maritime-blackboxes-FB-1-1-e1609964241469-1.jpg

Report outlines deep cybersecurity challenges for the public/private seagoing sector.

The White House has released cybersecurity guidance for securing the Maritime Transportation System (MTS), which operates along 25,000 miles of coastal and inland waterways in the United States.

The document points out that the MTS encompasses “361 ports, 124 shipyards, more than 3,500 maritime facilities, 20,000 bridges, 50,000 Federal aids to navigation, and 95,000 miles of shoreline that interconnect with critical highways, railways, airports and pipelines.” In addition, there are more than 20 Federal government organizations that currently have a role in maritime security of all stripes, ranging from vessel and personnel safety to transportation standards and logistics.

2020 Reader Survey: Share Your Feedback to Help Us Improve

In all, this footprint contributes one quarter of all United States gross domestic product, or approximately $5.4 trillion, according to the Feds.

Maritime Challenges

Applying good cybersecurity to the seagoing sector is a complex process plagued with challenges. The report enumerates several of these, starting with the fact that it’s a diverse ecosystem “with businesses of all sizes leveraging IT and [operational technology] OT systems that interconnect with larger maritime systems. Users across the maritime sector access key data and management systems daily for business purposes, making secure access control and user monitoring difficult.”

To boot, different public and private entities own and operate these interconnected systems, and common cybersecurity standards do not exist across facilities. Some of the entities also lack appropriate resources or expertise to implement appropriate cybersecurity frameworks even if a common approach were defined.

“Cybersecurity within some ports and facilities is situational, ad-hoc and often driven by profit margins and efficiency,” reads the report. “Unless the private sector has a clear understanding of current and future maritime cybersecurity threats and a financial incentive to invest in maritime cybersecurity measures, some private sector entities may not be inclined to align with maritime partners or allies.”

Additionally, some of the MTS footprint relies on outdated telecommunication infrastructure, threatening the ability for MTS stakeholders to “protect digital information, the network and to detect when malign actors are attempting to access protected systems,” the report warned.

The danger here is real; researchers have previously identified the prevalence of Windows XP and Windows NT within critical ship control systems, including IP-to-serial converters, GPS receivers or the Voyage Data Recorder (VDR), which thus tend to be easily compromised. Researchers at Pen Test Partners found that with the ability to infiltrate networks on-board shipping vessels (think satcom hacking, phishing, USB attacks, insecure crew Wi-Fi, etc.), capsizing a ship with a cyberattack is a relatively low-skill enterprise.

Previous research has shown that other concerning attacks are possible as well, such as forcing a ship off-course or causing collisions. The issue with remediating the dismal state of maritime security is a lack of clearly defined responsibility for security, according to the researcher.

Maritime Cybersecurity Mitigations

To correct and mitigate maritime cybersecurity threats going forward, the report advocates the implementation of standardized risk frameworks across the MTS, security requirements for suppliers and contractors, vulnerability audits, information-sharing policies and more.

The recommendations start with establishing an OT risk framework that provides a standard for “insurers, facility and/or vessel owners and shippers to share a common risk language and develop common OT risk metrics for self-assessments.” This is a framework that the Feds will provide guidance on, and the report said that will include an international port OT risk framework based on the input from domestic and international partners, according to the advisory.

It also addressed third parties, and said that “the United States will strengthen cybersecurity requirements in port services contracts and leasing. To limit adversarial opportunity, contracts or leases binding the United States Government and private entities must contain specific language addressing cyber risk to the MTS. The private sector owns and operates the majority of port infrastructure.”

The report added, “Port services such as, but not limited to, loading, unloading, stacking, ferrying or warehousing Federal cargo requires cybersecurity contracting clauses to safeguard the flow of maritime commerce, MTS users and our economic prosperity.”

In addition, the report prescribes an examination of critical port OT systems for cyber vulnerabilities, but it doesn’t specify a role for the federal government. Instead, the report noted that the maritime sector should glean cybersecurity best practices from other critical infrastructure sectors.

The Feds will, however, establish a cyber-forensics process for maritime investigations.

“The United States will design a framework for port cybersecurity assessments,” according to the report. “Developing and deploying cyber-forensics for all major marine casualties and mishaps, when a maritime cyber-effect cannot be ruled out, is paramount.”

And finally, the report addresses the cybersecurity skills gap.

“DHS, through the United States Coast Guard, in coordination with other applicable departments and agencies, will develop cybersecurity career paths, incentives, continuing education requirements and retention incentives to build a competent maritime cyber-workforce,” the report reads, “…and will encourage cybersecurity personnel exchanges with industry and national laboratories, with an approach towards port and vessel cybersecurity research and application.”

Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar — Jan. 20, 2 p.m. ET.

 

Source: threatpost


0011-조선_자율운항선박의-사이버보안전망_4-3_01.jpg

These tankers will take part in the STM BALT Safe project for exchanging route information between ships and ports. This project is piloting new operational services based on STM concepts that improve data sharing and enhance navigation safety.

More than 400 ships already have the capability to share routes through their ECDIS to other ships and ports. Next, the focus will be on increasing tankers’ navigation safety.

For this, STM BALT Safe project is signing up 50 tankers that frequently sail in the Baltic Sea and upgrading their ECDIS for route information sharing.

Wärtsilä Voyage won the contract to upgrade ECDIS on these ships. Wärtsilä Voyage director Torsten Büssow said tanker owners can securely share route information with vessel traffic system (VTS) operators in the region by upgrading ECDIS.

“We believe standardised information sharing is an important key to improving safety and efficiency in the shipping industry,” said Mr Büssow.

During this STM project, Saab-based VTS in Estonia, Navielektro-based VTS in Finland and the new VTS-system in Sweden will be able receive and send route plans to vessels.

This will enable e-navigation services, such as route cross-check and risk situation alerts, to improve tanker safety.

Information is transferred via automatic information systems (AIS) between ships. It is shared between ships and shore through the Maritime Digital Infrastructure.

STM BALT Safe project ship testbed manager Cajsa Jersler Fransson expects these tanker ECDIS upgrades to be part of a voyage towards a more connected future.

“With installations happening this year, we will be able to analyse data from the interaction between ships and between ships and shore,” Mr Fransson said.

Source: rivieramm


Aug-27-NAVTOR-acquired-by-Silicon-Valley-investment-firm.jpg

Progress on e-navigation leads to new guidelines for standardised displays and integrated navigation systems

IMO agreed draft guidelines for navigation equipment and made progress on its e-navigation strategy in January 2019 at the Navigation, Communications and Search and Rescue (NCSR) sub-committee meetings.

E-navigation benefits will include the harmonised collection, integration, exchange, presentation and analysis of marine information leading to improvements in safety, security and protecting the marine environment, reducing the administrative burden on seafarers.

IMO secretary-general Kitack Lim was satisfied with the sub-committee’s progress and approval of a number of drafts and amendments.

“The actions taken and decisions made by this sub-committee are key for the implementation of effective measures for safe navigation,” he said. “For improved co-ordination to avoid maritime accidents and ensure a quick and efficient response in case of a search and rescue incident.”

“The actions taken and decisions made by this sub-committee are key for the implementation of effective measures for safe navigation”

The NCSR 6 sub-committee agreed with requests from delegations that IMO should work in collaboration with member states to lead on e-navigation. “There is no doubt that IMO should continue to lead these developments and address all safety aspects of navigation, including the harmonisation of maritime services in the context of e-navigation,” said Mr Lim.

IMO will partner with others to further develop, harmonise and define e-navigation maritime services including:

  • Vessel traffic services.
  • Communicating maritime safety information*.
  • Vessel shore reporting.
  • Ice navigation.
  • Search and rescue.
  • Pilotage and tug services.
  • Telemedical assistance.
  • Meteorological and hydrographic information.

Draft guidance agreed

In the meantime, IMO has drafted guidelines on performance standards for navigation equipment on ship bridges. This includes a draft Marine Safety Committee (MSC) circular on guidelines for standardising user interface design for navigation equipment.

IMO’s aim is to promote standardisation of human-machine interfaces and information used by seafarers to monitor, manage and perform navigational tasks to enhance situational awareness and improve navigation safety. These guidelines apply to integrated navigation systems (INS), ECDIS, radar and other bridge equipment with an interface.

Along with this, NCSR 6 agreed draft amendments to the performance standards for presenting navigation-related information on shipborne navigational displays, including radar, ECDIS and INS. Revised performance standards will come into force on 1 January 2024.

IMO’s sub-committee finalised draft updates to guidelines written to cover presenting navigational-related symbols on bridge systems to achieve harmonisation across equipment.

Another achievement in January was agreeing a draft MSC resolution covering guidance on defining and harmonising the format and structure of maritime e-navigation services to be implemented internationally, as opposed to the current regional testbeds.

It was agreed that all maritime services should conform with the International Hydrographic Organization (IHO) S-100 framework standard, which specifies the method for data modelling and developing product specifications.

There was also agreement on a draft MSC circular covering the initial descriptions of e-navigation maritime services. These would be periodically updated to account for developments and related work on harmonisation.

VDR and Polar Code

NCSR 6 agreed to draft amendments to MSC circulars updating the guidelines on annually testing voyage data recorders (VDRs) and simplified VDRs, thereby clarifying the examination of float-free capsules approved in accordance with resolution MSC.333(90).

Another achievement was submitting draft guidance for navigation and communication equipment used on ships operating in polar waters to the next MSC. This includes recommendations on mechanical shock testing, temperature parameters, addressing ice accretion and battery performance in cold temperatures. This will be fed into an update of IMO’s Polar Code later this year.

NCSR 6 established traffic separation schemes, associated routeing measures, precautionary areas and recommended traffic flow directions in the Sunda and Lombok Straits, Indonesia to reduce the risk of ship collisions and groundings.

Source: rivieramm


cma-cgm-shipping-cargo.jpg

NOAA’s Office of Coast Survey awarded a 5-year cooperative agreement to the University of New Hampshire for the continuation of the Joint Hydrographic Center. The Joint Hydrographic Center is a NOAA/University research and education partnership aimed at maintaining a world-leading center of excellence in hydrography and ocean mapping. The new award, which will begin in January 2021, will build on the work of the Center since its founding in 1999.

In announcing the award with New Hampshire’s congressional delegation on August 27, Senator Jeanne Shaheen, ranking member on the Commerce, Justice, Science and Related Agencies Appropriations subcommittee, noted, “The University of New Hampshire’s Joint Hydrographic Center is a national center of excellence that has deepened our understanding of the world’s oceans. The Center is making significant contributions to education, research and technological advances in ocean mapping and hydrographic sciences, and it’s important that this work continue to be funded.”

The Joint Hydrographic Center has had a long history of developing tools and techniques that had a major impact on the field of hydrography as well as educating many of the leaders in the field.  Over the last five years, the Center:

  • continued in the development of innovative new approaches to increase the efficiency and accuracy of ocean mapping data processing,
  • developed new approaches for calibrating mapping systems and extracting bathymetric data from satellite imagery,
  • pioneered the use of autonomous vehicles for hydrographic and other mapping applications,
  • developed tools to locate, visualize and quantify gas and oil seeps from the seafloor,
  • explored the use of ocean mapping data to better understand seafloor and fisheries habitat, and
  • developed innovative new approaches for visualizing, in both 3- and 4-D a range of oceanographic and ocean mapping data.

“I am thrilled that NOAA will continue its support for the Joint Hydrographic Center at the University of New Hampshire,” said Rear Admiral Shepard M. Smith, director of NOAA’s Office of Coast Survey. “This has been Coast Survey’s most important partnership in the past two decades as we have led the global hydrographic community in technology and advanced navigation services, and integrated these services across the ocean mapping community.”

Students from the Center recovering a seafloor grab sampler.
Students from the Center recovering a seafloor grab sampler during their capstone summer hydrographic field course.

In the next five years we expect the Joint Hydrographic Center to continue at the forefront of hydrographic and ocean mapping research and education, leading in the development of the tools and approaches for defining the next generation of hydrography and training the next generation of hydrographers and ocean mappers.  In line with Coast Survey’s strategic plan, our cooperative efforts at the Center will focus on three main themes:

  • Advance the Technology to Map U.S. Waters,
  • Advance the Technology for Digital Navigation Services, and
  • Develop and Advance Marine Geospatial and Soundscape Expertise.

Projects under these themes will include making autonomous mapping vehicles and systems truly autonomous, taking advantage of artificial intelligence (AI) and machine learning (ML) tools to provide situational awareness for these un-crewed vessels and aerial drones, and developing “edge” processing software that will work on the vehicles to minimize the data that needs to be transmitted back to shore. We will look for new ways to work in and take advantage of the “cloud,” again using AI/ML techniques to increase the efficiency and the accuracy of our data processing approaches. We will also focus on the concept of “characterizing” the seafloor and the water column looking for techniques that will allow our echo sounders to help us determine “what” we are looking at.

The Joint Hydrographic Center's autonomous survey vessel BEN underway for autonomous mapping trials off Portsmouth New Hampshire.
The Joint Hydrographic Center’s autonomous survey vessel BEN underway for autonomous mapping trials off Portsmouth New Hampshire.

The Center will support the growing demand for precision navigation, investigating and developing novel, perceptually optimized visualization techniques for mariner-friendly display of modern navigational and oceanographic data products. Not only do these products include high-resolution bathymetry and shoreline, but also real-time and forecast water levels, ocean and estuary flow models from NOAA’s Operational Forecast Systems, AIS vessel traffic, and bridge air gap sensors. As part of this effort, the Center will investigate how to fit the visualizations within ECDIS standardized presentation modes and how to implement these techniques within ECDIS/PPU systems while simultaneously providing supplemental visual analysis tools to support decision making. Extending the mode in which these tools may be utilized we will also explore the use of augmented reality (AR) to provide heads-up navigational information to mariners.

The Joint Hydrographic Center’s most lasting contribution may be the new generation of hydrographers, ocean mappers, and ocean data scientists who are educated in the program.  Since its founding, the center has awarded 183 graduate degrees and graduate certificates to students from the United States and 50 other countries, many of which are taking leading roles in the international hydrographic community.

Source: nauticalcharts


Machine_Learning_Sea_News_New-768x421.jpg

New e-Navigation technologies developed by the ACCSEAS (Accessibility for Shipping, Efficiency Advantages and Sustainability) project could improve the safety and efficiency of ships across the notoriously busy shipping lanes of the North Sea Region, following successful trials.

ACCSEAS successfully completed its first demonstration of e-Navigation techniques on board a working passenger ship in the North Sea. The prototype equipment was installed on the bridge of P&O’s Pride of Hull vessel and at Vessel Traffic Services (VTS) Humber.

Working with P&O Chief Officer, Joop Loonstra and Deputy VTS Manager, Shane Winterton, the ACCSEAS team set up a live communication between the ship and VTS Humber on the approach to Humber Estuary and compared the e-Navigation services with more traditional platforms.

The trials were successful and have demonstrated that e-Navigation technologies have the potential to transform the way that data is delivered to mariners by collating all information into one display and ensuring back-up mechanisms are in place. The suite of solutions will not only increase the safety and efficiency of navigation, but also allow better interaction with VTS centres. The team on board also showed how e-Loran seamlessly took over when the ship’s GPS signal was lost demonstrating the benefit of Resilient Position, Navigation and Timing (PNT).

Shane Winterton, Deputy VTS Manager, Humber said: “ABP Humber Estuary Services has been proud to assist ACCSEAS in the development and testing of their new electronic navigation system here upon the Humber. ACCSEAS has created a well designed and resilient system, with valid functions of real worth to the wider navigational community.”

Improved navigation techniques are particularly important in the North Sea region where an increase in shipping traffic, vessel size and competition for marine space is putting growing pressure on the North Sea’s marine areas. These issues pose serious safety and environmental concerns, whilst impacting the economic prosperity of the shipping industry. With over 90% of all goods transported by sea, the safety and efficiency of vessel traffic movements significantly impacts the industry’s economic efficiency and carbon footprint.

Winterton continued: “The enhanced safety of vessel movements within confined waters provided by the system is achieved through a thoughtful process of route exchange and dynamic no go area under keel clearance modelling. ACCSEAS should be congratulated on the very successful trial of their system which they tested in real world scenarios between the P&O ferry Pride of Hull and VTS Humber on one of the busiest and most important estuaries in the UK.”

Alwyn Williams, Project Manager of ACCSEAS said: “The results of this trial show a successful outcome for the ACCSEAS programme, but more importantly, a significant step for the application of e-Navigation within the industry. Mariners can be confident that these systems will provide them with quicker, more accurate information and allow shipping to become more adaptive in an environment that can often be fast-changing.”

These technologies will be demonstrated at the final ACCSEAS Conference “Navigating the North Sea Region into the Future” in February 2015. The conference aims to build upon the success of the second ACCSEAS Annual Conference held in Edinburgh earlier this year and will bring together a global audience to explore the implementation of the ACCSEAS e-Navigation test-bed services and present the concluding results of this engaging North Sea Region project.

Technologies tested included:

  • No-Go Area Service – No-Go Area is an on board service that would provide vessels a live picture of where it cannot safely go along its intended route, highlighting concerns such as environmentally protected areas and shallow stretches of water
  • Resilient Position Navigation Timing (PNT) – A robust service that provides, primarily, the mariner with their position and navigation – Using back-up systems that mitigate the vulnerability of GNSS.
  • Tactical Route Exchange & route suggestion – This service allows mariners to communicate their intended routes with each other and Vessel Traffic Services. It will also allow VTS centres to suggest the most efficient/safe routes to the vessel
  • Inter-VTS Exchange Services – This is a harmonised means of sharing VTS information between different operators, possibly in different countries, to give Vessel Traffic Service a greater situational awareness
  • Maritime Safety Information/Notices to Mariners Services (MSI/NM) – This service provides the mariner with this information in an electronic form for quick display on an ECDIS.

Source: accseas


2021-01-11_21h33_57-1200x647.png

President Trump has released the “National Maritime Cybersecurity Plan,” which sets forth how the United States government will defend the American economy through enhanced cybersecurity coordination, policies and practices, aimed at mitigating risks to the maritime sub-sector, promoting prosperity through information and intelligence sharing, and preserving and increasing the nation’s cyber workforce.

President Trump designated the cybersecurity of the Maritime Transportation System (MTS) as a top priority for national defense, homeland security, and economic competitiveness in the 2017 National Security Strategy. The MTS contributes to one quarter of all United States gross domestic product, or approximately $5.4 trillion. MTS operators are increasingly reliant on information technology (IT) and operational technology (OT) to maximize the reliability and efficiency of maritime commerce. This plan articulates how the United States government can buy down the potential catastrophic risks to our national security and economic prosperity created by technology innovations to strengthen maritime commerce efficiency and reliability.

The National Maritime Cybersecurity Plan unifies maritime cybersecurity resources, stakeholders, and initiatives to aggressively mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security. The Plan identifies government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

This Administration continues to defend American workers and American prosperity while strengthening our national security. President Trump has taken numerous steps to bolster cybersecurity measures, promote American workers, defend American technology, and lead the world in technological innovation. Today’s release furthers the President’s successes at bridging the private and public technological and industrial sectors to benefit the American people and protect the American way of life.

Source: whitehouse


maritime-cybersecurity-plan-unveiled-showcase_image-8-a-15713.jpg

Maritime transportation systems increasingly rely on IT and OT, which can create vulnerabilities, the plan notes.

“The proliferation of IT across the maritime sector is introducing previously unknown risks, as evidenced by the June 2017 NotPetya cyberattack, which crippled the global maritime industry for more than a few days,” the plan states.

The U.S. relies on ocean-based commerce for about 25% of its gross national product. The plan is designed to help protect the nation’s network of 25,000 miles of coastal and inland waterways, 361 ports, 124 shipyards, more than 3,500 maritime facilities, 20,000 bridges, 50,000 federal navigation aids and 95,000 miles of shoreline.

“The National Maritime Cybersecurity Plan unifies maritime cybersecurity resources, stakeholders and initiatives to aggressively mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security,” says National Security Adviser Robert O’Brien .

The plan, which is designed to unify maritime cybersecurity resources and close defensive gaps, will be reassessed every five years.

Citing a lack of specialists in this field, the plan calls for investing in the training of maritime cybersecurity specialists in port and vessel systems. This will include developing career paths for those who choose this profession along with continuing education and retention incentives.

Uniform Standards

A top priority, according to the plan, is for the government to encourage the use of uniform cybersecurity standards by the 20 federal agencies that have a role in maritime security. These agencies are responsible for vessel and personnel safety, transportation standards, physical security and other maritime industry activities.

“The NSC staff, through the policy coordination process, will identify gaps in legal authorities and identify efficiencies to de-conflict roles and responsibilities for MTS cybersecurity standards,” the plan states.

The plan also calls for the U.S. Coast Guard to analyze and clarify the 2016 and 2020 cybersecurity reporting guidance for maritime stakeholders. The Coast Guard also should collect maritime cyber incident reports to identify trends and attack vectors and then share that information with others, the plan says.

The Department of Defense and Homeland Security should work together to examine whether critical port operational technology systems have cybersecurity vulnerabilities, the plan states. Because a framework for conducting such an assessment does not exist, the plan calls for basing maritime audits on practices in other sectors.

“For example, the Department of Energy conducts small-scale vulnerability testing to protect electrical power generation and distribution OT systems. Similarly, maritime OT systems would benefit from vulnerability inspections. Findings from these audits may inform cybersecurity mitigation and remediation for MTS users,” the plan says.

Information and Intelligence Sharing

The plan also calls for the Coast Guard, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to work together to create a list of cybersecurity issues that can then be shared with domestic and international partners in the maritime industry.

It also calls for the creation of a mechanism for government agencies to share unclassified, and when possible, classified information to protect maritime IT and OT networks with all those in the maritime industry.

Source: govinfosecurity


reimar-adobe-stock-115677.jpeg

As the Trump administration in the US draws to a close, the President has released a new ‘National Maritime Cybersecurity Plan’ detailing how the United States government will aim to defend the cybersecurity of the maritime sector through enhanced coordination, policies and practices, aimed at mitigating risks and increasing the nation’s cyber workforce.

The cybersecurity of the Maritime Transportation System (MTS) was listed as a top priority in the 2017 US National Security Strategy. The MTS contributes to one quarter of all United States gross domestic product, or approximately $5.4 trillion, with the new plan addressing the potential catastrophic risks to security and economic prosperity that could be created by maritime cyber vulnerabilities.

“The American people elected me on the promise to make America great again. I promised that I would protect American interests and promote the welfare and economy of our great citizens,” writes President Trump, in the plan’s introduction.

“During my first year in office, I designated transportation and maritime sector cybersecurity as a priority for my administration. In keeping with my promise and this priority, I am continuing to promote the second pillar of the national security strategy, promote American prosperity, by approving the national maritime cybersecurity plan.”

“The national maritime cybersecurity plan explains how my administration will: defend the American economy by establishing internationally recognized measures of risks to the maritime sub-sector and standards to mitigate those risks; promote prosperity through information and intelligence sharing; and preserve and increase our great nation’s cyber workforce.”

The Plan aims to unify US maritime cybersecurity resources, stakeholders, and initiatives to mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security, identifying government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

The full US National Maritime Cybersecurity Plan can be downloaded here.


carabay-adobe-stock-116339.jpeg

A new report warns of increasing cybersecurity threats to the maritime industry. The Global Maritime Consultants Group’s (GMCG) Marine Cyber Security white paper, published on December 24, warns of attacks which may originate via email, denial of service, impersonation or various other means and sets out measures that the maritime industry can take to protect against and prevent such attacks.

The industry has recognized cybersecurity as a major threat and to some extent is playing catch-up with other industries, particular when compared to other forms of transportation. To help address the need for increased action against cyber attacks, the International Maritime Organisation (IMO) has introduced a new code which from January 1 2021 requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system.

GMCG warns that one of the simplest ways of threatening and corrupting a ship’s system is for an employee to open an infected email. “In doing so it can cause the recipient of the targeted email to become an infected member of the maritime supply chain. This can then result in the electronic virus being downloaded and passed on through the systems associated with the ship, its land-based operations and often with financially crippling effects. Most of these fraudulent emails are designed to make recipients hand over sensitive information or trigger malware installation on shorebased or vessel IT networks.”

The report says the first step for ship owners is to have a recognized plan that identifies cybersecurity objectives that are relevant for safe ship operations. “These checks and balances should also encompass anyone connected with the ship’s operations, both in-house and external. It is also vital to create an inventory list of all safety and business-critical systems and software which will be needed in the first instance to define and create a cyber risk assessment.”

Communication systems, ship propulsion and power control systems, cargo management systems, passenger services, and the ship’s bridge system are all vulnerable areas and the report also recommends ensuring that public network connections are kept entirely separate from the ship’s and maritime land-based networks.

A coalition of maritime organizations* recently updated a set of cybersecurity guidelines for the industry. Issued in December, the fourth version of the Guidelines on Cyber Security Onboard Ships includes general updates to best practices in the field of cyber risk management, and as a key feature, includes a section with improved guidance on the concept of risk and risk management. The improved risk model takes into consideration the threat as the product of capability, opportunity, and intent, and explains the likelihood of a cyber incident as the product of vulnerability and threat.

“In recent years, the industry has been subjected to several significant incidents which have had a severe financial impact on the affected companies,” said Dirk Fry, chair of BIMCO’s cyber security working group and Director of Columbia Ship Management Ltd.

“While these incidents have had little or no safety impact, they have taught us some very important lessons which have been incorporated into the new version of the guidelines,” added Fry.

*The following organizations produced the fourth edition of Guidelines on Cyber Security Onboard Ships: BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), Interferry, International Chamber of Shipping (ICS), INTERMANAGER, International Association of Independent Tanker Owners (INTERTANKO), International Marine Contractors’ Association (IMCA), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (Sybass), and World Shipping Council (WSC).

Source: hstoday


CMA-CGM-at-night_Sh2-768x432.jpg

The White House on Tuesday rolled out a plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security.

The plan, which was compiled in December but made public this week, lays out the Trump administration’s plans for defending the maritime transportation sector against cybersecurity threats.

The sector is involved in around a quarter of the nation’s gross domestic product.

ADVERTISEMENT

The three goals of the plan include establishing international standards defining threats to the maritime sector, enhancing intelligence and information sharing around these threats and increasing the nation’s cyber workforce for the maritime sector.

The plan is meant to address new threats from the increased use of new information technology and operational technology systems in the sector.

“The National Maritime Cybersecurity Plan demonstrates my commitment to promoting American prosperity by strengthening our cybersecurity,” President Trump wrote in a statement included in the plan. “This is a call to action for all nations to join us in protecting the vital maritime sector that interconnects us.”

National security adviser Robert O’Brien said in a statement Tuesday that the plan would help the federal government “buy down the potential catastrophic risks to our national security and economic prosperity” created by the reliance of the maritime sector on new technologies.

“This Administration continues to defend American workers and American prosperity while strengthening our national security,” O’Brien said. “President Trump has taken numerous steps to bolster cybersecurity measures, promote American workers, defend American technology, and lead the world in technological innovation.”

ADVERTISEMENT

“Today’s release furthers the President’s successes at bridging the private and public technological and industrial sectors to benefit the American people and protect the American way of life,” he added.

Priority actions included in the national security plan include prioritizing the training of cybersecurity specialists in port and vessel systems, sharing government information with private sector groups involved in the maritime sector, prioritizing maritime intelligence collection and developing a “cyber-forensics process” for investigating cyberattacks involving the maritime sector.

The National Security Council will oversee the completion of these priorities, and will reassess the plan at least once every five years.

“The United States is a maritime Nation that depends on a robust, integrated, and secure maritime transportation system to support our economic prosperity, provide for our national defense, and connect the United States economy with the global market,” the plan reads. “Technology innovation develops at a pace faster than that which global maritime security can maintain, creating low-cost opportunities for malicious actors.”

The sector has already been targeted by hackers. The Coast Guard put out an alert in late 2019 that a ransomware intrusion at a facility regulated under the Maritime Transportation Security Act forced the facility to shut down for 30 hours after disrupting camera and physical access control systems, along with the entire corporate IT network at the facility.

The plan was also rolled out as the federal government continues to grapple with one of the largest cyber incidents in U.S. history, with the majority of federal agencies and the U.S. Fortune 500 companies compromised by Russian hackers as part of an attack on IT group SolarWinds.

The Department of Defense, which houses the Navy, and the Department of Homeland Security, which oversees the Coast Guard, were among the agencies impacted by the incident.

Source: thehill


Twitter

@AnyawbSales - 1 year

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released