Loading...

(+30) 2118501121
cyber-1654709-696x392.jpg

Three cornerstones for effective Maritime cyber security

Maritime’s fragmented approach to digitalisation carries risk, especially when it comes to cyber security.

Speaking recently at Lloyd’s Register Asia Shipowners’ Forum, Wallem Group chief executive Frank Coles highlighted how operators can fail to update critical processes when embracing new onboard technologies. By overlooking the human elements of cyber security, he said, operators can undermine the potential benefits of acquiring a new technology – introducing risk instead capitalising on the rewards it can offer.

While cyber security risks posed to the shipping sector are real and pressing, they can be quantified and managed, if the right approach is taken.

Safeguarding critical assets in a fragmented digitalisation process and ensuring profitability in the years to come depends on three cornerstones:

Cornerstone 1: threat-intelligence assessment 

Maritime cyber security .

The cyber security landscape is rapidly changing and the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances made by security professionals and technical defenders. Regular threat intelligence and assessment activities allow an owner to view their organisation through the eyes of a potential attacker, to perceive their attack surface in detail, and to assess the real-world threats to their business.

Cornerstone 2: Crisis-management cyber attack simulation

With knowledge of the attack surface and adversaries already in hand, owners can take steps to safely, effectively and efficiently ensure they are prepared to respond to a cyber attack by using a simulated cyber attack known as a ‘red team’ exercise. Such exercises allow a company to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor. They also help determine the level of assurance and ability needed to effectively detect and respond to a genuine cyber attack and educate defence teams about effective responses within a controlled and forgiving environment.

Cornerstone 3: Define a cyber security strategy

An effective cyber security strategy completes the foundation of a secure technological and organisational infrastructure. Designing a cyber security strategy is a complex task for most firms as the strategy must be robust and responsive enough to address a dynamic operational environment. Security professionals can work to create a cyber security strategy to create operational efficiencies, maximum return on technology investments, and assured data and asset protection into the future.

Given the cost and reputational risks associated with a cyber attack – estimated at £11.7M (US$15.4M) per company according to a World Economic Forum 2017 study – there is no doubting the importance of taking a strategic approach to cyber security.

Ultimately, a truly cyber resilient shipping organisation is one that gains intelligence on evolving cyber threats to inform decisions and plans, going beyond the minimums needed to achieve compliance.

SOURCE https://www.marinemec.com


cybersecurity-1200x675.jpg

Korean Register (KR) has granted its first cyber security type-approval certificate to a new smart shipping integrated communication system.

The cyber security type-approval certificate has been awarded to Hyundai Electrics for its Hyundai Integrated Smart Communication System (Hyundai-ISCS), aimed at providing comprehensive cyber security protection for next-generation vessels.

KR’s cyber security type-approval is based on international standards such as IEC 62443 4-2 and IEC 61162-460. Under the certification, technical, security and audit functions are inspected and assessed for confidentiality, integrity and availability, while backup and recovery functions are also inspected and analysed to assess their response strength in the wake of a cyber incident.

 

KR executive vice president Hyung-chul Lee said “This is the very first cyber security type-approval certificate to be issued anywhere in the world, but it reflects the speed of development in this sector and rising level of risk to on board systems from cyber attack.”

Hyundai-ISCS was developed jointly by Hyundai Electric and Hyundai Heavy Industries. It provides a range of information on vessels and acts as an interface between more than 20 types of equipment including safety systems and sensors, combining to enhance a vessel’s smart abilities.

The certificate was formally presented to Hyundai by KR in a ceremony at Nor-Shipping 2019 in Oslo, Norway, on 5 June.

It was also announced on 5 June that Hyundai Global Service (HGS) and Inmarsat have signed a business co-operation agreement aimed at facilitating digitalisation for owners and managers of vessels. The agreement will enable co-operation including using Inmarsat’s Fleex Xpress dedicated bandwidth services to support HGS’ digital services for shipowners.

The agreement was announced following trials on three vessels over a three-month period, testing sensor-driven applications measuring voyage and equipment operating data including fuel consumption and vibration monitoring, plus HGS analytics and reporting services.

 

SOURCE


Cybersecurity.jpg

As the maritime sector is being targeted by highly motivated cyber criminals, the shipping industry should be on the highest alert for a cyber attack, Itai Sela, CEO of cyber security specialist Naval Dome, said. 

Speaking today at the Singapore Maritime Technology Conference (SMTC) 2019, organized by the Maritime and Port Authority of Singapore (MPA), Sela warned:

“Somebody, somewhere is targeting the maritime sector. The shipping industry should be on Red Alert.”

Sela’s warning follows widespread concern that the maritime industry remains vulnerable and is not doing enough to protect itself.

During a round table discussion in which several companies informed the Greek shipping community of the importance of cyber security, one analyst said that while the industry is “concerned about the cyber risk it struggles to understand where and how best to manage it”.

As stressed by Naval Dome CEO, the industry is not prepared for cyber attacks. Taking into account that shipping is a USD 4 trillion global industry transporting 80% of the world’s energy, commodities and goods, any activity that disrupts global trade would have far-reaching consequences.

“It is easy to understand why shipping is now in the cross-hair of the cyber-criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat,” Sela commented.

Referring to the global certification standard IEC 62443, which has been adopted by several certification bodies, Sela explained the four levels of security used for safeguarding against a cyber-attack.

“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4 type attack criminals are using to penetrate the shipping industry,” Sela said, recalling an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.

 

As explained, the easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s (OEM) head office.

“All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship – the attack is delivered. It spreads. It’s autonomous.”

The current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime. However, Naval Dome believes the best solution is based on technology that removes the human element altogether.

In his presentation to the Singapore maritime community, Sela suggested that a ship can be used as a very effective weapon to “create chaos and destruction” at the port.

“A ship whose systems are under the control of the cyber-criminal could result in pollution, cause collisions or groundings, or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level.”

Sela also said that a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether it’s infected or cyber clean.

“I strongly recommend that all port authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he concluded.

 

SOURCE


autonomous-.jpg

maritime cyber security Kongsberg Maritime director of autonomy Peter Due explains why e-navigation and technology developed for the Yara Birkeland project will enable a future of autonomous shipping

ECDIS and e-navigation will be essential for generations of future autonomous ships. Although the first unmanned ships will be remotely controlled and operating in coastal waters, in the long term there will be ocean-going autonomous ships, with e-navigation technology monitoring their progress onshore.

IMO placed ocean-going autonomous vessels firmly on the global agenda during the Maritime Safety Committee (MSC) 99 session in May this year, by implementing a working group to conduct a regulatory scoping exercise for using MASS (Maritime Autonomous Surface Ships)*.

Kongsberg Maritime will be part of that working group and will deliver technology to the world’s first all-electric, zero emissions and autonomous container vessel, Yara Birkeland. This ship is scheduled to transport fertiliser products along a 30 nautical mile route to the ports of Brevik and Larvik next year and by 2020 is likely to be unmanned.

Kongsberg Maritime director of autonomy Peter Due said new navigation and collision avoidance systems that centre on e-navigation technology were needed for this project, as Yara Birkeland will operate on a busy waterway.

Kongsberg drew on its experience in autonomous underwater vehicles, dynamic positioning, ECDIS and sensor fusion as a foundation for autonomous navigation. But Mr Due explained to Marine Electronics & Communications that more development was required. “Harmonising with artificial intelligence, machine learning and digital twin technology enables the extreme level of safety required,” he said.

Mr Due said Yara Birkeland’s operations will be planned, pretested and optimised in the cloud using the Kognifai digital platform and its digital twin that Kongsberg generated. This includes navigation in different metocean conditions.

“The twin integrates all data including weather, currents, tides and temperature with a detailed physical ship model,” said Mr Due. “We can then decide the optimum route and simply transfer it to the ship’s autonomy engine, navigation systems and ECDIS when it is in port,” he continued.

“Once the ship sets off, sensor fusion comes into play, enabling the autonomy engine, working with the onboard digital twin and e-navigation systems to adjust and reroute at sea according to the going conditions and other vessels in the vicinity.”

It is this dynamism a fully autonomous navigation system requires that led to the establishment of the Hull to Hull (H2H) EU-funded research project. This will develop technical solutions for safer navigation in close proximity of other stationary or moving vessels and objects.

H2H will use the European Global Navigation Satellite System to enhance safety in busy waters and during close manoeuvring. “This will help mariners to make the correct navigation decisions and will create the fundamental conditions for autonomous vessel navigation,” said Mr Due. Data can be used as an input to an autonomy controller.

Navigational safety is essential if the benefits of MASS are ever to be truly realised”

Ensuring e-navigation and collision avoidance technology works correctly will be fundamental to autonomous shipping. “Navigational safety is essential if the benefits of MASS are ever to be truly realised,” said Mr Due.

SOURCE READ FULL ARTICLE