Shipping is vital to the world supply chain. During the COVID-19 pandemic, it is crucial that all personnel involved are protected from infection, including those onboard ships and shore personnel who may need to temporarily go on ships or interact with seafarers.   

IMO has circulated World Health Organization (WHO) guidance on the safe and effective use of personal protective equipment (PPE), to support decisions on use of PPE to minimize the risks of COVID-19 infection for seafarers, marine personnel, fishing vessel personnel, passengers and others on board ships. This guidance also applies to shore personnel intending to go on board (such as pilots, port workers, port State control officers, shipʹs agents, etc.); and when any of these people interact with each other. The PPE  guidance is available here (CL.No.4204/Add.15 

To support decision making and risk assessment, IMO has also circulated practical measures to address COVID-19 risks for all people involved on ships and in ports when they may need to interact with each other, available here (CL.No.4204/Add.16). Recognizing that there are differences in national requirements, the guidelines propose a straightforward system to evaluate the risks and communicate the control measures that will be put in place, by mutual agreement, to reduce infection risk. They also propose simple steps and precautions to take if attendance onboard a ship is unavoidable. These include minimising the number of persons attending; using outer walkways rather than access through the crew accommodation; frequently cleaning hands and maintaining social distancing.  

The COVID-19 related guidelines for ensuring a safe shipboard interface between ship and shore based personnel were proposed by a broad cross section of global industry associations in consultative status with IMO: ICSIAPH,  BIMCOIACSIFSMAIMPA, INTERTANKOP&I Clubs, CLIA, INTERCARGOInterManagerIPTAFONASBA, and WSC; and also take account of input from the International Maritime Employers’ Council (IMEC) and the International Support Vessel Owners Association (ISOA). 

Source:
http://www.imo.org/en/MediaCentre/WhatsNew/Pages/default.aspx


The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.

How has this affected the shipping industry?

The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include:

  • E-mail scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
  • Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
  • The Danish pump maker DESMI being hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.

So, what should the shipping sector do to maintain the security of their data and infrastructure?

The pandemic came at a time when shipping organisations have been investing to implement IMO’s “Guidelines on maritime cyber risk management”, in order to be better prepared against cyber security threats both on- and off-shore before 2021. Priorities have had to change in response to the COVID-19 outbreak, but the new reality with its extensive use of technology can still be seen as an opportunity for making sure that parts of the guidelines are implemented in an accelerated manner. Three key actions should be prioritised for shipping organisations to mitigate emerging risks due to the pandemic:

  1. Secure newly implemented remote working practices

Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.

Organisations should consider:

  1. Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
  2. Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
  3. Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).

 

  1. Ensure the continuity of critical security functions

With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.

Considerations in this respect include:

  1. (Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
  2. (Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
  3. Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
  4. Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.
  1. Counter opportunistic threats that may be looking to take advantage of the situation

In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:

  1. Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
  2. Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
  3. Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
  4. Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.

It is evident that the pandemic has brought new challenges for shipping organisations. Uncertainty, unprecedented situations, and rapid IT and organisational changes have shifted the nature of cyber threats, making the need for consistency in both on- and off-shore implemented protective and detective measures a ‘must’. We are yet to see how the industry will adapt to the “next day of normality”, but one thing is certain – the cyber security risk landscape has changed and the industry needs to remain vigilant and respond to the situation accordingly and with speed.

See also PwC’s article “Keeping the lights on with a response strategy plan” on what organisations in the shipping sector should do to ensure their continuity of operations.

Source: https://www.hellenicshippingnews.com/cyber-security-in-shipping-during-covid-19-pandemic/


MIAMIMay 12, 2020 /PRNewswire/ — Tritan Software, the #1 Provider of Health & Safety technology platforms in the maritime industry,  announced today the launch of SeaConsult, a new telehealth solution that will be provided at no cost to all clients during the COVID-19 pandemic period. SeaConsult will allow onboard staff to securely conduct virtual cabin visits with onboard crew and guests for all suspected cases directly via a laptop or mobile device.  The ability to perform contactless visits and checks via telehealth, in accordance with the Center for Disease Control and Prevention (CDC) and World Health Organization (WHO) recommendations, will help prevent the transmission of communicable diseases onboard while ensuring the safety of crew and passengers. SeaConsult will also provide the ability for staff onboard to seek consult directly with shoreside specialists when additional medical assistance is needed.

More than 95% of the cruise industry has already adopted Tritan’s SeaCare® Health Platform; SeaConsult will be directly integrated into this existing system, allowing for immediate deployment across an entire industry. “As the leader in the industry, we believe it is our obligation to assist our clients and our communities during this challenging period,” stated Andrew L. Carricarte, President and CEO of Tritan Software. “This latest advancement brings a much-needed and immediate capability to an entire industry. We have been collaborating extensively and working tirelessly with them and various regulatory authorities to ensure that the safety of all crew and passengers is paramount.” Tritan will be leveraging its patented technology, SeaSync®, to ensure that the virtual telehealth tool will operate effectively within the industry’s limited connectivity environment at sea.

Tritan Software has also recently announced a new version which will provide additional innovative tools in compliance with the latest regulatory standards, along with numerous COVID-19-focused enhancements to assist with operational management. SeaCare®, a GDPR- and HIPAA-compliant platform, currently provides a comprehensive suite of modules for every aspect of maritime care and health management. This includes numerous public health and communicable disease management tools such as automated close-contact tracing, quarantine management, epicurve trending, outbreak prevention notifications and the integration of critical compliance requirements to the numerous global authorities such as the CDC, U.S. Coast Guard, ECDC, Health Canada, Chinese Ministry of Health, Anvisa and various others entities.

About Tritan Software

Tritan Software is the maritime industry’s #1 provider of health and safety management platforms. Tritan Software has over 95% adoption amongst all cruise lines with a rapidly growing presence within the commercial segments of the industry. Our products – the SeaCare® Health Platform, the SeaEvent® Management Platform and the SeaSafe® Management Platform – combine patented synchronization technology and highly specialized functionality to deliver an unmatched value proposition resulting in optimal operational outcomes. Tritan Software has clients operating in every ocean of the world, sailing to over 1,000+ ports with over four million events being managed within its software platforms annually.

SOURCE Tritan Software


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED