s Maritime Blockchain Platform

CMA CGM and MSC Mediterranean Shipping Company (MSC) have announced they will join TradeLens, a blockchain-enabled digital shipping platform, jointly developed by A.P. Moller – Maersk and IBM.

TradeLens enables participants to connect, share information and collaborate across the shipping supply chain. The attributes of blockchain technology are ideally suited to large networks of disparate partners, says Maersk. Blockchain establishes a shared, immutable record of all the transactions that take place within a network and enables permissioned parties access to trusted data in real time.

The platform now has over 100 participants. The addition of CMA CGM and MSC will result in data for nearly half of the world’s ocean container cargo being available on TradeLens. The companies will promote TradeLens and create complementary services on top of the platform for their customers and partners.

TradeLens is already processing over 10 million discrete shipping events and thousands of documents each week for shippers, carriers, freight forwarders, customs officials, port authorities, inland transportation providers and others.

CMA CGM and MSC will operate a blockchain node, participate in consensus to validate transactions, host data, and assume the critical role of acting as Trust Anchors, or validators, for the network. The companies will be on the TradeLens Advisory Board which will include members across the supply chain to advise on standards for neutrality and openness.

“Digitization is a cornerstone of the CMA CGM Group’s strategy to provide an end-to-end offer tailored to our customers’ needs. We believe that TradeLens, with its commitment to open standards and open governance, is a key platform to help usher in this digital transformation,” said Rajesh Krishnamurthy, Executive Vice President, IT & Transformations, CMA CGM Group. “TradeLens’ network is already showing that participants from across the supply chain ecosystem can derive significant value.”

The TradeLens platform has enormous potential to spur the industry to digitize the supply chain and build collaboration around common standards, said André Simha, Chief Digital & Information Officer, MSC. “We think that the TradeLens Advisory Board, as well as standards bodies such as the Digital Container Shipping Association, will help accelerate that effort.”


2017-06-30_11h48_28-1.png

Maritime cyber risk management: boiling the ocean or storm in a tea cup?

 

Is the shipping industry’s most valuable commodity also its biggest risk?

As one of the world’s oldest industries, the shipping industry has capitalised on its capability to move assets around the world for thousands of years. Whether for trade, military or tourism, there are more than 50,000 ships world-wide that currently navigate our waters and facilitate both thriving economies and promote nation state security.

Know your risks and implement security measures

Our recent maritime report has explored the cyber security challenges that the maritime industry is facing now and will likely face in the future. With the increasing trend of attackers turning their attention to ships and shipping operations, more needs to be done to identify cyber risks at sea and mitigate them – a method to begin this process is to perform a risk assessment. Traditionally, a business might perform a risk-assessment periodically, say on a yearly basis, to identify what security risks need addressing, and follow this with implementing the right measures to protect against these risks occurring.

But what happens when your risk profile is constantly changing? All variables such as a ship’s cargo, employees and geography can change drastically within 24 hours as a ship makes its journey across the world and participates in trading. The main inputs to assessing risk are therefore constantly changing, significantly more than your standard business who needs to implement cyber security measures – so how is it feasible to have confidence that ships are implementing the right security in such a unique situation?

What are the key changing risk factors?

We have identified the main factors impacting cyber security that are associated with the constant movement of trade ships as follows:

  • Route: A ship relies on multiple navigation technologies to get it safely from point A to point B without damaging it, its cargo or risking life onboard. But what if malware could ever so slightly change measurements over time, à la Stuxnet. This would have little impact in the Pacific; but in the Panama Strait it would be catastrophic and the perfect attack for criminals to launch in order to then loot a ship.
  • Cargo: A ship will be carrying multiple cargos of different market value during its route and over time. These cargos may also have different value to different territories and groups.  Cargo systems can be compromised providing intelligence to criminals who can subsequently target specific cargo ships and resell on the black market. For example, pharmaceuticals would be an attractive target due their high value on the black market.
  • Piracy: There are certain areas of the world which may be at higher risk of attack from piracy, such as the seas that border Eastern Africa. Not only could the cargo training systems be tracked to identify when ships are carrying precious cargo like gold; we understand that pirates could also manipulate systems and spoof the position of ships in distress. This would result in a longer period of time for them to carry out their physical attacks.
  • Ports and business operations: Shipping staff may engage with multiple ports and succumb to various operational processes each time, notably payment and administration regarding docking. Threat groups have been known to track ships and spoof emails to shipping companies to request payment for their upcoming or previous docking. This has resulted in ships losing money as they have been unable to distinguish what is the legitimate process for these payments – made harder when a ship uses many ports over a short period of time.

READ FULL ARTICLE


Cybersecurity.jpg

As the maritime sector is being targeted by highly motivated cyber criminals, the shipping industry should be on the highest alert for a cyber attack, Itai Sela, CEO of cyber security specialist Naval Dome, said. 

Speaking today at the Singapore Maritime Technology Conference (SMTC) 2019, organized by the Maritime and Port Authority of Singapore (MPA), Sela warned:

“Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

Sela’s warning follows widespread concern that the maritime industry remains vulnerable and is not doing enough to protect itself.

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”.

As stressed by Naval Dome CEO, the industry is not prepared for cyber attacks. Taking into account that shipping is a USD 4 trillion global industry transporting 80% of the world’s energy, commodities and goods, any activity that disrupts global trade would have far-reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat,” Sela commented.

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack.

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, recalling an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

 

As explained, the easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office.

“All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime. However, Naval Dome believes the best solution is based on technology that removes the human element altogether.

In his presentation to the Singapore maritime community, Sela suggested that a ship can be used as a very effective weapon to “create chaos and destruction” at the port.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level.”

Sela also said that a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether it’s infected or cyber clean.

“I strongly recommend that all port authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he concluded.

 

SOURCE


cyber-1654709-696x392.jpg

Maritime blockchain solutions have the potential to greatly improve efficiencies in shipping and bring this industry into the 21st century


Shipping is the engine of the global economy, making up some 90% of world trade. That’s not easy to express in monetary terms, although experts estimate it at over $10 trillion a year. Maritime blockchain could transform this industry and bring multiple benefits to importers, exporters, transporters, ship owners, and even governments.

Blockchain at sea: How technology is transforming the maritime industry !

Blockchain technology has the potential to revolutionise the maritime industry and bring it into the 21st century. This complex ecosystem could greatly benefit from a robust digital platform to exchange data in real time.  

In fact, the industry has been testing maritime blockchain applications since 2017. Some of the most important shipping companies, such as Maersk, Hyundai Merchant Marine, and Maritime Silk Road Platform, have teamed up with tech giants to create blockchain shipping systems to streamline maritime logistics.

Maritime blockchain speeds up document flows

One of the main benefits of introducing blockchain to the maritime industry is cutting down bureaucracy. For international shipments, companies and customs officials are forced to fill out over 20 different types of documents (most of them paper-based) to move goods from exporter to importer.

Most of these documents fail to provide real-time visibility and data quality, which often causes setbacks in financial settlements. These types of delays and inefficiencies are hard to accept in a data-driven, digital world.

An international consortium of shipping companies and European customs has tested a blockchain solution that eliminates printed shipping documents from the process. Not only did blockchain speed up operations, but this pilot proved how organisations in the maritime industry can save hundreds of millions of dollars annually.

Blockchain not only makes cargo checks faster, it also minimises the risk of penalties for customs compliance that are levied on customers.

The maritime industry can also benefit from predictive analytics

Big data is having a huge impact on the industry, thanks to its potential to optimise operations, improve cybersecurity, and increase the overall efficiency of the supply chain.  

However, data alone can’t change the way the maritime industry works. Companies, ports, and governments need to analyse the information to reap real benefits from the findings. This industry generates about 100-120 million data points every day. It was impossible for existing technologies to gather and analyse this amount of data efficiently.

Blockchain can help by placing the crucial data in one place and creating a unique platform for solution providers, ports, and agents that operate along the supply chain.

By tracking cargo in real time using blockchain technology, shipping companies and ports can plan land procedures ahead of time, speeding up terminal works and cutting down costs. They can also use data to make educated predictions that enhance their operations and increase efficiency.

Maritime blockchain increases trading safety and transparency

The maritime industry includes multiple parties. Most of these communicate through lengthy paper chains, making it impossible to track shipments currently. This, combined with high transaction volumes, leads to little or no transparency in most processes.

Blockchains can secure the integrity of any record, reducing the risk of damaged or missing shipments. By replacing the old paper system, all parties involved have access to information, making it easier to plan operations efficiently and save on costs.

The information stored in the blockchains is impossible to delete or edit without leaving traces, so this transparency also increases security.

It reduces data entry errors and can improve fraud detection. Maersk’s collaboration with IBM, for example, also stipulates the development of means to streamline customs and security inspections, as well as tracking shipping containers for commercial purposes.

Maritime blockchain and cost efficiency

The blockchain-based Bill of Lading created by Maersk and IBM showed in early tests that administrative costs could be reduced by as much as 15% of the value of shipped goods, thanks to tracking shipping containers and eliminating paper documents.

It may seem like a small percentage, but that could create savings of $1.5 trillion globally.

Besides costs related to documentation, companies can also significantly reduce expenses caused by data entry errors, procedural delays, and discrepancies.

Blockchain technology is transforming the maritime industry

The maritime industry is still struggling with high costs and a high level of pollution. Blockchain technology can help with both issues, by cutting down administrative costs and providing environment-friendly solutions. All while protecting the industry against cybercrime and piracy, and ensuring a fairer deal for all parties involved.

SOURCE READ FULL ARTICLE


ships-are-vulnerable-to-cyber-attacks-due-to-maritime-platform-flaw-1.jpg

Maritime Cyber attack !

Australian ferry and defense shipbuilder Austal reported Thursday that it has been hit by a cyberattack. An unknown offender managed to steal internal data, including some staff contact information and unspecified data affecting a “small number of stakeholders.” The firm emphasized that its ship design drawings for vendors and customers are neither sensitive nor classified, without specifying whether any drawings may have been taken.

Austal said that the attacker attempted to engage in extortion using the stolen information and tried to sell it online. In line with its company policy, Austal did not respond to extortion offers, the firm said.

The firm, which builds the U.S. Navy’s Independence-class Littoral Combat Ship and the Expeditionary Fast Transport, said that there were no indications that the data breach had national security implications. “Austal’s business in the United States is unaffected by this issue as the computer systems are not linked,” the company said.

The Australian Cyber Security Centre and the Australian Federal Police are investigating the attack, and the Australian Department of Defence is providing technical assistance. “This incident reinforces the serious nature of the cyber security threat faced by defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences,” said the Department of Defence in a statement. Austal holds the contract to build and maintain two patrol boat classes for Australian military and government operators.

Austal said that the attack had no effect on its day-to-day operations, and that its data systems have been secured and brought fully back online.

Source – Read full article


GIDITALBRIDGE.jpg

Digitalisation on the bridge, Digitalisation is throwing up daily challenges to the shipping industry’s established order with faster connectivity and enhanced functionality driving the transparency of information flow across almost every area of the business.

Shipping is embracing this effect – and cautiously welcoming the disrupters too – and speed of adoption is quickening. What is still developing is how to apply this digital thinking to a traditional business-to-business market where the speed of technology adoption needs to fit market cycles.

What the advocates of smart shipping have recognised is that product-oriented organisations cannot adhere to 20th century business models of research-develop-build-sell-repeat and expect to thrive in the longer term.

A sustainable digital business is one that focuses on the customer first and invites a new conversation about their needs and how products and services fit around that. This can be a challenging process for organisations which have happily relied on selling hardware for decades, even if their origins lie in the invention and popularisation of such equipment.

It is doubly true when the area of operation is not purely commercial or concerned with fuel savings or schedule keeping, but the regulated safety space on the bridge. The requirement for type-approved, standards-based systems for navigation safety are a far cry from an app-based efficiency gain or drone-based spare parts delivery.

For a company that has navigation systems in its DNA, it has become a natural extension for us to think about what digitalisation can do for customers; more and more of them are working to improve connectivity on the bridge and from bridge to shore.

The data on demand model is quickly being replaced by real-time monitoring of ship systems and customers are already exploring the benefits of a richer data stream that can enhance safety and efficiency of ship operations.

There are several elements to this strategy, the first will centre around gathering data to analyse system performance and better plan servicing and maintenance of the bridge system.

Digital updates for the electronic chart display are already happening but there is a need to improve the procedure for getting the data into the front of bridge navigation system. Rather than relying on memory sticks for transfer, there should be an independently hosted back of bridge system with a secure connection to the front of bridge.

We will also employ the same secure data stream to deploy software updates and patches directly into the bridge system when the vessel is alongside and on voyage.

 

Finally, we can use the data to improve visibility from shore, such as for a port authority or vessel operations centre and so support mariners on most economic routeing, berth approach or manoeuvring operations.

This will act as an accelerator for autonomous vessel technology, but it needs to be managed in a way that increases safety and efficiency. We think that customers, rather than vendors, should decide how and at what speed the process evolves.

This new era requires that the supplier changes too; building a new skills base with people experienced in connectivity and data, so that the outcome is an improvement and not a further complication to an already complex business.

We are also aware that with greater connectivity and more data transfer comes an increased security risk, which must be managed.

Our approach is to build a cyber infrastructure which is capable of maintaining more than just an ‘air gap’ between the ship’s network and the front of bridge navigation system. This Sperry Marine Secure Maritime Gateway will go into live testing by Q4 2018 and promises to provide a robust component of a layered cyber security strategy.

This approach to digitalisation could be viewed as small steps in the right direction but it is critical that the strategy actually provides tangible results, not innovations in search of a business model. By building a platform that can be used to deliver services as well as systems we will be able to make giant leaps too.

It also reflects the fact that our service engineers are present on the bridge; we see how customers use our products and hear first-hand about the improvements and enhancements they want to see.

That gives us a unique perspective on how to create new services that meet these changing needs. For a company that has long been the go-to for radar, ECDIS, gyrocompass or autopilot – but which would always leave the operations to the shipowner – this is a completely new approach.

History and heritage are not enough to protect anyone from the challenge of digitalisation, but change need not be a threat to survival. Instead, it enables much closer dialogue on how we can support customer operations and deliver real digital value, rather than create disruption for its own sake.

ARTICLE SOURCE : by Jan Thordan Hansen, director, Sperry Marine


HAZOPS-1030x666.jpg

OCIMF is pleased to announce the release of the seventh edition of the SIRE Vessel Inspection Questionnaire (VIQ7).

This edition has undergone an extensive revision process which has brought the VIQ up-to-date with respect to changes in legislation and best practices. The SIRE Focus Group, which has led the work on the revision of this document, has examined the questions to determine whether these continue to remain relevant and has reduced the overall set of questions by up to 90 questions.

The section on Structural Condition in the existing VIQ6 (Chapter 7) has been reduced and merged with Chapter 2. A new chapter (Chapter 7) has been developed to cover Maritime Security which has 21 new questions covering Policies and Procedures, Equipment and Cyber Security.

The section on Mooring (Chapter 9) has been significantly reviewed to incorporate the revisions and best practices that will be introduced in the Mooring Equipment Guidelines, Fourth Edition (MEG4). Operators will be encouraged to align their procedures and equipment with the guidance provided in MEG4 as soon as possible.

The existing chapter on Communications (Chapter 10) has been reduced and merged with Chapter 4, which is now a section on Navigation and Communications.

A set of 10 questions on LNG Bunkering has been added to the section on Engine and Safety Compartments (Chapter 10). These questions have been developed in conjunction with advice and guidance from SIGTTO and SGMF.

The following templates within the seventh edition of the SIRE Vessel Inspection Questionnaires (VIQ7) are now available to integrators upon the OCIMF Staging environment and will be released to the Production environment on the 17September 2018.

  • Template 4401 – VIQ7 (Petroleum)
  • Template 4402 – VIQ7 (Chemical)
  • Template 4403 – VIQ7 (LPG)
  • Template 4404 – VIQ7 (LNG)

 


autonomous-.jpg

maritime cyber security Kongsberg Maritime director of autonomy Peter Due explains why e-navigation and technology developed for the Yara Birkeland project will enable a future of autonomous shipping

ECDIS and e-navigation will be essential for generations of future autonomous ships. Although the first unmanned ships will be remotely controlled and operating in coastal waters, in the long term there will be ocean-going autonomous ships, with e-navigation technology monitoring their progress onshore.

IMO placed ocean-going autonomous vessels firmly on the global agenda during the Maritime Safety Committee (MSC) 99 session in May this year, by implementing a working group to conduct a regulatory scoping exercise for using MASS (Maritime Autonomous Surface Ships)*.

Kongsberg Maritime will be part of that working group and will deliver technology to the world’s first all-electric, zero emissions and autonomous container vessel, Yara Birkeland. This ship is scheduled to transport fertiliser products along a 30 nautical mile route to the ports of Brevik and Larvik next year and by 2020 is likely to be unmanned.

Kongsberg Maritime director of autonomy Peter Due said new navigation and collision avoidance systems that centre on e-navigation technology were needed for this project, as Yara Birkeland will operate on a busy waterway.

Kongsberg drew on its experience in autonomous underwater vehicles, dynamic positioning, ECDIS and sensor fusion as a foundation for autonomous navigation. But Mr Due explained to Marine Electronics & Communications that more development was required. “Harmonising with artificial intelligence, machine learning and digital twin technology enables the extreme level of safety required,” he said.

Mr Due said Yara Birkeland’s operations will be planned, pretested and optimised in the cloud using the Kognifai digital platform and its digital twin that Kongsberg generated. This includes navigation in different metocean conditions.

“The twin integrates all data including weather, currents, tides and temperature with a detailed physical ship model,” said Mr Due. “We can then decide the optimum route and simply transfer it to the ship’s autonomy engine, navigation systems and ECDIS when it is in port,” he continued.

“Once the ship sets off, sensor fusion comes into play, enabling the autonomy engine, working with the onboard digital twin and e-navigation systems to adjust and reroute at sea according to the going conditions and other vessels in the vicinity.”

It is this dynamism a fully autonomous navigation system requires that led to the establishment of the Hull to Hull (H2H) EU-funded research project. This will develop technical solutions for safer navigation in close proximity of other stationary or moving vessels and objects.

H2H will use the European Global Navigation Satellite System to enhance safety in busy waters and during close manoeuvring. “This will help mariners to make the correct navigation decisions and will create the fundamental conditions for autonomous vessel navigation,” said Mr Due. Data can be used as an input to an autonomy controller.

Navigational safety is essential if the benefits of MASS are ever to be truly realised”

Ensuring e-navigation and collision avoidance technology works correctly will be fundamental to autonomous shipping. “Navigational safety is essential if the benefits of MASS are ever to be truly realised,” said Mr Due.

SOURCE READ FULL ARTICLE