cyber security in maritime Archives - Page 4 of 4

www.MaritimeCyprus.com) Developments in connectivity and the transfer of data in greater volumes between ship and shore continue to bring significant gains for fleet management efficiency and crew welfare, but they also increase the vulnerability of critical systems onboard vessels to cyber attacks.

A 2019 IHS Markit/BIMCO report recorded 58% of respondents to a survey of stakeholders as confirming that cybersecurity guidelines had been incorporated into their company or fleet by 2018. The increase over the 37% giving this answer in 2017 explained a sharp drop in the number of maritime companies reporting themselves as victims of cyber-attacks according to authors â€“ 22% compared to 34%.

However, the enduring feature of cyber threats is their ability to adapt and evolve, with new lines of attack developed as barriers are put in place, and strategies to expose vulnerabilities constantly emerging. A June 2020 White Paper from the British Ports Association and cyber risk management specialists Astaara suggests that reliance on remote working during the COVID-19 crisis coincided with a fourfold increase in maritime
cyber attacks from February onwards, for example.

In fact, cybersecurity was ranked as the second-highest risk for shipping in 2019, behind natural disasters, according to a survey of over 2,500 risk managers conducted by Allianz.
Given that, according to IBM, companies take on average about 197 days to identify and 69 days to contain a cyber breach, it is clear that an attack on a vesselâ€™s critical systems could threaten the safety of a ship as well as the business of shipping.

The fact that a 2019 Data Breach Investigations Report from Verizon indicates that nearly one-third of all data breaches involve phishing provides one indicator that, where cyber vulnerabilities exist, the â€˜human elementâ€™ can badly expose them.

The U.S. Coast Guard has already advised ship owners that basic cybersecurity precautions
should include: segmenting networks so that infections cannot spread easily; checking external hardware such as USB memory devices for viruses before connection to sensitive systems; and ensuring that each user on a network is properly defined, with individual passwords and permissions.

From 2021, the Convention for the Safety of Life at Sea that covers 99% of the worldâ€™s commercial shipping will formalise the approach to cybersecurity permissible for ships at sea.

By International Maritime Organization (IMO) resolution, no later than a shipâ€™s first annual Document of Compliance audit after 1 January 2021, every Safety Management System must be documented as having included cyber risk management, in line with the International Safety Management Code.

The following report offers ship owners and managers guidance covering their responsibilities under the new IMO regime.

source : https://www.maritimecyprus.com/2020/11/19/maritime-compliance-cyber-security-requirements-due-1-jan-2021/

Risk of cyber attacks on ships and ports

However, when new technologies and digital solutions are introduced, the risk increases that cyberattacks can take place onboard ships and in ports.

“Denmark view cyber threats on the same level as any other maritime safety and security-related risk. An important part of finding solutions to the cyber vulnerabilities is by engaging in international collaboration and exchanging knowledge with other strong maritime nations”, Andreas Nordseth adds.

The fight against cyber pirates continues

Besides maritime experts from the United States, the Netherlands, and Denmark, participants from Canada, the United Kingdom, Australia, Singapore, Israel, Germany, France, and Belgium joined the discussions at today’s webinar.

The United States, the Netherlands, and Denmark will continue the international cooperation on maritime cybersecurity matters in 2021, and seek to expand participation with even more like-minded maritime nations.

Reference: dma.dk

As hackers become even more sophisticated in their tactics, it’s inevitable that maritime cyber-attacks against OT on ships are becoming the norm rather than the exception. The stats speak for themselves:

Of respondents, 77% view cyber-attacks as a high or medium risk to their organizations, yet only 64% said their organization has a business continuity plan in place to follow in the event of a cyber incident. But only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 2 of 5 respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”

It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats.

In this eBook, we will help you navigate the ins and outs of maritime cybersecurity, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.

Source: missionsecure

Nippon Kaiji Kyokai (“ClassNK”) joined the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) as part of a growing list of maritime community partners. This is an innovative relationship between the two nonprofit organizations aimed at strengthening vessel and shoreside cyber risk management. The partnership provides ClassNK with actionable insights from community-sourced cyber threat intelligence to reinforce ClassNK’s Cyber Security Guidelines to help prevent cyber incidents from negatively impacting the safety and security of maritime operations. ClassNK is the first classification society and the first non-U.S. organization to formally join the MTS-ISAC, helping broaden the reach of the MTS-ISAC’s efforts to support the maritime community.

Both vessel and shoreside cybersecurity efforts will be under increasing scrutiny starting in 2021. The International Maritime Organization (IMO) has a deadline of January 1, 2021 for Maritime Cyber Risk Management to be addressed in Safety Management Systems. Meanwhile, the U.S. Coast Guard will be inspecting Maritime Transportation Security Act of 2002 regulated facilities for cyber risk management efforts for the first time starting with annual inspections occurring on or after October 1, 2021. Both of these organizational efforts have signaled to maritime stakeholders that cybersecurity is a priority that must be addressed to ensure safe and secure MTS operations.

Hirofumi Takano, Executive Vice President at ClassNK, explains, “We have been working with the International Association of Classification Societies (IACS), maritime stakeholders and cyber security professionals to understand and promote cybersecurity best practices across the maritime transportation system (MTS). By joining the MTS-ISAC, we will have increased visibility to current, real-world examples of cyber threats targeting MTS stakeholders. This provides us an opportunity to reinforce how, and periodically update, ClassNK’s Cyber Security standards to provide our stakeholders with the latest security recommendations to protect their assets from cyber threats. With IMO 2021 right around the corner, this relationship is perfectly timed to add increasing value to our stakeholders, and we are excited to be a part of the active and growing MTS-ISAC community. We hope ClassNK stakeholders will quickly understand the value of this partnership.”

“We are excited that ClassNK is bringing a proactive, classification society perspective into the MTS-ISAC community,” adds Scott Dickerson, the MTS-ISAC’s Executive Director. “The MTS community’s resiliency is improved when we can quickly address cyber risks with meaningful cybersecurity controls. ClassNK joining the MTS-ISAC is a perfect example of how community partnerships provide win-win situations while reinforcing to stakeholders how the implementation of guidelines and recommended security controls can reduce their exposure to risks the community is actively seeing. The MTS-ISAC’s Board of Directors understands the importance of cyber risk prevention efforts and are supportive of the inclusion of class societies into our information sharing ecosystem as a key component to building a stronger culture of community cybersecurity.”

The MTS-ISAC, which was formed in February of this year, has seen rapid adoption of its Cybersecurity Information Sharing Services, and has produced a number of maritime cybersecurity advisories sourced from member shared information. The MTS-ISAC strives to incorporate best practices into their intelligence products so that MTS critical infrastructure stakeholders can be better protected. While ClassNK is the ISAC’s first international member, it anticipates additional international stakeholders to be joining the community.

Source:

hellenicshippingnews.com

LONDON, July 15, 2020 /PRNewswire/ — Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.

A GDPR tracking dashboard from PrivacyAffairs displays official data from national data protection bodies to monitor the status of GDPR fines.

Whilst GDPR sets out the regulatory framework that all EU countries must follow, each member state legislates independently and is permitted to interpret the regulations differently and impose their own penalties to organisations that break the law.

Nations with the highest fines:

France: €51,100,000
Italy: €39,452,000
Germany: €26,492,925
Austria: €18,070,100
Sweden: €7,085,430
Spain: €3,306,771
Bulgaria: €3,238,850
Netherlands: €3,490,000
Poland: €1,162,648
Norway: €985,400

Nations with the most fines:

Spain: 99
Hungary: 32
Romania: 29
Germany: 28
Bulgaria: 21
Czech Republic: 13
Belgium: 12
Italy: 11
Norway: 9
Cyprus: 8

The second-highest number of fines comes from Hungary. The National Authority for Data Protection and Freedom of Information has issued 32 fines to date. The largest being €288,000 issued to an ISP for improper and non-secure storage of customers’ personal data.

UK organisations have been issued just seven fines, totalling over €640,000, by the Information Commissioner. The average penalty within the UK is €160,000. This does not include the potentially massive fines for Marriott International and British Airways that are still under review.

British Airways could face a fine of €204,600,000 for a data breach in 2019 that resulted in the loss of personal data of 500,000 customers.

Similarly, Marriott International suffered a breach that exposed 339 million people’s data. The hotel group faces a fine of €110,390,200.

The largest GDPR fine to date was issued by French authorities to Google in January 2019. The €50 million was issued on the basis of “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.”

Highest fines issued to Private individuals:

€20,000 issued to an individual in Spain for unlawful video surveillance of employees.
€11,000 issued to a soccer coach in Austria who was found to be secretly filming female players while they were taking showers.
€9,000 issued to another individual in Spain for unlawful video surveillance of employees.
€2,500 issued to a person in Germany who sent emails to several recipients, where each could see the other recipients’ email addresses. Over 130 email addresses were visible.
€2,200 issued to a person in Austria for having unlawfully filmed public areas using a private CCTV system. The system filmed parking lots, sidewalks, a garden area of a nearby property, and it also filmed the neighbours going in and out of their homes

For questions regarding the research or more information about the team behind the report, contact Joe Robinson at joe@privacyaffairs.com or visit PrivacyAffairs.

Maritime Cyber Security experts, Epsco Ra are proud to announce RaEDR (RA Endpoint Detection and Remediation) a comprehensive cybersecurity monitoring and defense solution.

Inspired by the necessity for remote working brought about by the COVID 19 pandemic and the resulting huge worldwide increase in cyber-attacks, Epsco Ra have developed a new next-generation solution in the form of a cloud-hosted application which functions as an agent on each computer in a network (or on a UTM when possible).

Epsco Ra’s solution is easily installed on any vessel or office network, without any requirement for hardware and with no disruption to existing network or system installations.

The agents provide in-depth visibility of the system’s security posture, offering security monitoring, intrusion & threat detection, file integrity monitoring, vulnerability assessment, and incident response.

The system includes Compliance alignment with controls allowing full configuration with Governance frameworks inclusive of but not limited to NIST and GDPR.

This is all managed via an extensive user-customizable dashboard with reporting and alerting tools.

RaEDR gives our clients peace of mind in the knowledge that they have their own professional cybersecurity team without the cost of employing an in-house team.

Epsco Ra’s RaEDR service offers our clients 3^rd party assurance from as little as US$25.00 per month per vessel.
Source: maritimecyprus

Shipmanager Anglo-Eastern has inked a Memorandum of Understanding with Naval Dome for the provision of cyber security research and consultancy services, aimed at ensuring the continued cyber resilience of its fleet of more than 650 vessels.

Naval Dome will carry out an evaluation of the company’s cyber position, perform penetration testing and make recommendations, where necessary, on how systems can be better protected.

“Cyber threats are amongst the most serious challenges the global shipping industry faces and we share Naval Dome’s view that the industry at large must do more to protect itself,” said Capt. Bjorn Hojgaard, CEO of Anglo-Eastern.

“The MoU we have signed aims not only to enhance the level of security across our fleet, but to also encourage system providers to retrofit systems installed aboard the global fleet with more advanced cyber protection.”

As part of the agreement, Anglo-Eastern will also engage Naval Dome to collaborate with equipment manufacturers and technology service providers and push them to incorporate more effective security systems into shipboard equipment.

“We are delighted to sign this cooperation agreement with Anglo-Eastern,” said Naval Dome CEO Itai Sela.

“All ships must operate with equipment capable of preventing the most sophisticated of attacks from penetrating critical systems. As such, we believe that all players – ship owners, ship managers, offshore operators, and OEMS – need to collaborate more on how best to cost-effectively eradicate the problem once and for all. We hope equipment suppliers will step up to the challenge.”

Maritime Cyber Security – Naval Dome CEO Itai Sela says that while it is true that the inadvertent downloading of a computer virus from the internet or a memory stick is a serious cyber security issue for shipping companies, the industry should be wary of attributing system breaches to human error.

In agreement with comments made yesterday in Dubai during a Cyber Risk and Data Theft seminar, that cyber security is still considered by shipping companies and terminal operators as an after-thought, Sela does not agree that better cyber awareness, crew training or the implementation of crew guidelines alone will have a lasting positive effect.

“When the cyber-criminal will always need the unwitting assistance of an unsuspecting crew member, technician or employee to activate or spread the virus, irrespective of the level of their cyber training or awareness, it is not enough to put it under the ‘human factor’ umbrella or apportion individual blame when a critical system has been breached.

“A cyber incident happens because systems are not protected, and hackers will continue to develop innovative ways and sophisticated solutions intended to take advantage of any weak spots in human nature. The implication, therefore, is that any cyber awareness training is a waste of time and money.”

The sophisticated methods hackers use is evident by the deployment of a new, previously unknown malware trojan called xHunt, which researchers at Palo Alto Networks’ Unit 42 say is being used to specifically target the shipping industry. It is alleged that xHunt and Hisoka – a backdoor used to facilitate trojan delivery – were successful in infiltrating the networks of two shipping companies operating out of Kuwait.

“The attackers have added some fun capabilities to Hisoka and its associated toolset. The attackers are aware of probable security measures in place at their targets and have attempted to develop ways to get in undetected,” Ryan Olson, Vice President of threat intelligence at Unit 42, told ZDNet.

Given that hackers will always find a way in, Sela believes attributing blame to individuals is pointless. It is also problematic because of the potential legal proceedings envisioned should a virus result in damage to the ship, its systems, personnel or the environment.

Maritime Cyber Security !

“It would be very easy to point the finger at an individual crew member, technician or employee for inadvertently spreading malware or other viruses, but this would not prevent further system breaches. What it will do is create unnecessary friction between employers and employees.”

He adds that limiting crew members’ access to the internet, social media or mobile phone charging facilities will also create problems.

“Prohibiting internet access is not the answer. This is now considered a basic human right and with many seafarers away from loved ones for months at a time, if they are unable to maintain regular contact with those at home, then not only could it adversely affect their well-being but deter others from a maritime career.”

Sela says the maritime sector – shipping companies and port operators – needs to adopt technical solutions to prevent system hacking, rather than simply implementing a culture change.

Recalling incident where a Mobile Offshore Drilling Unit lost control of its Dynamic Positioning system while drilling in the Gulf of Mexico, Sela says the investigation found that various crew members introduced malware when they plugged in their smart phones, and other devices.

“Would this have been considered human error if the DP and associated OT systems were adequately protected and the hack thwarted? I doubt it. If cyber-crime continues to be designated a human factor event, then the industry does not fully grasp the cyber problem.”
Source: Naval Dome

cyber security in maritime

Cyber security is on the boardroom agenda as organisations worldwide seek to improve their resilience against a backdrop of high-profile, and increasingly sophisticated cyber-attacks. The number of breaches is up an average 27.4% year on year¹ and 86% of companies around the world reported experiencing at least one cyber incident in 2017.

Founded in 2003, Nettitude is an award-winning provider of cyber security, compliance, infrastructure and managed security services to organisations worldwide and employs 140 cyber security specialists globally.

The acquisition strengthens LR’s existing broad portfolio of cyber security services spanning certification, compliance, training, auditing and security consulting to now include penetration testing, information security consulting, managed security services and incident response. Together, Nettitude and LR now provide a complete suite of cyber security assurance services to help clients identify, protect, detect, respond and recover from cyber threats.

cyber security in maritime

The need for cyber security solutions and growth in cyber security is driven by three broad areas:

Industry 4.0 [IR4]
- As we move towards a more automated, integrated and interdependent, data driven economy, the risk of cyber-attack increases.
Cyber-attacks are non-discriminatory
- Cyber-attacks are now targeting a broader spectrum of industries and companies – irrespective of their size and geographical location.
Regulatory
- The regulatory focus on cyber security is increasing, with wide-ranging compliance requirements against standards, schemes and local legislation.

Alastair Marsh, Chief Executive Officer, Lloyd’s Register commented: “This is an important acquisition for Lloyd’s Register to enhance our capability in assuring the increasingly complex supply chains in which we operate. Information and operational technology security is a key concern for our clients across all sectors, as we see increasing dependencies on technology and challenges created by Industry 4.0.”

SOURCE : LLOYD’S REGISTER – CLICK TO READ VIEW ARTICLE

Newer Posts

Maritime compliance: Cyber Security requirements due 1 Jan 2021

Maritime Cybersecurity More Important Now Than Ever Before

Risk of cyber attacks on ships and ports

The fight against cyber pirates continues

A Comprehensive Guide to Maritime Cybersecurity

ClassNK Joins the Maritime Transportation System ISAC to Help Address Cybersecurity Risks

GDPR Fines Totalling €158 Million Issued in 340 Cases, Study by PrivacyAffairs Finds

Epsco Ra announce RaEDR, the Next Generation Cyber Security Management concept for the Maritime Industryy design digital platforms and compliance to GDPR.

Anglo-Eastern brings Naval Dome on board to boost vessel cyber resilience

Maritime Cyber Security Is A Technical Issue Not A Human One, Says Sela

Lloyd’s Register has acquired cyber security specialists Nettitude.

News

Maritime industry majors collaborate over cyber resilience

What is ESG? The Impact of ESG on shipping companies (MARITIME ESG)

Sustainability in Shipping Industry, ESG Performance Reporting (MARITIME ESG)

Quick Menu

Company DETAILS

ISO 9001:2015 CERTIFIED