CyberSecurityShip2-1200x801.jpg
Understanding GPS spoofing in shipping: How to stay protected

Knowing exactly where you’re sailing and where to sail next is the most important part of a vessel’s navigation which can be accomplished by the use of GPS. Yet, what happens when your GPS gets spoofed? GPS spoofing, often leading to GPS outages, causes major disruptions to the shipping industry impacting safe navigation, leading to paralyzed shipping lanes, collisions and untraceable attacks.

The US order, according to Reuters, states that federal agencies should implement a plant to test infrastructure systems within one year, commenting that “disruption or manipulation of these services has the potential to adversely affect the national and economic security of the United States.”

Following the agreement, the US Transportation Department will recommend a backup GPS system or systems by the end of the year, while the testing of 11 technologies in Massachusetts and Virginia will be completed by May.

Moreover, the Commerce Department’s National Institute of Standards and Technology (NIST) estimated in one study that “a hypothetical disruption to GPS could result in $30 day period.

Therefore, it is of great importance to test US’s GPS infrastructure. The Commerce Department is conducting its independent source of precision time available within 180 days to both the public and private sector to assist critical infrastructure owners and operators.

 

 

 

 


CyberWorkbook2019-960x540.jpg

BIMCO And ICS Publish New Cyber Security Guide For Crew On Board.

The digitalisation of maritime operations and the reliance on technology and network connectivity for daily onboard and on shore operations means that shipping is vulnerable to the threat of cyber incidents.

To help crew prepare, both on the bridge and in the engine room, the new “Cyber Security Workbook for On Board Ship Use” includes several checklists of how to protect, detect, respond and recover from a cyber incident, and thereby offers a practical and easy to use guide for the master and the officers.

BIMCO is continuously raising awareness to shipowners on issues such as the cyber threat and helps lead the work by issuing industry guidelines to assist companies in formulating their own approaches to cyber risk management onboard. Based on contributions by BIMCO, IMO recently decided to identify cyber risks as specific threats, which companies should try to address to the same extend as any other risk that may affect the safe operation of a ship and protection of the environment. Guidance on these issues can be found in the Guidelines on Cyber Security Onboard Ships.

To protect multimillion-dollar floating assets, cyber risk should be managed as any other risk that may affect the safe operation of a ship and jeopardize the protection of the environment. The new workbook gives an easy introduction to incorporating cyber security into the ship’s management system.

“Cyber security risk management is not just an IT issue. Managing the complex interactions between technology and humans correctly will be key to avoid a cyber incident, and to recover from them, should an incident happen,” says Aron Frank Sørensen, Head of Maritime Technology and Regulation at BIMCO.

“I see the workbook as a valuable tool that will help officers manage cyber risks while carrying out their daily routines on board,” Sørensen says.
Source: BIMCO

 


Wana_Decrypt0r_screenshot.png

On 12  May 2017 cyber-security hit public consciousness in a big way when Wannacry ransomware brought down the NHS as the worm-driven malware spread around the globe hitting hundreds of thousands of computers.

Then security researcher Malwaretech, AKA Marcus Hutchins, registered a domain that acted as a kill switch, making him a hero. SC Media UK was happy to give him an award for his achievement, and later when his exploits brought him to the attention of law enforcement and he was arrested in the US for teenage black-hat hacking, creating code that was used in banking malware, SC suggested that he’d done enough to deserve a pardon. Ultimately the judge in his court case took a similar view.

The story is now told in a highly watchable documentary, WANNACRY: THE MARCUS HUTCHINS STORY, on Unlocked,  the online magazine for digital culture created by Kaspersky and available on YouTube.  Well worth viewing.


Maritime-Cyber-Blog-SMM-1440x900-1200x750.jpg

Shipmanager Anglo-Eastern has inked a Memorandum of Understanding with Naval Dome for the provision of cyber security research and consultancy services, aimed at ensuring the continued cyber resilience of its fleet of more than 650 vessels.

Naval Dome will carry out an evaluation of the company’s cyber position, perform penetration testing and make recommendations, where necessary, on how systems can be better protected.

“Cyber threats are amongst the most serious challenges the global shipping industry faces and we share Naval Dome’s view that the industry at large must do more to protect itself,” said Capt. Bjorn Hojgaard, CEO of Anglo-Eastern.

“The MoU we have signed aims not only to enhance the level of security across our fleet, but to also encourage system providers to retrofit systems installed aboard the global fleet with more advanced cyber protection.”

As part of the agreement, Anglo-Eastern will also engage Naval Dome to collaborate with equipment manufacturers and technology service providers and push them to incorporate more effective security systems into shipboard equipment.

“We are delighted to sign this cooperation agreement with Anglo-Eastern,” said Naval Dome CEO Itai Sela.

“All ships must operate with equipment capable of preventing the most sophisticated of attacks from penetrating critical systems. As such, we believe that all players – ship owners, ship managers, offshore operators, and OEMS – need to collaborate more on how best to cost-effectively eradicate the problem once and for all. We hope equipment suppliers will step up to the challenge.”


cybership.jpg

Maritime Cyber Security – Naval Dome CEO Itai Sela says that while it is true that the inadvertent downloading of a computer virus from the internet or a memory stick is a serious cyber security issue for shipping companies, the industry should be wary of attributing system breaches to human error.

In agreement with comments made yesterday in Dubai during a Cyber Risk and Data Theft seminar, that cyber security is still considered by shipping companies and terminal operators as an after-thought, Sela does not agree that better cyber awareness, crew training or the implementation of crew guidelines alone will have a lasting positive effect.

“When the cyber-criminal will always need the unwitting assistance of an unsuspecting crew member, technician or employee to activate or spread the virus, irrespective of the level of their cyber training or awareness, it is not enough to put it under the ‘human factor’ umbrella or apportion individual blame when a critical system has been breached.

“A cyber incident happens because systems are not protected, and hackers will continue to develop innovative ways and sophisticated solutions intended to take advantage of any weak spots in human nature. The implication, therefore, is that any cyber awareness training is a waste of time and money.”

The sophisticated methods hackers use is evident by the deployment of a new, previously unknown malware trojan called xHunt, which researchers at Palo Alto Networks’ Unit 42 say is being used to specifically target the shipping industry. It is alleged that xHunt and Hisoka – a backdoor used to facilitate trojan delivery – were successful in infiltrating the networks of two shipping companies operating out of Kuwait.

“The attackers have added some fun capabilities to Hisoka and its associated toolset. The attackers are aware of probable security measures in place at their targets and have attempted to develop ways to get in undetected,” Ryan Olson, Vice President of threat intelligence at Unit 42, told ZDNet.

Given that hackers will always find a way in, Sela believes attributing blame to individuals is pointless. It is also problematic because of the potential legal proceedings envisioned should a virus result in damage to the ship, its systems, personnel or the environment.

Maritime Cyber Security !

“It would be very easy to point the finger at an individual crew member, technician or employee for inadvertently spreading malware or other viruses, but this would not prevent further system breaches. What it will do is create unnecessary friction between employers and employees.”

He adds that limiting crew members’ access to the internet, social media or mobile phone charging facilities will also create problems.

“Prohibiting internet access is not the answer. This is now considered a basic human right and with many seafarers away from loved ones for months at a time, if they are unable to maintain regular contact with those at home, then not only could it adversely affect their well-being but deter others from a maritime career.”

Sela says the maritime sector – shipping companies and port operators – needs to adopt technical solutions to prevent system hacking, rather than simply implementing a culture change.

Recalling incident where a Mobile Offshore Drilling Unit lost control of its Dynamic Positioning system while drilling in the Gulf of Mexico, Sela says the investigation found that various crew members introduced malware when they plugged in their smart phones, and other devices.

“Would this have been considered human error if the DP and associated OT systems were adequately protected and the hack thwarted? I doubt it. If cyber-crime continues to be designated a human factor event, then the industry does not fully grasp the cyber problem.”
Source: Naval Dome


autonomous-.jpg

maritime cyber security Kongsberg Maritime director of autonomy Peter Due explains why e-navigation and technology developed for the Yara Birkeland project will enable a future of autonomous shipping

ECDIS and e-navigation will be essential for generations of future autonomous ships. Although the first unmanned ships will be remotely controlled and operating in coastal waters, in the long term there will be ocean-going autonomous ships, with e-navigation technology monitoring their progress onshore.

IMO placed ocean-going autonomous vessels firmly on the global agenda during the Maritime Safety Committee (MSC) 99 session in May this year, by implementing a working group to conduct a regulatory scoping exercise for using MASS (Maritime Autonomous Surface Ships)*.

Kongsberg Maritime will be part of that working group and will deliver technology to the world’s first all-electric, zero emissions and autonomous container vessel, Yara Birkeland. This ship is scheduled to transport fertiliser products along a 30 nautical mile route to the ports of Brevik and Larvik next year and by 2020 is likely to be unmanned.

Kongsberg Maritime director of autonomy Peter Due said new navigation and collision avoidance systems that centre on e-navigation technology were needed for this project, as Yara Birkeland will operate on a busy waterway.

Kongsberg drew on its experience in autonomous underwater vehicles, dynamic positioning, ECDIS and sensor fusion as a foundation for autonomous navigation. But Mr Due explained to Marine Electronics & Communications that more development was required. “Harmonising with artificial intelligence, machine learning and digital twin technology enables the extreme level of safety required,” he said.

Mr Due said Yara Birkeland’s operations will be planned, pretested and optimised in the cloud using the Kognifai digital platform and its digital twin that Kongsberg generated. This includes navigation in different metocean conditions.

“The twin integrates all data including weather, currents, tides and temperature with a detailed physical ship model,” said Mr Due. “We can then decide the optimum route and simply transfer it to the ship’s autonomy engine, navigation systems and ECDIS when it is in port,” he continued.

“Once the ship sets off, sensor fusion comes into play, enabling the autonomy engine, working with the onboard digital twin and e-navigation systems to adjust and reroute at sea according to the going conditions and other vessels in the vicinity.”

It is this dynamism a fully autonomous navigation system requires that led to the establishment of the Hull to Hull (H2H) EU-funded research project. This will develop technical solutions for safer navigation in close proximity of other stationary or moving vessels and objects.

H2H will use the European Global Navigation Satellite System to enhance safety in busy waters and during close manoeuvring. “This will help mariners to make the correct navigation decisions and will create the fundamental conditions for autonomous vessel navigation,” said Mr Due. Data can be used as an input to an autonomy controller.

Navigational safety is essential if the benefits of MASS are ever to be truly realised”

Ensuring e-navigation and collision avoidance technology works correctly will be fundamental to autonomous shipping. “Navigational safety is essential if the benefits of MASS are ever to be truly realised,” said Mr Due.

SOURCE READ FULL ARTICLE


Twitter

@AnyawbSales - 6 months

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 1 year

SQEXpress maritime electronic sms forms platform just released

Photo Gallery

https://www.instagram.com/p/BatcssbnSgk/https://www.instagram.com/p/BJzdwtGgh4v/https://www.instagram.com/p/BGO4t61PyVg/https://www.instagram.com/p/BGG80Upvyfs/https://www.instagram.com/p/BGG8nnCvyfX/https://www.instagram.com/p/BGG8XW4vye2/https://www.instagram.com/p/BGG8QKPPyen/