2017-06-30_11h48_28.png

The maritime sector has recently faced significant cybersecurity challenges, highlighting the critical need for robust digital defenses.

Notable Cybersecurity Incidents:

  • Ukrainian Railways Cyber Attack: On March 23, 2025, Ukrainian state railways, Ukrzaliznytsia, experienced a large-scale cyber attack affecting its online freight services. This disruption forced a temporary switch to paper-based operations, underscoring vulnerabilities in transportation infrastructure.Reuters

  • North Sea Oil Tanker Collision: In early March, a collision between the container ship Solong and the U.S. tanker Stena Immaculate off the coast of Yorkshire raised concerns about potential cyber interference. Investigations are ongoing to determine if cybersecurity failures contributed to the incident.The Sun

Regulatory Developments:

  • RINA’s Enhanced Cybersecurity Rules: The Italian classification society RINA announced amendments to its “Rules for Classification of Ships,” effective July 1, 2024. These changes aim to bolster the cyber resilience of ship systems, incorporating new requirements for system certification and emphasizing software and hardware change management.Marine Regulations

  • U.S. Coast Guard’s Final Rule on Maritime Cybersecurity: On January 17, 2025, the U.S. Coast Guard published a final rule to enhance cybersecurity within the Marine Transportation System. Effective July 16, 2025, the rule mandates comprehensive cybersecurity assessments, the development of response plans, and the appointment of cybersecurity officers for applicable vessels and facilities.MarineLink

Implications for Shipowners:

These incidents and regulatory updates underscore the escalating cyber threats in the maritime industry and the imperative for shipowners to implement robust cybersecurity measures. Ensuring compliance with evolving regulations and proactively enhancing cyber defenses are crucial steps in safeguarding assets and maintaining operational integrity.

Cyber Security Manual


maritime-cyber-security.png

The maritime industry is experiencing significant advancements in cybersecurity to address emerging threats and comply with new regulations.

IACS Unified Requirements E26 and E27 Now Mandatory

As of January 1, 2024, the International Association of Classification Societies’ (IACS) Unified Requirements E26 and E27 have become mandatory for classed ships and offshore installations contracted for construction. These requirements focus on enhancing the cyber resilience of ships and onboard systems, ensuring they can withstand and recover from cyber threats.Marine Regulations+3SHIP IP LTD+3Maritime Informed+3Marine Regulations+1SHIP IP LTD+1

RINA Updates Classification Rules for Enhanced Cybersecurity

The classification society RINA has amended Part C of its “Rules for Classification of Ships,” effective July 1, 2024. These amendments aim to bolster the cyber resilience and security of ship systems and equipment, incorporating IACS UR E26 and E27 standards to safeguard against cyber threats.BIMCO+3Marine Regulations+3Maritime Informed+3

BIMCO Releases Updated Cybersecurity Guidelines

In November 2024, BIMCO, in collaboration with various maritime associations and cybersecurity firms, released version 5 of the “Guidelines on Cyber Security On Board Ships.” This update emphasizes the need for regular cybersecurity risk assessments in response to evolving cyber threats and changes in shipboard systems.BIMCO

T.E.N. and DNV Collaborate on Cyber Secure Notation

Tsakos Energy Navigation Ltd (T.E.N.) has partnered with DNV to achieve the Cyber Secure Essential notation for their newly contracted shuttle tankers. Scheduled for completion in 2025, these vessels will comply with IACS Unified Requirements E26 and E27, positioning T.E.N. ahead of mandatory implementation dates.Marine Regulations+3Maritime Informed+3SHIP IP LTD+3

Global Flag States Implement Cybersecurity Regulations

Flag states worldwide are integrating cybersecurity regulations in line with IMO standards. For instance, the United States mandates that vessels develop and maintain a Cybersecurity Plan and designate a Cybersecurity Officer by July 16, 2025. Similarly, other nations have set implementation deadlines and enforcement practices to enhance maritime cybersecurity.apnews.com+4Ship Universe+4SHIP IP LTD+4

These developments underscore the maritime industry’s commitment to strengthening cybersecurity measures, ensuring compliance with international standards, and safeguarding critical infrastructure against evolving cyber threats.


🔒 Strengthening Maritime Cybersecurity: The Importance of OT Inventory for Ships 🚢

With evolving cybersecurity regulations like the IMO’s MSC-FAL.1/Circ.3 and upcoming EU NIS2 Directive, ships must enhance their Operational Technology (OT) security to prevent cyber threats. A crucial step in compliance and risk mitigation is maintaining an accurate OT inventory.

📌 Why is OT Inventory Important?

Regulatory Compliance – Authorities require clear documentation of OT assets onboard.
Vulnerability Management – Knowing what systems exist helps identify security risks.
Incident Response – A complete inventory speeds up recovery from cyber incidents.
Network Segmentation – Mapping OT systems helps separate critical assets from IT networks.

🔹 How to Build an Effective OT Inventory?

Identify & Categorize – List all OT systems (e.g., ECDIS, VDR, engine control, ballast systems).
Document Connectivity – Map each device’s network connections to spot potential weak points.
Assess Cyber Risks – Regularly evaluate vulnerabilities and update security measures.
Monitor & Update – Keep inventory updated to reflect new installations or modifications.

🌍 Take Action Now!
With cyber threats rising in maritime operations, a well-managed OT inventory is a key first step to ensuring compliance and safeguarding your vessel. Start today to protect your fleet from cyber risks!


Recent reports indicate a significant escalation in cyber threats targeting the maritime industry. Marlink’s Security Operations Center observed a sharp increase in malicious activities during the first half of 2024, with over 23,400 malware detections and 178 ransomware incidents. Phishing remains the primary method attackers use to breach corporate networks, and there’s a notable rise in sophisticated botnet attacks leveraging AI to target IoT devices.

In response to these growing threats, the International Maritime Cyber Security Organisation (IMCSO) has been established. This non-profit entity aims to standardize cybersecurity risk assessments across the maritime sector. IMCSO offers certification programs for security consultants and maintains a professional register to assist shipping organizations in selecting qualified personnel. Additionally, it will validate and standardize report outputs, storing them in a central database accessible to authorities and third parties for assessing vessel risk.

These developments underscore the critical importance of robust cybersecurity measures in maritime operations. Organizations are urged to stay vigilant, update their security protocols, and invest in advanced threat detection capabilities to safeguard their operations against evolving cyber threats.


The U.S. Coast Guard proposes to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rule would help to address current and emerging cybersecurity threats in the marine transportation system. In this Maritime Matters: The Marinelink Podcast, we host a live panel discussion with five experts from the Coast Guard, classification, vessel owners and connectivity leaders to discuss what the rules may look like, as well as what work boat owners should do now to protect themselves, and the consequences not preparing.

Source : https://www.marinelink.com/news/cyber-security-maritime-sector-need-know-520822

Cyber Security Manual


Optimising vessel operations has become crucial for the industry to achieve sustainability and decarbonisation goals. In the long term, large investments will focus on building ships ready for alternative fuels, but in the meantime, owners and operators are turning to digitalisation technologies to save fuel and emissions by becoming more energy efficient.

Owners and operators are also using faster low-latency satellite communications to tackle the challenges of retaining and retraining crew, and to keep track of growing fleets and changing trading patterns. Communications, digital applications and electronic hardware help to tackle these issues, enabling owners to offer career development pathways, almost limitless communications, and technology to make seafarer’s lives easier.

Shipping has turned to digital applications, low-latency connectivity, cloud-based solutions, artificial intelligence and machine learning, while tackling cyber risks with enhanced security.

New LEO constellations overtake established GEO

One company run by an established billionaire, who will soon be part of Trump’s new US administration, has transformed maritime satellite communications during 2024 with owners installing new technology to keep up.

Elon Musk’s SpaceX’s Starlink low Earth orbit (LEO) satellite constellation has revolutionised maritime and offshore communications, providing fast connectivity with low latency to vessels, for crew welfare services and operational applications.

LEO satellite communications has taken the maritime sector to new heights in terms of providing connectivity and welfare support to seafarers. Starlink has become popular with the masses with shipmanagers, owners and operators increasing its deployment across fleets. Whereas two years ago, flat-panel antennas for Starlink were only just being tested, now it is difficult to find a ship without Starlink on board.

