Jan De Nul Group has moved its entire fleet of 82 vessels and jack-up barges to a new connectivity set-up, rolling out VSAT from Castor Marine with Iridium L-band back-up following the agreement of a long-term contract.

The Group managed to successfully migrate 98% of the fleet within three months of signing the deal, with up to six migrations taking place per day, the companies said.

The vessels have implemented a tailored VSAT system, with quality of service specified on the VLAN level. Bandwidth can be scaled up as required, based on ad hoc demands from each vessel.

Along with the VSAT and Iridium services, Castor Marine delivered 15 new Sailor 900 VSAT antennas and Sailor 4300 Iridium Certus antennas to replace existing hardware onboard. For the newbuild offshore jack-up installation vessel Voltaire and the offshore heavy lift vessel Les Alizés, Castor Marine supplied a set of antenna systems from the recently launched Sailor 1000 XTR VSAT range, including below deck equipment.

“It is nice to work with an agile and technically advanced partner. Flexibility is very important to Jan De Nul to cater for temporary project upgrades and downgrades. Castor Marine monitors these developments and communication lines are very short. We attach great importance to mutual trust. So far, everything is going as desired with our new Ku- and L-band supplier,” said Nils Crabeel, Communication Manager at Jan De Nul Group.

SOURCE READ THE FULL ARTICLE

Jan De Nul moves fleet to new connectivity system


Intellian has signed a new contract worth 71.1 billion won (approx. $61 million) with satellite operator SES, to build antennas for the O3b mPOWER medium Earth orbit (MEO) satellite network, to be located 8000 km above the Earth’s equator.

The deal covers antennas for both terrestrial and marine use in various sizes.

SES plans to introduce the O3b mPOWER service in the first half of next year, launching additional satellites to supplement its existing O3b service.

The new satellite network is expected to provide communication services between 50Mbps and 20Gbps using the Ka-band frequency, through a total of 20 medium-orbit communication satellites located 8000km above the Earth’s equator.

 

SOURCE READ THE FULL ARTICLE

Intellian to build SES MEO antennas in $61m deal


actively exploited in the wild.

Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release.

An attacker can trigger the flaw to map URLs to files outside the expected document root.

“A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” reads the advisory. “If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.”

The vulnerability affects only version 2.4.49, earlier versions are not impacted. A few days ago, Apache released Apache HTTP 2.4.50 to address the CVE-2021-41773

Immediately after the release of the Apache HTTP 2.4.50 experts disclosed that the exploitation of the flaw could lead to remote code execution when the mod_cgi module was loaded and the default “Require all denied” option was missing.

According to an updated advisory, Apache released version 2.4.51 to definitively fix the vulnerability. This new path traversal flaws is tracked as CVE-2021-42013.

“It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives,” announced Apache in an updated advisory. “If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.”

The vulnerability was reported by Juan Escobar from Dreamlab Technologies, Fernando Muñoz from NULL Life CTF Team, and Shungo Kumasaka.

The United States Computer Emergency Readiness Team (US-CERT) warns of ongoing active scanning of Apache HTTP Server CVE-2021-41773 and CVE-2021-42013 that could lead to imminent exploitation, for this reason, the US-CERT urges organizations to immediately patch their installs.

 

SOURCE READ THE FULL ARTICLE

Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw


The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.

Cyberespionage and sabotage attacks, and also ransomware attacks against critical infrastructure and government offices will trigger the response of the Dutch authorities, explained Ben Knapen, Dutch Minister of Foreign Affairs.

 

ransomware

The Dutch Minister added that the response to severe cyber attacks could be escalated, an attack against a critical response will require the rapid reply of the cyber defense, a response that disregards diplomatic relations between the countries involved.

Knapen highlighted the difficulty of attributing a ransomware operation to a specific threat actor, it explained that it is very complex to demonstrate that a non-state actor carries out the operation on the explicit instruction of or under the control of a state. As a result, the legal attribution of an act of a non-state actor to a state is usually not easy.

“For several years, the threat of ransomware attacks has been increasing around the world. A broad explanation of this threat is included in the Cyber Security Assessment Netherlands (CSBN) 2021, which was shared with the Chamber in June by the Minister of Justice and Security. One of the conclusions of CSAN 2021 is that cybercrime can affect national security if an attack causes massive damage, for example by disrupting vital processes. In a number of cases, cybercriminals enjoy the protection of the state from which they operate or there is cooperation.” Knapen wrote in a letter to the Dutch Parliament. “Due care principle In situations where attribution appears not to be possible in a legal sense, it may be desirable to look into a possible violation of the due care principle in the context of state liability law. The principle of due care means that states are expected to take into account the rights of other states when exercising their sovereignty. States have a duty to act when they have knowledge of the use of their territory in a way that harms the rights of a third state. Failure to comply with this obligation is a violation of an international law obligation.”

 

SOURCE READ THE FULL ARTICLE

https://securityaffairs.co/wordpress/123113/security/the-netherlands-war-ransomware-operations.html?utm_source=rss&utm_medium=rss&utm_campaign=the-netherlands-war-ransomware-operations


There has never been a more important time to listen. “Seek first to understand,” is a lesson I picked up early in my career that has generally proved effective in many situations as a leader, colleague and employee. (Not to mention at home as a partner, father, and friend; it’s a versatile maxim.) Eighteen months into this pandemic, given that the experience and effects of COVID-19 are simultaneously something that is universally shared and individually experienced, it’s more useful than ever to listen before you leap.

I have found the most rewarding moments are when you listen not just as a leader but also as a learner. With so many sources of education available, it’s tempting to gloss over the one right in front of you: your team.

Here are four examples where I recently learned from the people I lead. And remember, it doesn’t have to be a new piece of information to count as learning; the point is to be ready to adapt to something new.

1. Create a safe space

Demonstrate that you can hold a safe space for any kind of conversation. Be emotionally, mentally, and physically present (if you’re on video) to focus on the person in front of you, and what they want to talk about. Someone recently thanked me for creating a safe space after a conversation about a path to promotion, and while my initial response was to reply, “It’s a pleasure and it’s my job,” it made me think that if such a seemingly standard discussion requires a safe space, what about all the conversations currently not being had about more potentially sensitive topics?

It made me think about additional conversations we should be having about mental health, grief, anxiety, uncertainty, being overwhelmed, handling the return to work, among many others. As leaders, we must find ways to build trust and provide opportunities for our teams and colleagues to thrive.

2. Encourage open conversations

One of the ways to encourage more open conversation is to lean in. A usual weekly one-on-one coaching meeting recently opened with “How are you doing?” When I answered “Good!” the question came back, “How are you really doing?” I must have looked tired, maybe it was a Monday, either way it was an excellent question. It caught me off guard, as I was not really “Good,” rather more “Meh,” and we proceeded to have a really honest, open, authentic conversation both about some minor irritants I had experienced that day, and the importance of talking about such things together.

We are undergoing a seismic shift in our professional, social, and family lives. It’s one thing to say that “It’s OK to not be OK.” It’s quite another to model how this should work in practice. It’s OK to say you are not OK. Gently pressing on a topic in a non-confrontational way, perhaps with a time-bound get-out clause, can really open up a valuable discussion. The simple, but powerful, question: “How are you really doing, today?” Might help someone let off a little steam about current events and avert an explosion caused by bigger issues.

3. Get to know your team all over again

It can be hard to calibrate how much social interaction to try and foster as a distributed team all stuck WFH; weekly happy hours in crazy hats seems too much, never seems too distant. It’s impossible to get right, and it’s vital to try.

During a recent team discussion, someone randomly asked a teammate, a former Wall Street trader, about his opinion of our quarterly earnings call. The person asking the question did not know about his finance background, despite having been colleagues for almost two years. Once all the jokes had died down and we had agreed to stage a version of Mad Money on a subsequent team call, it made me think about all the connections that could break unless we protect them, such as small pieces of personal information that would get shared in an office or at a dinner, that help build familiarity (and inform team jokes and rituals).

Leaders need to find time for these group interactions and for one-on-one meetings that are more than just status updates. Another colleague advocates setting up quick introductory Webex meetings with people she meets in peripheral situations through the course of work to get to know them better, with no agenda except networking. Two years ago, I might have dismissed this as a distraction; now I think it’s vital and I do the same.

4. Listen to the most important member of the team: you

Whether you’re the leader, or the loudest person, or the longest-serving team member who everyone goes to for advice; whoever you are, check in with yourself. Make like a parent on a plane who is told to put their own oxygen mask on before attending to their family in case of emergency.

Self-care takes many forms and it’s worth remembering it can be as simple as taking one big meaningful breath. It could be the first breath of the morning, or between meetings to help context shift, or in the middle of a frustrating moment to help avoid being overwhelmed or when you walk out of your door for exercise. Whatever it is, whenever during the day it is, focus on your breath, fill your lungs to bursting, be in the moment, realize that there is always something to be grateful for (even if the only thing you can think of is the breath you are currently experiencing) and shut out the noise. Hold that breath for a moment, then a moment longer and then, as you exhale, let something go. Say goodbye to a worry or a negative thought and turn your mind toward things you’re grateful for.

I am grateful for the team I get to work with every day, and I love learning from them about how we can focus on the present, reflect on our past, and plan for our future.

At Cisco, we are leading a more inclusive future for all. To learn more about our open positions around the world, click here.

 

SOURCE READ THE FULL ARTICLE

https://blogs.cisco.com/security/4-keys-to-create-a-thriving-cybersecurity-team-for-long-term-success


www.MaritimeCyprus.com) Developments in connectivity and the transfer of data in greater volumes between ship and shore continue to bring significant gains for fleet management efficiency and crew welfare, but they also increase the vulnerability of critical systems onboard vessels to cyber attacks.

A 2019 IHS Markit/BIMCO report recorded 58% of respondents to a survey of stakeholders as confirming that cybersecurity guidelines had been incorporated into their company or fleet by 2018. The increase over the 37% giving this answer in 2017 explained a sharp drop in the number of maritime companies reporting themselves as victims of cyber-attacks according to authors – 22% compared to 34%.

However, the enduring feature of cyber threats is their ability to adapt and evolve, with new lines of attack developed as barriers are put in place, and strategies to expose vulnerabilities constantly emerging. A June 2020 White Paper from the British Ports Association and cyber risk management specialists Astaara suggests that reliance on remote working during the COVID-19 crisis coincided with a fourfold increase in maritime
cyber attacks from February onwards, for example.

In fact, cybersecurity was ranked as the second-highest risk for shipping in 2019, behind natural disasters, according to a survey of over 2,500 risk managers conducted by Allianz.
Given that, according to IBM, companies take on average about 197 days to identify and 69 days to contain a cyber breach, it is clear that an attack on a vessel’s critical systems could threaten the safety of a ship as well as the business of shipping.

The fact that a 2019 Data Breach Investigations Report from Verizon indicates that nearly one-third of all data breaches involve phishing provides one indicator that, where cyber vulnerabilities exist, the ‘human element’ can badly expose them.

The U.S. Coast Guard has already advised ship owners that basic cybersecurity precautions
should include: segmenting networks so that infections cannot spread easily; checking external hardware such as USB memory devices for viruses before connection to sensitive systems; and ensuring that each user on a network is properly defined, with individual passwords and permissions.

From 2021, the Convention for the Safety of Life at Sea that covers 99% of the world’s commercial shipping will formalise the approach to cybersecurity permissible for ships at sea.

By International Maritime Organization (IMO) resolution, no later than a ship’s first annual Document of Compliance audit after 1 January 2021, every Safety Management System must be documented as having included cyber risk management, in line with the International Safety Management Code.

The following report offers ship owners and managers guidance covering their responsibilities under the new IMO regime.

 

source : https://www.maritimecyprus.com/2020/11/19/maritime-compliance-cyber-security-requirements-due-1-jan-2021/


DUBLINAug. 17, 2020 /PRNewswire/ — ResearchAndMarkets.com published a new article on the electric boat industry “Electric Boats 2020: Technological Improvements in Lithium Ion Batteries are Changing Maritime Industry Attitudes”

The maritime industry has traditionally viewed electric boats as impractical. This is due mainly to concerns that an electric motor would not be able to supply the increased amount of power needed to move a boat versus a car as well as fears that electric boats would not have the range to cover long distances. However, these attitudes are beginning to change with improvements in lithium ion battery technology along with an increased focus on sustainable alternatives to fossil fuels.

Yamaha recently launched a trial of its new HARMO system on the Otaru Canal in Hokkaido, Japan. HARMO integrates a twin electric boat motor with a next generation steering control system. Yamaha hopes to bring the HARMO system to the European market which is affected by increasing restrictions on the use of fossil fuel powered crafts on inland waterways. A Seattle based startup Zin Boats is also looking to prove that electric boats can be a practical and sustainable alternative to traditional boats. The Z2T and Z2R models use an all carbon fiber construction making them half the weight of a comparable craft while the BMW batteries offer a fast recharge and an 100 mile average range.

To see the full article and a list of related reports on the market, visit “Electric Boats 2020: Technological Improvements in Lithium Ion Batteries are Changing Maritime Industry Attitudes”

About ResearchAndMarkets.com
ResearchAndMarkets.com is the world’s leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.

SOURCE Research and Markets


Maritime Cyber Security experts, Epsco Ra are proud to announce RaEDR (RA Endpoint Detection and Remediation) a comprehensive cybersecurity monitoring and defense solution.

Inspired by the necessity for remote working brought about by the COVID 19 pandemic and the resulting huge worldwide increase in cyber-attacks, Epsco Ra have developed a new next-generation solution in the form of a cloud-hosted application which functions as an agent on each computer in a network (or on a UTM when possible).

Epsco Ra’s solution is easily installed on any vessel or office network, without any requirement for hardware and with no disruption to existing network or system installations.

The agents provide in-depth visibility of the system’s security posture, offering security monitoring, intrusion & threat detection, file integrity monitoring, vulnerability assessment, and incident response.

The system includes Compliance alignment with controls allowing full configuration with Governance frameworks inclusive of but not limited to NIST and GDPR.

This is all managed via an extensive user-customizable dashboard with reporting and alerting tools.

RaEDR gives our clients peace of mind in the knowledge that they have their own professional cybersecurity team without the cost of employing an in-house team.

Epsco Ra’s RaEDR service offers our clients 3rd party assurance from as little as US$25.00 per month per vessel.
Source: maritimecyprus


The ISM Code, supported by the IMO Resolution MSC.428(98), requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system, which will be verified by DNVGL at the first Document of Compliance ISM office audit after 1 January 2021.

Important
CYBER SECURITY will be a focus area during the ISM office DOC audit in 2020, where the company auditor verifies the status of implementation. Observations and suggestions for improvement will be issued to support you for further preparation and implementation.

Checklist
Click here for the Cyber Security Protocol which has been developed to support the auditing process having the focus on measures and procedures for managing Cyber Security Risks as per the ISM Code, based on IMO Resolution MSC 428(98), mandating cyber risk to be managed through the ISM Code and the corresponding Safety Management Systems.

Implementation process
(1) Recommended steps to ensure IMO`s Cyber Security compliance:

Application of PDCA process:

 

(2) Make an inventory of systems and software:

IT: Information Technology (IT)

  • IT networks
  • E-mail
  • Administration, accounts, crew lists, …
  • Planned Maintenance
  • Management system
  • Spare part management and procurement
  • Electronic manuals & certificates
  • Permits to work
  • Charter party, notice of readiness, bill of lading

OT: Operation Technology

  • Propulsion, Thrusters & Steering
  • Watertight integrity & Fire Detection
  • Ballasting
  • Power generation & Auxiliary systems
  • Navigation & Communication (ECDIS, …)
  • Industrial systems if applicable (DP, Drilling, … )
  • Cargo systems

(3) Prepare a gap analysis based on the ISM-code requirements:

  • Objectives for cyber security management
  • Define a cyber security policy
  • Critical Equipment: Risk Assessment & Systems to be covered
  • Responsibilities and Authority
  • Resources and Personnel
  • Training and Awareness
  • Shipboard Operations
  • Emergency Response, including drills
  • Reports and Analysis of Non-Conformities, Incidents and Hazardous Occurrences
  • Cyber security maintenance on IT/OT systems and equipment
  • Documentation
  • Company Verification, Internal audits, Review and Evaluation

More information can be found on the DNVGL website.

 


High-profile cyber-attacks on very large shipping companies such as Maersk, COSCO, MSC, Stenna and Svitzer to name but a few have raised awareness of the growing threat of cyber-crime in the shipowner/operator industry sector.  If it can happen to these shipping sector goliaths with the budgets they have to defend themselves, it can absolutely happen to you.

However, recent surveys conducted by the U.S. Small Business Administration suggest that many small business owners are still operating under a false sense of cyber security based on their company’s size.

When it comes to cyber-attacks, small does not mean safe. In fact, a cyber-attack could be even more detrimental to a small business than to a large corporation.

The National Cyber Security Alliance reports that 60 percent of small and mid-sized businesses go out of business within six months of an attack.

According to Cybersecurity Ventures, costs related to ransomware demands and damages are estimated to reach $20 billion per year by 2021, with the average breach cost to the SME business running at $500k.

Imagine receiving the call from your head of IT to advise that your defenses have failed and ‘they are in’ and have control of your IT and OT systems. Suddenly it’s happened to you, how you respond matters as time is your enemy. Are you prepared for this inevitability, where most are not?

Don’t leave it to chance. Don’t put off the decision to transfer this risk out of your company any longer, Shoreline can provide an affordable maritime cyber insurance solution. Why continue to run this invasive risk when you don’t have to.

Source: https://www.shoreline.bm/news/maritime-cyber-security-size-matters-small-does-not-mean-safe/


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED