cyber-1654709-696x392.jpg

New technologies have led to significant changes in our daily lives. The reflections of these changes appear as new rules and laws on privacy and security. Today, both public institutions and private sector have access to various information belonging to thousands of people within the scope of the performed business. This information obtained can be processed and transmitted easily as a result of the rapid developments in information technologies.

By increasing the requirements of companies in terms of privacy and security, this transformation made digitalization inevitable. This necessity can also be seen by various organizations as a “technological restructuring” opportunity. Due to the Turkish Personal Data Protection Law (KVKK), which has been introduced in 2016, organizations that do not have enough infrastructure and knowledge in the area of privacy and security have started to focus on this area.

Personal Data Protection is directly related to the right of privacy, which is one of the fundamental human rights. Before KVKK, the rules on the Personal Data Protection were to specify with Turkish Criminal Code, Constitution and other relevant legislation. Personal Data Protection Law No. 6698 is the most important legal regulation with the most severe sanctions.

Source: verisistem

gdpr-640-small.jpg

The new European General Data Protection Regulation (Regulation (EU) 2016/679), will enter into force on the 25th of May 2018, and it is expected to affect businesses, government agencies and organisations, which collect or analyse information of European Union citizens.

The 28th of January each year is the global Personal Data Protection day, which for 2018, has a particular importance because the EU General Data Protection Regulation (“GDPR”) will come into force in May 2018. Stricter rules and higher fines increase the risks of non-compliance. Violations of the GDPR can have a severe impact on companies that handle personal information – both financially, as well as for their reputation.
Meeting GDPR is not just a compliance requirement, but can also lead to a competitive advantage by proving to be a trustworthy employer and business partner for customers.
What is personal data?

Personal data is defined as any information concerning the personal or material circumstances of a person and is associated with the data on employees, contractors and customers. This includes name, address, material conditions, such as health, or IP address.

Certain kinds of data are classified as “sensitive”. These are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life.

To help the shipping industry understand and comply with the new GDPR Regulation Maritime Academy is offering a course that will assist those who have day-to-day responsibility for data handling, to implement better its provisions.

The following subjects are discussed and analysed:
Provisions and principles of the new regulation and understanding
What constitutes personal data?
Who does the GDPR affect?
What is the difference between a data processor and a data controller?
Get informed on the rights of the data subjects.
Discuss if you need to appoint a Data Processing Officer (DPO) and
What are his duties and responsibilities?
Hear how to transfer personal data to third countries
The penalties for non-compliance
Learn how to have your Privacy Notice GDPR ready
Understand how to organise an information audit to map data flows and
The use of the Data Protection Impact Assessment (DPIA)
Get informed on how to deal with and report data protection breaches and
Exercise due diligence under the GDPR
Explore other jurisdictions’ data protection laws
Get up-dated on recent famous data breaches

Source: DNV GL Maritime Academy Hellas

 


CMA-CGM-at-night_Sh2-768x432.jpg

Risk of cyber attacks on ships and ports

However, when new technologies and digital solutions are introduced, the risk increases that cyberattacks can take place onboard ships and in ports.

“Denmark view cyber threats on the same level as any other maritime safety and security-related risk. An important part of finding solutions to the cyber vulnerabilities is by engaging in international collaboration and exchanging knowledge with other strong maritime nations”, Andreas Nordseth adds.

The fight against cyber pirates continues

Besides maritime experts from the United States, the Netherlands, and Denmark, participants from Canada, the United Kingdom, Australia, Singapore, Israel, Germany, France, and Belgium joined the discussions at today’s webinar.

The United States, the Netherlands, and Denmark will continue the international cooperation on maritime cybersecurity matters in 2021, and seek to expand participation with even more like-minded maritime nations.

Reference: dma.dk


magnifier-adobe-stock-116301.jpeg

The Ports and Maritime Organization of Iran announced in a statement that its information technology experts have thwarted a cyberattack targeting the electronic infrastructures of the Iranian ports.

All missions and activities of the Ports and Maritime Organization are going on normally, the statement added, noting that online services are being provided to prevent any disruption to the freight services or loading and unloading operations even for a moment.

Last month, an official said the export of non-oil commodities in the first half of the current Iranian year via the southeastern port city of Chabahar has risen by 95 percent compared to the corresponding period a year earlier.