Another LEO constellation gaining traction is Eutelsat OneWeb, albeit at a slower pace, with early adoption on offshore vessels, drilling and production facilities. As this global coverage is implemented, more cruise and commercial ships will consider this as a viable alternative. Marella Cruises is investing in OneWeb to operate alongside Starlink on its cruise ships.

Despite the rise of LEO, there is still demand for reliable geostationary orbit (GEO) satellite communications and very small aperture terminal (VSAT) connectivity, but distributors are integrating these services into hybrid smart solutions, where connections will take the cost-efficient, secure pathways. There is also still a need for L-band through Inmarsat, Iridium and Thuraya for maritime safety and security communications.

Inmarsat has reacted to LEO competition by launching a combined hybrid of GEO with LEO and long-term evolution (LTE) in one package. Global container shipowners K Line and Hapag-Lloyd are testing out NexusWave with an eye to roll it out across their fleets.

Class raises requirements for cyber resilience

As the maritime industry adopts more digitalisation applications and ships become more connected, they come under greater risk of cyber attacks. Therefore, enhancing cyber resilience and security is essential to ship operators, owners and builders.

In 2024, the International Association of Classification Societies (IACS) introduced unified requirements (URs) for cyber security and outlined how to demonstrate compliance with them. These URs, E26 and E27, are seen as new benchmarks for shipping’s response to its growing exposure to cyber attacks.

As of 1 July 2024, updated URs E26 and E27 require newbuild vessels and their connected systems to meet certain minimum and unified cyber-resilience standards.

UR E26 is aimed at ensuring the secure integration of both operational technology (OT), information technology (IT) and equipment in a vessel’s network, during the design, construction, commissioning and operational life of the ship.

This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response and recovery.

UR E27 is written to support manufacturers and OEMs of onboard operational systems and equipment in evaluating and improving their cyber resilience. This has led to suppliers and system integrators introducing upgrades to ensure cyber resilience. It also encouraged classification societies to develop and introduce their own interpretations of these URs.

Introducing IACS requirements and raising awareness and demand for enhanced cyber security has led to a trend of class societies acquiring companies with these skills. One of the main deals in 2024 was DNV’s acquisition of CyberOwl, which regularly reports on the shipping industry’s risks and responses to cyber attacks.

According to a study led by CyberOwl published in Q4 2024, a typical fleet of 30 cargo vessels now experiences an average of 80 cyber incidents a year. The study found the average cost of unlocking computer systems in the maritime sector reached US$3.2M.

We can expect more advanced and integrated solutions to be unveiled and new innovative cyber threats to emerge in 2025.

Source : Riviera


BIMCO Compliant: What Does It Mean?
The Baltic and International Maritime Council (BIMCO) has developed guidelines to help ship owners protect their vessels and IT systems from cyber threats and digital attacks. BIMCO is a global trade organization representing shipping companies and ship owners. Countries like the UK, Greece, Singapore, the Netherlands, Germany, the US, Japan, China, and South Korea collaborate with BIMCO to ensure compliance with international maritime rules.

What Are BIMCO’s Cybersecurity Guidelines for Ships?

  1. Cybersecurity Policy
    BIMCO recommends that ship owners and operators establish a cybersecurity policy. This policy should outline how the ship’s IT systems will be protected from cyber threats and how to handle any incidents that may arise.
  2. Risk Assessment
    BIMCO emphasizes the importance of regular cybersecurity risk assessments. These assessments help identify and address potential risks and vulnerabilities in systems such as communication, navigation, electronic cargo documents, and payment transactions.
  3. Preventive Measures
    To protect their systems, BIMCO advises ship owners to install firewalls, encrypt data, use strong authentication methods, and keep security updates up to date.
  4. Training and Awareness
    Educating staff and crew on cybersecurity is crucial. Ship owners should ensure that their employees can recognize potential threats, such as phishing attacks, and know how to respond to various cybersecurity incidents.
  5. Incident Management
    BIMCO recommends preparing a comprehensive plan for handling cyberattacks. This includes reporting incidents to the appropriate authorities, isolating affected systems, and restoring operations as quickly as possible.
  6. Security for Suppliers
    Since ships often rely on third-party suppliers for IT services and equipment, BIMCO advises ensuring that these suppliers also meet cybersecurity requirements and implement adequate security measures.
  7. Certification and Compliance
    BIMCO encourages shipping companies and ship owners to comply with international cybersecurity standards, such as the IMO Cybersecurity Code, and other relevant maritime regulations.

Why Is This Important?

BIMCO’s cybersecurity guidelines provide ship owners and operators with a robust framework for managing cyber risks. By following these guidelines, ships can reduce their vulnerability to cyberattacks and maintain safe and efficient operations.

For ship owners, using a BIMCO-certified IT platform ensures that your IT infrastructure meets the latest security standards and international cybersecurity regulations. This minimizes the risk of cyberattacks, operational downtime, and legal issues while strengthening trust with business partners and authorities. Additionally, it simplifies incident management and ensures compliance with maritime regulations.

 

Cyber Security Manual


Orient Overseas Container Line (OOCL) has reported that there is a suspicious investment software in the market that is using the OOCL logo without authorization.

The software claims to offer high returns on investments. However, OOCL has no connection or affiliation with the software or its developers.
In a statement warning its clients, OOCL says: “We do not endorse or recommend it in any way.

“OOCL does not offer any investment product or service via any channel and we urge you to exercise caution and vigilance when dealing with any online platforms or applications that offer such products or services under OOCL’s name. Such platforms or applications may be fraudulent, illegal, or harmful to your interests.

“If you encounter any such platforms or applications, please do not provide any personal or financial information, and do not download or install any software or files. We also advise you to report any suspicious activities to the relevant authorities and OOCL Customer Service via your usual contact.

“We appreciate your continued support and trust in OOCL. We are committed to providing you with the best quality and reliable services. We also take our information security and brand protection very seriously, and we will take appropriate actions to safeguard our interests and those of our customers.”


Danish bridge simulator specialist Force Technology has launched SimFlex Cloud, a dedicated software-as-a-service (Saas) solution offering highly realistic navigation training.

SimFlex Cloud provides global onshore and onboard access to Force Technology’s SimFlex simulator and simulator engine and model library. SimFlex offers user-friendly access to next generation mixed reality simulation, using both Virtual Reality (VR) and Augmented Reality (AR) headsets to maximise realism and immersion.

Force Technology customers can configure training with SimFlex Cloud however best suits their organisational structure and training needs. The system optimises maritime cloud simulator training with qualified instructors from Force Technology or the customer’s own network in control of all learning aspects, communication, exercise creation and delivery, debriefing and evaluation for live participants located anywhere in the world.

SimFlex Cloud can also be used as a self-study tool, giving junior officers, experienced captains and senior officers the ability to practice their skills whenever and wherever they can, using a laptop or desktop PC and monitor set up, as well the optional VR or AR headsets for even greater realism.

For ship managers and shipping companies, SimFlex Cloud provides a means to reduce and optimise training budgets while increasing the quality of the technical training available to staff. Flexible and scalable licencing options ensure that customers only pay for exactly what they use, while providing the ability to reduce or increase investment based on current requirements. Further, the connected nature of SimFlex Cloud ensures that users will always have the most recent content and training methods available.

source : https://thedigitalship.com/news/electronics-navigation/item/7557-force-technology-unveils-cloud-based-navigation-training


Pakistan’s Ministry of Maritime Affairs at the annual joint meeting of the China Pakistan Economic Corridor (CPEC), on September 26th, announced major investment plans by the Chinese government for the development of the Karachi Coastal Comprehensive Development Zone, or KCCDZ. The project aims to develop a modern port city in coordination with the Karachi Port Trust.

Unlike previous deals under the CPEC which included monetary loans for development projects, the new agreement involves direct equity investment worth $3.5 billion. The KCCDZ plans to establish various infrastructure facilities on 1500 acres of underutilized land owned by the Karachi Port Trust, to support residential, commercial, and seaport activities.

 

SOURCE READ THE FULL ARTICLE

https://www.fleetmon.com/maritime-news/2021/35685/china-plans-35-billion-investment-pakistans-karach/


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED