download.jpg

“The St. Lawrence is central to the success and assets of the Greater Montreal hub. Our sector depends on this vital marine connection with the world. Beyond the direct benefits of Avantage Saint-Laurent to our shipping community, the more than 6,000 businesses operating in logistics and freight transport in the metropolitan area will also benefit from this new vision and the many initiatives that will result from it. Without a doubt, Avantage Saint-Laurent will not only improve existing infrastructures, but also facilitate the implementation of innovative, smart, sustainable and economically viable projects for our supply chain,” said Mathieu Charbonneau, Executive Director of CargoM.

“The resilience and dynamism of our sector, paired with this strategy being implemented by our government, will position marine transportation as a cornerstone in the green economic recovery. Through these three major thrusts, Avantage Saint-Laurent will increase Quebec’s potential in this sector as well as the collective wealth, while taking into account the social and environmental aspects of this important shipping corridor,” said Ms. Madeleine Paquin, President and CEO of Logistec Corporation and Chair of the Board of Directors of CargoM.

CargoM looks forward to actively collaborating in projects stemming from Avantage Saint-Laurent, especially in relation to the workforce, so that every actor in our great logistics community can participate and benefit from it.

 

Source: newswire


1546505361420.jpg

Maturity and innovation have proved a winning combination as the world’s most technologically inventive ship registry has been elevated to the Paris MoU Grey List from June 2021.

Palau International Ship Registry (PISR) has been recognised for its digitally based services and growth in just three short years. This is a remarkable progression for a new registry and is attributed to the commitment to digital services and the recruitment of experienced and knowledgeable staff across the maritime sector. Now the combination of its own unique technology and human resources has seen it record some of the lowest detention figures for its growing fleet in the past 12 months.

Panos Kirnidis, CEO of PISR, is also celebrating the fifth anniversary of the registry’s European office based in Piraeus in Greece and believes the registry’s inclusion in the 2021 Paris MoU Grey List is a testament to the maturity and determination of its global network.

“This is not a surprise to anyone associated with Palau International Ship Registry. We were determined to lift ourselves into the white list and this will be achieved through our innovative and unique technology combined with the recruitment of experts in every aspect of ship registry services.

“Detentions by Port State Control and the increasing environmental regulations have put ship owners and operators under great stress in the past few years. The global pandemic has added to their worries and yet, we have proved that by investing in online services, finding the right people across our global network and offering our unique Deficiency Prevention System (DPS), we can assist them in avoiding these financially damaging detentions.

“It is this combination that is unique to PISR. It is our own in-house developed software systems that have seen our fleet detentions plummet. It is simple to use, highly effective and available from a desktop PC or even a smartphone. This is the reason PISR has been able to reduce detentions and allow us to claim our place in the Grey List. But we are not stopping our drive and we will see even further improvements in our listing into 2022 and beyond.”

After just five years PISR has been recognised as one of the world’s fastest growing and most inventive ship registries according to Panos Kirnidis.

“When I talk to ship owners, they tell me they want reliable and dependable services. They want information in real time enabling them to make the decisions that keep them sailing without penalties. We developed our Deficiency Prevention System (DPS) to do just that, and it has been an outstanding success. This is a process of maturity for any new ship registry, but we began life by examining the mistakes other established registries had made and then avoided them. Our combination of technology and the human element is the basis for our proactive services. “We recently hosted an online event for our Deputy Registrars and Flag State Inspectors and recognised their contributions to our success. Finding the right people is as painstaking as developing the technology but ship owners tell us it is paying dividends. We have been saying we are trailblazers in an established industry. We have been telling the maritime and shipping world that Palau International Ship Registry is here to stay. Well, we have proved that, and we make no apologies for saying the Grey List is a great reward for our faith and determination to be the best at what we do. As a flag of confidence, PISR will continue to innovate, operate and generate, the right combinations of services, fees, knowledge and customer service that we are known for. This year the Grey List and our targets for the coming years include an even larger fleet and the White List is in our sights.”

 

Source: palaureg


gdpr_ready_image.2e16d0ba.fill-1600x900.jpg

1. Data Processing and Data Processing Purposes

1.1 The Company “CITY UNITY Maritime Training Center” (hereinafter: «the Company») processes, in the context of your employment, personal data collected by you and/or third parties (such as recruiters, job-posting websites and/or your previous employer), in accordance with Regulation (ΕU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: «GDPR») and Greek legislation. More specifically, the Company processes personal, passport/ID and communication information, banking, social security and tax data, information about your education and previous and current employment, photo, your marital status and family information, travel information, your communications with the Company, information about your next of kin, health data, information about your entry/exit from the Company, e-mails that you send from and receive in your corporate e-mail account, calls you make and receive in your corporate mobile phone and work phone, your corporate mobile phone bill and any other personal data that may be necessary to achieve the below purposes of personal data processing.

1.2 The Company processes your personal data during your employment, while such processing will extend after the completion of such employment, and to the extent required in order for the Company to comply with its legal obligations towards the authorities and/or third parties, to comply to any applicable provisions on the obligatory data retention periods or in order for the Company to support its claims or rights.

1.3 The Company processes your data in order to ensure its proper operation in accordance with its employee-related procedures, to fulfill its staffing needs, to comply with its legal and contractual obligations, to identify its employees and to ensure the safety of its staff and of its premises.

2. Transfer of personal data to third parties

2.1 Your data may be made accessible to the Company’s personnel, as well as to third parties, such as the competent authorities, technical contractors, investigators, accountants, auditors, lawyers and legal counsels, IT companies providing technical or cloud services or i-storage platforms and banks.

2.2 The Company may also transfer some or all your data for the above purposes to persons located in countries that are not members of the European Economic Area (EEA). Where such countries have not been granted with an adequacy decision by the European Commission, any transfer shall take place under the appropriate safeguards in accordance with the GDPR, such as Standard Contractual Clauses approved by the Commission or by the competent national authority.

3. Your rights

In accordance with the GDPR, you have the right to: (a) request access to your data and to information relating to the processing thereof by the Company, (b)  request corrections and/or the completion of your data, (c)  request the Company to delete your data, (d)  request the restriction of the scope of processing, the way that the Company is processing your data, as well as the purposes for which the Company is processing them, (e) receive the personal data you provide to the Company and to transmit them and/or request the Company to transmit them to another data controller, (f) object to the processing of your personal data, (g) file a complaint before the Hellenic Data Protection Authority, and (h) so far as the processing relies upon your consent, to withdraw such consent at any time. To exercise your rights, please contact the Company as illustrated below at 5.

4. Legal basis for the processing of personal data

The Company processes your personal data because the processing is necessary, in order for the Company to:

(a) comply with its legal obligations, including among others obligations in the field of employment or social security law,

(b) fulfill its obligations and/ or satisfy its rights deriving from your employment agreement,

(c) satisfy its legitimate interests, such as its proper operation in accordance with its employee-related procedures, to fulfill its staffing needs, to comply with its legal and contractual obligations, to identify its employees and to ensure the safety of its staff and of its premises and the fitness to work of its employees,

(d) establish, exercise or defend legal claims, and/or

(e) process your personal data pursuant to your consent.

The above processing is required by law or due to a contract executed between you and the Company. Therefore, if you do not provide us with your data, the execution of your employment agreement may not be possible.

 

Source: maritimecareer

 

 


HMM-Jakarta.1a68e3.jpg

The shipping industry continues to be the target of cybercriminals, with South Korea’s HMM becoming the latest major carrier to report an attack on its systems. HMM, however, reports that it has so far been able to limit the scope of the attack to its email servers.

The unidentified security breach was detected on June 12, HMM said in its announcement, and it led to limited access to the carrier’s email outlook system in certain areas. They are reporting that on the fourth day after the virus was discovered that the email system is gradually resuming. HMM is also emphasizing that no information or data leak has been found.

“Except for email, the other system networks and functions are fully operational as usual, attributed to the independent cloud-based system,” reported HMM. “In this context, our e-business platforms, including booking and documentation functionality, are properly running without disruptions.”

 

Source: hstoday


Cyber-Security-ABS.jpg
In the wake of the Petya cyber-attack, which disrupted a host of industries around the world, including the shipping sector, Captain Rahul Khanna (RK), Global Head of Marine Risk Consulting, AGCS, Captain Andrew Kinsey (AK), Senior Marine Risk Consultant, AGCS and Emy Donavan (ED), Global Head of Cyber, AGCS discuss the growing threat cyber risk poses to the maritime sector and what companies can do about it.
How much of a threat is cyber risk to the shipping sector? Which parts of the industry are exposed?

AK: The digital era is opening up new possibilities for the maritime industry but its growing reliance on computer and software and increasing interconnectivity within the sector, also makes it highly vulnerable to cyber incidents.  The shore-based offices of shipping companies are often the target of hackers. However, cyber poses a threat to all parts of the shipping sector, as recent examples testify. The risk of an attack or incident occurring is significant but ship-owners are often reluctant to share information for fear of being identified. This is a big problem and there are efforts underway to form an anonymous incident reporting platform.

Other common vulnerabilities include: lack of awareness, ineffective policies and procedures and an undeveloped cyber risk management culture. To date, the vast majority of attacks have been aimed at breaching corporate security, resulting in loss of critical data, financial loss or IT problems, rather than taking control of a vessel itself. In addition to this threat, it is estimated that as many as 80% of offshore security breaches could be the result of human error.

How would you describe the awareness of the shipping industry when it comes to cyber risk?

RK: The good news is that there is a growing awareness about the risk of maritime cyber-attacks. However, the sector as a whole still doesn’t have a  particularly heightened risk awareness. As no major incident involving a vessel has been reported to date, many in the industry remain complacent about the risks involved, with cyber incidents largely regarded as onshore affairs, even though the number of incidents impacting the shipping industry has been increasing in recent years.

A changing geopolitical scenario could transpose cyber risk into a real threat and if cyber risks are not appropriately addressed, it is only a matter of time before the maritime sector suffers a major cyber-attack on a vessel. The potential for a cyber disruption or a cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its position and in terms of its stability and cargo operations. Just imagine if hackers were able to take control of a large container ship on a strategically-important route. They could block transits for a long period of time, causing significant economic damage

What should shipping companies do to best mitigate cyber risk. How can they best protect themselves?

AK: There are a growing number of resources available to help mariners learn about common vulnerabilities. Just one example is the internationally-recognized United States Maritime Resource Center, which assists the industry in cyber awareness, safety and security through evidence-based research.

Then there are an increasing number of cyber security guidelines which can be followed. Last year, the United Nations’ global shipping regulator, the International Maritime Organization (IMO), approved interim guidelines on maritime cyber risk management, which provide high level recommendations on cyber security (see below). Meanwhile, guidelines have also been issued by other important organizations such as BIMCO, CLIA, Intercargo and Intertanko.

There are standard practices that can be implemented to reduce cyber risk, such as defining personnel roles and responsibilities for cyber risk management and identifying the systems, assets and data that, when disrupted, pose risks to ship operations. Ship-owners also need to implement risk control processes and contingency planning, developing and implementing activities necessary to quickly detect a cyber event. Identifying measures to back up and restore cyber systems impacted by a cyber event is obviously crucial.

These are challenging times for the shipping industry. Budgets are tight and there is pressure to delay maintenance and reduce crew levels and training. However,  IT security cannot be put on the backburner. It is vital that investment in cyber risk education and security is not neglected at this time, despite economic pressures, as this risk has the potential to have catastrophic consequences, given the right confluence of events.

What role can regulation play?

RK: Earlier this month (June 16) the IMO made the decision to incorporate cyber risk management on a more permanent footing with the adoption of cyber risk management requirements into the International Safety Management Code (ISM Code). Owners will need to comply with this by the start of 2021 and this means that there will now be a lot of impetus on ship-owners to create a concrete cyber risk management plan.  The largely self-regulated tanker industry is expected to take such steps much before 2021. Many companies are looking at employing a cyber risk officer, with part of the role being to carry out regular stress testing.

How does cyber risk insurance work in the maritime sector? What is covered?

ED: Typically, hull policies would exclude coverage against cyber-attack or any loss arising from a malicious act involving the use of a computer system. Shippers would be encouraged to purchase standalone cyber insurance coverage. Most of the risks for shippers would be similar in nature to other non-marine businesses (ransomware, hacker / privacy breach, etc). In general, marine, as well as general liability (GL) and property, policies expressly exclude cyber. We absolutely recommend that shippers, like other businesses, purchase a standalone cyber policy for these types of risks.

Source: agcs

Uno degli argomenti particolarmente specifici che riguardano i temi della Cyber Security in ambito marittimo è quello relativo alla raccolta dei dati digitali per le esigenze di analisi forense nei casi di incidenti/attacchi informatici. Nelle risposte ad un evento di natura cibernetica, l’indagine digitale forense rappresenta, infatti, non solo una strategia, ovvero una capacità di raccolta delle informazioni digitali critiche che hanno provocato l’evento massimizzandone il loro uso come prova, ma anche un metodo per la comprensione e la mitigazione di rischi informatici a vantaggio della sicurezza dei traffici marittimi nel loro complesso, dalle navi alle stesse infrastrutture portuali.

L’efficacia di tale capacità dipende, tuttavia, da una adeguata disponibilità, qualità ed affidabilità dei dati digitali raccolti sia sui sistemi digitali che su peculiari info-tecnologie in uso in ambito marittimo, attraverso metodi di rilievo il più possibile accurati, basati anche su professionalità specifiche oltre che su avanzati strumenti tecnologici. A questi si aggiungono poi anche strumenti di ricerca informativa e di intelligence, ovvero di raccolta e validazione di dati raccolti, ad esempio, da fonti aperte, che rappresentano sempre più un valore aggiunto nelle analisi di eventi malevoli di natura informatica.

Lungi quindi dall’essere uno strumento passivo di post-analisi o richiesto per esigenze esclusivamente legali ovvero assicurative, numerosi sono i casi in cui le stesse organizzazioni e istituzioni, in molti ambiti peraltro anche diversi dal settore marittimo, hanno beneficiato della raccolta e dell’utilizzo di prove digitali anche al fine di migliorare la tutela dei dati e in generale la propria sicurezza informatica. Sebbene i metodi e le tecniche forensi oggigiorno utilizzati, soprattutto se riferiti ai sistemi legati alle tecnologie informatiche, siano sempre più evoluti, per le attività conseguenti a incidenti o attacchi cibernetici nel settore marittimo (soprattutto per navi o infrastrutture/impianti portuali), sussistono elementi di criticità. Ciò è dovuto in gran parte a determinate specificità del settore rispetto ad altri e, soprattutto, alle peculiarità delle navi ma anche relative alle tecnologie di controllo remoto ormai sempre più in uso nei terminal portuali in cui vi è un utilizzo sempre più diffuso di sistemi operativi informatizzati e connessi alla rete dove la raccolta dei dati digitali post-evento presenta notevoli difficoltà. Sulla base di quanto detto, appare particolarmente interessante procedere ad uno studio delle questioni fondamentali legate a questo tema. In particolare, l’obiettivo e quello di provare ad esaminare e valutare, per quanto possibile, le capacità forensi in un settore specifico come quello marittimo, fondamentale nel commercio globale, che opera in una combinazione di fattori legati alle innovazioni tecnologiche, informatiche ed operative altamente sensibili, sia per gli aspetti di sicurezza individuale (safety) e legati ad eventi accidentali, che di sicurezza fisica (security) conseguenti ad eventi intenzionali.

Una volta esaminate le caratteristiche e le criticità, in termini di prontezza e capacità per una adeguata raccolta dei dati digitali utili alle indagini forensi marittime, attraverso il confronto anche con altri settori e basando l’analisi sui principali criteri e scenari di valutazione del rischio nonché di esperienze e tentativi già consolidati, il passaggio successivo è cercare di individuare alcuni passaggi ritenuti essenziali per impostare questo genere attività. L’obiettivo finale rimane comunque quello di aumentare, anche con l’indagine forense, il grado di sicurezza informatica marittima a vantaggio di un settore particolarmente essenziale e sempre più strategico.

 

Source: babilonmagazine


Cyber_security_class_notation_1288x500_tcm8-169174.jpg

In an age where electronics seemingly control everything, cybersecurity has never been more critical to the marine sector. We depend on electronics for everything from vessel navigation to maintenance, and their proper function is essential to protect crew and vessel safety.

As maritime technology advances, electronic OT — Operational Technology — systems that physically control the ship are being integrated with IT — Information Technology — systems. As vessels update their systems to more advanced, electronically controlled components, they’ll need to increase their vigilance because IT systems can be attacked and controlled by outside parties.

In an attempt to reduce cybersecurity threats, the United States Coast Guard has paired with the Transportation Security Administration to fight potential cyber risks in the shipping industry and prepare mariners with the knowledge to combat them.

In this article, we’ll discuss the types of cybersecurity threats and offer a few best practices to prepare crew members to guard against attacks and misuse. By understanding how and why cyber risks happen, mariners can reduce the chances they’ll occur.

 

Source: mitags


thumbnail_container-1611490_1920_Thumb.jpg

A company we worked with recently on cyber resilience found that our work also improved their ability to recover from general technical failures. We identified areas that they had previously not considered – vulnerabilities that they did not know were vulnerabilities.

We asked them what their process was for recovering from a complete ECDIS failure and how long they expected it would take them to recover.

We listened and found that there were areas that could be improved. We worked with them to give them the ability to rebuild their bridge systems from the ground up if they needed to. Our team worked with the vendors to get them the software they needed and arranged for the crew to be trained to implement the recovery plan. It turned out it was quite simple to put in place but they had never before asked the “what if” question, they had never considered there could be a better way of doing things. They now have in place a far quicker, cheaper and simpler system of recovery than flying a specialist software engineer out to the vessel location or downloading a massive file over a VSAT connection.

That’s a typical situation that we come across. By working on cyber resilience, asking the right questions, my team identified operational improvements.

It’s about looking at the world through a different prism. About identifying problems and coming up with practical solutions that cause the minimum of disruption and ensure that, if any losses our outages do occur, they remain minimal. Forewarned is forearmed as they say.

Simply asking the question “Have we considered the cyber risk for X” brings it into the conversation. You don’t need to know the answer, you just need to make sure that someone else does.

Similarly, we work with some of the world’s leading insurance brokers and that is because we make their risks less risky. That’s good for them because it reduces the level of claims and good for us because we get more business. But the main beneficiary is the end client. They get cheaper insurance cover, less exposure to risk and enhanced operational resilience. It’s a virtuous circle.


Standardising and harmonising electronic ship to shore communication for reporting purposes was high on the agenda at the International Maritime Organization’s (IMO) virtual Facilitation Committee (FAL) meeting held from 1-7 June 2021 (FAL 45).

 

One of the outcomes from the IMO meeting in the Facilitation Committee (FAL 45) was that a new updated version of the IMO Compendium will soon be issued, based on the most recent adoptions.

The Compendium promotes and supports electronic data exchange conducted using standardized data models and their implementation guidelines.

The IMO Compendium serves as a reference manual for creating and harmonising the systems needed to support transmission, receipt and response of information required for the arrival, stay and departure of the ship, persons and cargo via electronic data exchange.

The current version of the compendium already addresses a number of declarations required according to the Convention on Facilitation of International Maritime Traffic (FAL Convention):

• General Declaration
• Cargo Declaration
• Ship’s Stores Declaration
• Crew’s Effects Declaration
• Crew List
• Passenger List
• Dangerous Goods Manifest
• Security-related information as required under SOLAS regulation XI-2/9.2.2
• Advance Notification for Waste Delivery to Port Reception Facilities; and
• Maritime Declaration of Health.

In addition, the Compendium has been extended to include additional e-business solutions beyond those related to the FAL Convention, such as on port logistic operational data and real time date, to ensure the easy implementation of the IMO Just-In-Time (JIT) concept and maritime certificates.

More data sets are waiting to be included in the model.

“The IMO Compendium changes the way the maritime industry and ports will be communicating. Shipping is entering the digital world, and this change will reduce the administrative burden and increase the efficiency of maritime trade and transport,” says Jeppe Skovbakke Juhl, Manager, Maritime Safety & Security at BIMCO.

The positive news is that the FAL Committee made significant progress in the harmonisation and standardisation of electronic messaging by approving updates to the IMO Reference Data Model, as set out in the IMO Compendium.

“Although the software platforms may differ, the IMO Compendium can ensure that ships and shore will use the same data structure when communicating,” Juhl adds.

“This is a huge step forward for harmonising the machine-to-machine data exchange communication with the shoreside,” Juhl says.

Given the current size of the IMO Reference Data Model, the IMO Compendium will no longer be produced in a Word format, but instead be issued as an Excel file format.

IMO to assess the implementation of electronic data exchange

FAL 45 also agreed on another important measure addressing maritime digitalisation by developing guidelines to measure domestic implementation of the FAL convention. The aim of the guidelines is to create a tool to assess the opinion of maritime users about the FAL Convention, checking compliance with the administrative processes established by each national maritime authority and observing how well the maritime single window system is working, among other systems.

Back in 2016, IMO adopted mandatory regulations for electronic data exchange requiring public authorities to establish systems to assist ship clearance processes by April 2019. The aim of the requirements was to encourage the use of the “single window” concept, and to enable all the information required by public authorities in connection with the arrival, stay and departure of ships, persons and cargo, to be submitted via a single portal without duplication.

Although the IMO assessment is voluntary, it may give a much better picture to which degree the national public authorities have implemented the IMO Compendium and the associated IMO Reference Data Model.
Source: BIMCO, By Peter Sand, Chief Shipping Analyst

 

SOURCE READ THE FULL ARTICLE

BIMCO welcomes updated IMO Compendium to advance electronic data


DNV has launched the EEXI Calculator – a digital tool to support customers in ensuring their compliance with the upcoming Energy Efficiency Existing Ship Index (EEXI). The regulation is expected to be adopted at this week’s 76th meeting of the Marine Environment Protection Committee (MEPC 76). If so, it would take effect in January 2023.

 

The EEXI regulation is a medium-term component of the International Maritime Organization’s (IMO) roadmap towards reducing global shipping’s carbon intensity by 40 per cent over the next decade, using 2008 as a baseline. The aim of the EEXI is to assess the energy efficiency of existing ships, focusing solely on their design. It determines the standardized CO2 emissions related to a vessel’s installed engine power, transport capacity, speed, and degree of energy efficiency. The regulation will be applicable for all cargo, ro-pax and cruise vessels above 400 GT, depending on their propulsion type and whether they trade internationally. DNV estimates that currently up to 30,000 vessels need to take action to comply with the upcoming EEXI regulation.

“The EEXI is putting a great deal of pressure on ship owners to take immediate action in order to analyse the energy efficiency of their fleet and make any necessary adjustments to ensure compliance,“ said Knut Ørbeck-Nilssen, CEO of DNV Maritime. “At DNV, we understand the difficulties the industry faces in meeting this regulatory deadline. This is why we have tailored our new EEXI Calculator to meet this need.”

Energy Efficiency Existing Ship Index (EEXI) is expected to take effect in 2023. DNV has launched the EEXI Calculator to support customers in ensuring their compliance.

To help customers ensure they are prepared for EEXI compliance, DNV has developed two pathways.

The EEXI Calculator is purpose made for high volume ship segments such as tankers, bulkers and containers. Customers can access this newly launched tool via the Veracity portal under ‘Fleet Status’. The calculator can produce an EEXI calculation and the technical file based on the data uploaded by the customer.

For more complex cases, and when the customer wants to save time and effort, DNV’s advisory experts can work with customers to map out a pathway to compliance, identify the correct parameters for the calculation, and assist in preparing the required documentation.

“These two pathways are designed to help everyone tackle their EEXI challenges in time to reach compliance,” said Fabian Kock, Head of Section Environmental Certification, DNV Maritime. “For companies with a younger fleet, this may not require major adjustments, they can easily access and prepare the required documentation through our EEXI calculator. And for those who need more support, there is the opportunity to tap into DNV’s extensive expertise as they prepare to make more involved decisions around how their vessels can meet the regulatory requirements and secure EEXI compliance when the regulation comes into force.”

The EEXI Calculator is launched on 17 June 2021.

 

SOURCE READ THE FULL ARTICLE

https://www.hellenicshippingnews.com/dnv-launches-new-digital-eexi-calculator-an-estimated-30000-vessels-will-need-to-take-action-to-comply-with-the-regulation-new-digital-self-service-tool-launched-to-support-the-compliance-process/