Chabahar is the closest and best access point of Iran to the Indian Ocean and Iran has devised serious plans to turn it into a transit hub for immediate access to markets in the northern part of the Indian Ocean and Central Asia.

Source: tasnimnews.com


Mopic-680x0-c-default.jpg

With greater than 90 percent of all global trade tonnage transported by sea and vital global energy networks, maritime infrastructure has never been more essential and yet also more at risk. In just the last two weeks, there have been several high-profile attacks on the maritime industry, with both the fourth largest global shopping company and the International Maritime Organization (IMO) targeted.

To dive deeper on this topic, we asked seven experts—including several who spoke at a recent Scowcroft Center for Strategy and Security event on maritime cybersecurity—about these threats and how policymakers can help protect against them:

 

What are the most vulnerable aspects of our maritime infrastructure? What makes them such attractive targets?

 

“When compared to commercial IT, the technologies used within the maritime sector illustrate the difficulties new sectors have to adapt to the Internet of Everything (IoE). Like many other sectors, the maritime sectors used to develop stand-alone software and hardware, inherently “limiting” the risks to internal threats. The new IoE paradigm, however, proves that it is challenging to securely design, develop, and operate a fully connected environment. Current GPS, ECDIS, and AIS systems have demonstrated various vulnerabilities in the last couple of years. So in order for the maritime environment to develop and operate in a secure fashion, it will be essential to have an overall view of the supply chain, from third party manufacturer to the people operating and maintaining the equipment. This view should further evolve over the lifetime of the equipment, with updates, upgrades, and training.

“In its current state, the maritime industry is a prime target due the many moving parts of ports and vessels, the increasing attack surface (e.g. adding connectivity to devices that had never been thought to be connected), the current lack of security and privacy by design, as well as the inadequacy of cyber-security training. Furthermore, with the industry quickly bridging the gap between IT and Operational Technology (OT), we may soon see wide-spread vulnerabilities impacting the maritime sector as a whole.”

Dr. Xavier Bellekens, Lecturer and Chancellor’s FellowInstitute for Signals, Sensors, and Communications,University of Strathclyde

 

From a government standpoint, what can the US government do to incentivize the maritime industry to invest more in cybersecurity?

 

“I believe that the most impactful things the US government can do to incentivize maritime industry investments in cybersecurity are:

  • Promote robust, real-time, maritime-specific cyber threat and incident information sharing between maritime industry stakeholders, and between those stakeholders and the US government (and vice versa), when appropriate.
  • Share cybersecurity threat intelligence with cleared maritime industry stakeholders.

I believe that these two measures are critically important as, currently, maritime industry executives have limited information about cybersecurity threats that other companies have experienced. Only by sharing cybersecurity threat and incident information widely with and between maritime companies can their senior executives gain a clear appreciation of the collective threats and potential financial and national security impacts of failing to adequately invest in IT and OT infrastructure improvements and other cybersecurity enhancement measures. Having this complete cybersecurity threat picture is key to making corporate cost-benefit decisions on increased investments in cybersecurity, and to ensuring that those investments achieve the best possible cybersecurity protections.”

Cameron Naron, Director, Office of Maritime Security, Maritime Administration, US Department of Transportation

 

What kind of players exist in the maritime industry and what role should they play in driving improved cybersecurity outcomes?

 

“The challenges in driving improvement in cybersecurity programs within the global maritime industry result from the many links in the marine transportation system and the personnel at each of these links. With enhanced technology, the interconnectivity—while improving the efficiency of the system itself—also presents multiple nodes which provide opportunities for cyberattacks. Looking at the system as a whole and starting at the most basic level, the vessel and its systems, interconnected within the ship and interfaced with shore management, is the basic building block. Key links to and from the vessel include shore management (ship owner, operator, or charterer), government agencies requiring electronic reporting of vessel information, third-party contractors including classification societies, vendors, technical service providers, and port and terminal authorities. Simply put, in an ideal world, the entire logistics chain is interconnected and provides stakeholders real-time information essential to scheduling and decision making. Integrating cybersecurity programs at each interface is critical as is also the education of personnel at each interface. In such an integrated system, the cybersecurity programs are only as good as the weakest link, making it critical that all links in the logistics chain collaborate in establishing robust programs, properly training personnel and maintaining the operational efficiency necessary for all parts to work as one.”

Ms. Kathy MetcalfPresident and Chief Executive Officer, Chamber of Shipping of America

 

Cyber-attacks on maritime infrastructure can be especially alarming because of potential compounding effects. What lessons can be taken from other sectors to help better protect maritime infrastructure from systemic threats?

 

“Three opportunities for maritime to build on the cybersecurity lessons learned by others jump out. First, from the energy sector, how to monitor and alert on malicious system behaviors in technology without a great deal of computing head room left for big commercial IT security applications. Second, from the US financial sector, the importance of regular and realistic joint exercises to build confidence in the collaborative links between stakeholders and raise awareness of channels for cascade failure between them. Third, from the telecommunications sector, how some companies have approached repeated adversarial events as an issue of resilience—building flexibility, capacity to adapt, and deep system expertise as a means of operating through failure rather than endlessly seeking to prevent it.”

Trey Herr, Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

 

What was your biggest takeaway from the Atlantic Council panel conversation? How does it align with what you see as the biggest threat to maritime cybersecurity that needs to be tackled?

 

“Sustaining a safe, secure, and resilient marine transportation system is foundational to our economic and national security. When we consider evolving risks in the cyber domain, the maritime sector is on par with other more widely recognized sectors, like finance and energy, in terms of the potential for significant consequences. As we have seen from recent incidents, the maritime industry’s growing dependence on continuous network connectivity and converging layers of information and operational technology make it inherently vulnerable to cyber threats.

“The first step for the maritime industry is to recognize that cyber risk management is not an administrative function that can be left solely to company IT professionals, but rather a strategic and operational imperative that must be managed at the C-suite level. We also need to recognize that cyber security is a team sport; no single public or private entity has the capabilities, authorities, resources, and partnerships to do it alone, so information sharing and collaboration are essential to managing this risk.”

Captain Jason P. TamaCommander, Sector New YorkCaptain of the Port of New York and New Jersey, United States Coast Guard

 

How does cyber insecurity in civilian maritime infrastructure impact military readiness and capabilities? Why should the cybersecurity of our commercial fleets be a priority for the US government and the Department of Defense (DoD)?

 

“While cyber insecurity in civilian maritime infrastructure has not yet been a hindrance to force projection, it could be in the future, given the right set of circumstances. In the past, we have operated under the assumption of an uncontested homeland and uncontested passage. However, exploring the asymmetric level of effort required for successful cyber-attacks juxtaposed against the damage they may cause, has forced a re-evaluation of whether our infrastructure and routes will remain uncontested in the future. Because the Army relies on the civilian maritime industry to move equipment, when US forces need to be sent overseas quickly, minor delays throughout our civilian critical infrastructure could have a ripple effect on the deployment timeline. The cybersecurity of commercial fleets should be a priority for the US government and DoD because disruptions or delays to military deployments could jeopardize our ability to maintain stability and to support our allies and partners.”

Dr. Erica Mitchell, Critical Infrastructure/Key Resources Research Group Leader, Army Cyber Institute, West Point; Assistant Professor in the Electrical Engineering and Computer Science Department, West Point

 

How can we help better enable and operationalize the Maritime industry to ensure that cybersecurity is not only understood, but also prioritized? 

 

“First, to understand and prioritize cybersecurity, persistent visibility into organizations’ own networks, assets, and critical third-party integration must be achieved. This is the spectrum of attack surfaces that requires the same continual monitoring and awareness that we have practiced for centuries at sea: inspections of cargo holds and machinery spaces, watertight enclosures and hatches, and material conditions throughout the vessel to ensure seaworthiness. An understanding of network architecture, what is connected, when it connects, and who may be required to connect is an imperative. Real-time knowledge of business, vessel, and marine terminal networks and technologies presents the greatest power of information to empower stakeholders because what belongs and what doesn’t belong is discoverable and tangible in the present, allowing actions to be taken early, instead of after a breach.  Observable behaviors of how systems react to detectable adversarial activities and breach attempts is convincing and defensible evidence from which to understand then prioritize the risk through informed decisions. This is largely missing—inconsistent at best—across the maritime industry, with some exceptions. Without persistent monitoring in a rapidly advancing digital ecosystem, decisions will be farther behind the curve and based on scanty information.

“Second, cybersecurity leadership is necessary in the board room to ensure leadership is informed, that all the appropriate considerations are included in strategic planning and governance, and that cybersecurity actions taken are translated to a business language for all leadership and stakeholders to understand. In operating ships and marine terminals where cyber-physical systems integrate with IT, leaders must create and implement unified strategies for how the fleet or facilities will be protected; to support the vessel masters, crews, and employees through the creation of sensible plans to respond and recover, and to maintain safe operations. This is no different from how responsible maritime companies develop strategies to understand and manage other forms of somewhat tangible risk, such as geopolitical, climate change, ballast water, and even obsolescent technology replacement. As an example, many operational and safety checks are required to be performed and logged for a vessel preparing to sail or arrive in port. Very little in the form of pre-departure or arrival cybersecurity checks are provided to the vessel as tested and validated from ashore. This type of assurance and safety due diligence can be organized and led by a maritime Chief Information Security Officer (CISO). At the present, very few maritime companies are staffed with a CISO, with some exceptions. So how can we sail into the digital future without the dedicated leadership and the processes to trust-but-verify?

“Third, industry would benefit from discreet information sharing exchanges from which stakeholders may meet in private to discuss not only cybersecurity threat information, but also strategy and best practices, and to meet with government representatives as needed. As the deployment of OT monitoring software solutions by vendors increases, we must understand industry’s experiences with the performance of these technologies, the value of the output data, and new unintended security vulnerabilities. These lessons learned should be shared so industry can advance through digitalization together, vice operate in a vacuum. Lastly, as businesses interface with shareholder and government entities in the sharing of cybersecurity information, organizations need the right blend of industry and cyber leadership expertise to represent their equities ahead of regulation.

“We are always thinking ahead in maritime—monitoring through watchkeeping, anticipating, scanning, plotting navigation fixes, inspecting, analyzing trends, and preparing—because the sea is unforgiving, and the duty of care is neither optional nor negotiable. Until now, cyber has run counter to every best practice we have learned and practiced—react, wait for the bad news, then scramble (with some exceptions). Instead, turn the constraints of limited resources, talent, and low priority into advantages and strategy by simplifying the cybersecurity problem through continuous monitoring, dedicated cybersecurity leadership, and discreet collaboration.

Source: atlanticcouncil


gary-kessler-book-cover.dea4a1.png

As hackers become even more sophisticated in their tactics, it’s inevitable that maritime cyber-attacks against OT on ships are becoming the norm rather than the exception. The stats speak for themselves:

Of respondents, 77% view cyber-attacks as a high or medium risk to their organizations, yet only 64% said their organization has a business continuity plan in place to follow in the event of a cyber incident. But only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 2 of 5 respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”

It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats.

In this eBook, we will help you navigate the ins and outs of maritime cybersecurity, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.

Source: missionsecure


covid-impact.png

The COVID-19 pandemic has significant impacts on the shipping industry and on seafarers themselves, and IMO is working tirelessly at all levels to find solutions.

Travel restrictions imposed by governments around the world have created significant hurdles to crew changes and repatriation of seafarers, which has led to a growing humanitarian crisis as well as significant concerns for the safety of seafarers and shipping. IMO has intervened promptly by urging its Member States to designate seafarers as key workers, so they can travel between the ships that constitute their workplace, and their countries of residence.

Click to download the protocols, which set out general measures and procedures designed to ensure that ship crew changes can take place safely during the COVID-19 pandemic. (Circular Letter No.4204/Add.14  Recommended framework of protocols for ensuring safe ship crew changes and travel during the COVID-19 pandemic.)

Seafarers have been collateral victims of the crisis, as travel restrictions have left tens of thousands of them stranded on ships, or unable to join ships. IMO has established a Seafarer Crisis Seafarer Crisis Action Team (SCAT) to help them out of a variety of critical situations.

IMO has published a number of press briefings on key issues related to the pandemic, including crew changes, repatriation of seafarers and meetings postponement:

Day of the Seafarer and other events

  • High-level event on the margins of the United Nations General Assembly (24 September) on COVID-19 and Maritime Crew Changes: A humanitarian, safety, and economic crisis- read more here.
  • The annual Day of the Seafarer was celebrated on 25 June 2020. The theme of the campaign reflects the role of seafarers and the need for them to be declared “key workers” in the light of the COVID-19 pandemic.
  • Webinar: “Seafarers are Key Workers: Essential to Shipping, Essential to the World” A webinar on the theme “Seafarers are key workers: Essential to shipping, essential to the world” was held. Panelists highglighted the ongoing need for repatriation of crew and made a plea to “Get our hero seafarers home”.  They welcomed the United Kingdom Government’s initiative in calling a global summit on the issue, but warned that real action from governments everywhere was needed to solve the crisis and get seafarers home and replaced.

Source: imo


ocimf_tanker_Main.jpg

Maritime News is published three times a year by NACE International and provides differing segments of the maritime industry with relevant and timely information related to the causes of corrosion and coating solutions for its mitigation.

With each issue, we present topics related to coatings and other corrosion control methods on maritime-related assets. Maritime News shares insights into protecting assets such as:

  • Seagoing vessel
  • Docks, jetties, and piers
  • Platforms, buoys, wind turbines, and other properties

Get the latest news and information about protecting your maritime assets from corrosion with this free resource from NACE International.

Source: nace


darsyg.jpg

Often, when vessels capsizes, there is not enough time to say “Oh, f*&k”. Stellar Daisy, a 24-year old Very Large Ore Carrier vanished with minutes of sending a standard daily report. At this time, only two of the ship’s 24 officers and crew have been found alive. Two empty lifeboats and a liferaft, ship’s debris and surface fuel oil are reported to have been found in the vicinity of her last known position. SAR efforts continue with the help of four merchant vessels.

The vessel was carrying iron ore from Brazil to China when it disappeared at about 02.52 GMT, 11.53 local time, on 31 March some 350 nautical north-west off Tristan Da Cunha reportedly under fine weather conditions.

It is understood that liquefaction played a key role in the capsize, investigations are at a very early stage but the suddenness of the disappearance, the lack of survivors and the empty LSAs are typical of liquefaction-induced capsize. Port State Control examinations suggest that the 24-year-old vessel had a fairly clean bill of health with no detentions although Chinese PSC authorities identified two deficiencies related to water-tight doors, which investigators will be studying.

Liquefaction is the phenomenon by which, under certain circumstances, a dry bulk cargo typically an ore, and often iron ore fines, behaves like a liquid. When the vessel rolls to one side the liquefied cargo moves to the lower side of the vessel, then lock in place as a mass, producing a list. An opposite roll can re-liquefy the cargo.  One may have as little as 90 seconds to identify and mitigate the problem before it becomes irrecoverable.

Source: maritimeaccident


image_750x_5f29fb6fa24ee.jpg

Aiming to test the use of Remotely Piloted Aircraft Systems (RPAS) in enhancing the maritime awareness picture in the French Mediterranean Sea, Secrétariat Général de la Mer requested the European Maritime Safety Agency (EMSA) to set-up a multipurpose maritime surveillance operation, having the Navy (Marine Nationale) and customs (Douanes) as the strategic and tactical leaders of the operation.

 

Operational missions started on 23 September for an initial period of three months.

reactCredits: France Air Force

The RPAS service will consist of general maritime surveillance over waters under French sovereignty and jurisdiction in the Mediterranean Sea, more specifically, encompassing:

• maritime monitoring and surveillance in support of coast-guard functions – maritime safety and security, supporting further maritime domain situational awareness, fisheries control and law enforcement; and

• maritime environmental protection, namely oil spill detection and characterisation, identification of targets possibly connected and where needed offering support to oil spill response. Marine Nationale and Douanes will command and monitor the missions remotely from Toulon and Marseille respectively and the RPAS will be operated from the French Air Force Base (BA125) of Istres.

 

The contractor operating the RPAS is the consortium REACT (with partners CLS and TEKEVER) and the aircraft to be used is the AR-5 unmanned fixed wing aircraft. This asset has a payload comprising a maritime radar, electro-optical and infra-red cameras, AIS receiver and EPIRB antenna. It is ready to fly under SATCOM and can perform night and day operations.

Source : EMSA

Twitter

@AnyawbSales - 1 year

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released

Photo Gallery