5bbacc2cd47edbb6a69587dc312a3ed3_S.jpg

BMT has signed a memorandum of understanding (MoU) with the University of Plymouth to jointly research ship design and cybersecurity in the maritime sector.

The new agreement will look at harnessing the capabilities of the University’s recently opened £3.2 million Cyber-SHIP Lab. This facility is dedicated to simulating and understanding maritime cyber threats and facilitating future secure maritime operations through cyber resilience research, tools, and training. The facility forms part of the University’s Marine Navigation Centre, which includes a physical ship’s bridge used to simulate attacks and test equipment.

BMT was a founding industry supporter of the Cyber-SHIP Lab when it was launched in 2019, based on the firm belief that through the development of these new tools and lab, the UK can become a leading power in maritime cybersecurity.

Jake Rigby, research and development lead, BMT, said: “BMT is delighted to be working with the University of Plymouth in helping the UK drive the highest possible standards in maritime security. With this knowledge and experience in place, the UK can then offer the benefits of the insights, operational practices and training to the global shipping and marine community. Through combining our expertise and our knowledge, we are confident great strides will be made in enhancing security and cyber protection across maritime.”

Professor Kevin Jones, executive dean of science and engineering at the University and principal investigator on the Cyber-SHIP Lab project, added: “With our ever-increasing dependence on the global maritime sector, ensuring ships and port operations are cyber secure has never been more critical. Advances in cyber technology, and the emergence of new threats, mean this is a constantly evolving area that needs an innovative and joined-up approach. The partnership between the University and BMT is a perfect example of that, uniting our collective expertise in both identifying potential issues and solutions and finding the means for them to be applied in maritime engineering and design.”

The MoU was signed by professor Judith Petts CBE, vice-chancellor of the University of Plymouth, and Sarah Kenny, CEO of BMT, and will kick-start a range of collaboration opportunities from student engagement and employee development to collaborative research and joint consultancy.

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7977-university-of-plymouth-and-bmt-team-up-on-maritime-cyber-security


port-gettyimages-kokouu.jpg

Five years ago, the largest maritime container shipping company in the world was hit with a cyberattack that crippled its booking system, stalled tracking of its containers and disrupted operations at container terminals all over the world operated by its APM Terminals subsidiary.

The financial cost to A.P. Møller-Mærsk was later estimated at US$300 million.

The cost to its reputation is harder to distill into dollars and cents. Suffice it to say that it was significant.

It was also a four-alarm cybersecurity wakeup call for Maersk.

But, five years later, that alarm has yet to prompt widespread co-ordinated cybersecurity initiatives in the global shipping sector.

As Lloyd’s List editor Richard Meade noted in introductory remarks for the U.K.-based shipping journal’s 2022 webinar on shipping sector cyber threats, industry surveys show now that cyberattacks and data theft “are routinely in the top three risks perceived by maritime businesses, but those same surveys routinely report that the industry is not fully prepared to tackle that risk.”

It’s a risk that is escalating up and down the global supply chain.

BlueVoyant’s second annual survey of cyber risk management in sectors ranging from financial services and health care to utilities and energy found “a fractured landscape, with different industries and regions responding differently to the challenges posed by another year of damaging, costly cyber events.”

Those 2021 events included the SolarWinds cyberattack, which cost an estimated US$100 billion, according to the global cybersecurity company.

BlueVoyant’s survey of 1,200 senior executives in Canada, the U.S., Germany, the Netherlands, the U.K. and Singapore found that 93% had suffered a cybersecurity breach and that the number of those breaches had increased 37% in the past 12 months.

Meanwhile, PwC’s Canada Cyber Threat Intelligence report estimates that the average cost of a data breach in Canada is now $6.35 million, and that supply-chain-related cyberattacks are becoming more frequent and more complex.

Globally, the annual cost of cyber crime to the world economy ranges anywhere from US$1 trillion to US$3 trillion.

“The prospect of a major cyberattack has loomed large over the [shipping] industry for many years,” Meade said, “but right now, the risk rates are flashing red.”

Cyberattacks on major shipping lines and within the maritime goods movement supply chain have cost the sector hundreds of millions of dollars thus far. But that bill pales in comparison to the costs of a catastrophic physical loss of ships or environmental disasters from oil or chemical spills or supply chain chokepoints snarled as the result of a cybersecurity breach on a major shipping line.

Shipping lines are especially vulnerable to cyberattacks because of the wide range of entry points to their navigation technologies and cargo handling, communications and management systems.

This is in part because of the complexity of global goods movement and the number of different connections needed to co-ordinate that movement, and the regular crew changes and human resources ebb and flow it requires.

But also, because, as Meade pointed out, the industry continues to be unwilling to “go public and share data, and partly because this remains steadfastly a reactive industry where safety improvements are only ever borne out of casualties.”

Russia’s invasion of Ukraine accelerated the danger of cyberattacks for major shipping companies and infrastructure.

And not necessarily as prime targets, but as collateral damage, says Bill Egerton, chief cyber officer with cyber insurance and risk management company Astaara.

Egerton says the war in Ukraine is providing cover for other groups to ramp up spam and hacking attacks “to make hay while the sun shines under cover of something else.” He estimates that those attacks have increased by 25% since the Russian invasion began.

Egerton adds that the danger to shipping is more on the office side of the equation than on the vessel side, and points out that the attack on Maersk five years ago resulted from a 2017 Russian cyberattack on Ukraine.

So, the problem for shipping is growing, Egerton says, “because [the] sheer volume of attacks is growing as well.”

“We’re not just talking about the occasional ransomware attack.… What I’m saying is that the attacks that have happened and have come into the public domain have either been through nation states or their proxies or groups that have worked for these people in the past.”

He adds that sharing data and experiences about cyberattacks and ransomware threats is a vital first line of defence for the shipping industry.

Without that mutual cooperation in an industry that is extremely competitive and therefore notoriously averse to sharing data, it will lose “the ability to be able to learn from those areas and strengthen collectively.”

Developing a mutual understanding of terms and language when it comes to managing cybersecurity risks and threats is fundamental to reducing those risks for major ports and shipping lines. As the International Association of Ports and Harbors (IAPH) notes in its Port Community Cyber Security report, “we take what is by nature a hard problem – that of understanding and managing organizational cyber risk – and make it more difficult and problematic when people neither perceive of, nor speak about, cyber risk management in the same way.”

But sharing data and a common communication language is only one initiative needed to fill the many holes in shipping lines’ cybersecurity.

Julian Clark, global senior partner at Ince, an international law and professional services company, told the Lloyd’s List webinar that educating and training ship crews, shipping company staff and management is critical.

And that means providing much more than instruction in basic cybersecurity hygiene.

He says there needs to be a game plan and training for what happens when a ship or a shipping line is hit with a cybersecurity breach or ransomware demand.

Ships’ crews and shipping lines know immediately what to do if there is a collision or other shipping disaster. But when it comes to a cyberattack, Clark said, all bets are off.

“Another thing that came out of the Lloyd’s List survey [of its shipping industry readers] was you’ve still got this issue of … what would happen if the company got hit by a major cyberattack this afternoon?”

The answer, Clark added, would be confusion and uncertainty.

Investing in cybersecurity safety training in the shipping sector is a fundamental first line of defence, and, to be effective, that investment cannot be a piecemeal nickel-and-dime approach.

“The important thing is you need to recognize that this is an ongoing cost of doing business,” Egerton says. “It’s not about a one-off hit and everything will be fine.”

He adds that much of the training material being used by shipping lines today is ineffective because it is dated and generic.

“It talks about stuff in the abstract rather than relevant to the vessel somebody is on or a company somebody’s working for. I think that sheep-dipping people for half an hour doing ‘mandatory training’ doesn’t help them do their jobs better. And you need much more role-specific training to make sure people understand how an attack can hurt their bit of the business.”

Shipping also shares a fundamental human resources challenge faced by other industries: recruiting and retaining cybersecurity talent. The World Economic Forum’s 2021 Cyber Outlook Survey of 120 top executives from private and public companies in 20 countries found that 59% of respondents “would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team.”

Again, data for different ships and different shipping operations is vital for any cybersecurity defence investment to be effective.

“Understand what you need,” Egerton says, “and do this proportionately. Because … if you go and spend a lot of money, you may end up with a product that you can’t use, because it’s producing too much data in the form you can’t cognitively understand. So, I think it’s proportionality. It has got to be people and leadership focused. If the board don’t take this seriously it is not going to work.”

He adds that there needs to be a clear line of sight and communication “from the board to the shop floor, so that everybody understands their role and their place in this, should [a cybersecurity breach] happen.

“Cybersecurity is a risk that won’t go away. You cannot just do it once and then forget it.”

Many major Vancouver-based shipping companies agree that there is a rising concern about the seriousness of cybersecurity threats in their industry, but declined comment for this article, citing an “abundance of caution” over concerns about raising their profiles and the potential for their businesses to become targets for international cybercriminals.

Source: https://biv.com/article/2022/08/cybersecurity-threat-looms-large-over-global-supply-chain?amp


image_750x_62ebd147d5fd4.jpg

The new Memorandum of Understanding will specifically look at harnessing the capabilities of the University’s recently opened £3.2 million Cyber-SHIP Lab. This world-leading facility is dedicated to simulating and understanding maritime cyber threats and facilitating future secure maritime operations through cyber resilience research, tools and training. The facility forms part of the University’s Marine Navigation Centre, which includes a physical ship’s bridge used to simulate attacks and test equipment.

BMT was a founding industry supporter of the Cyber-SHIP Lab when it was launched in 2019, based on the firm belief that through the development of these new tools and lab the UK can become a leading power in maritime cyber security.

Professor Kevin Jones, Executive Dean of Science and Engineering at the University and Principal Investigator on the Cyber-SHIP Lab project, added:

“With our ever-increasing dependence on the global maritime sector, ensuring ships and port operations are cyber secure has never been more critical. Advances in cyber technology, and the emergence of new threats, mean this is a constantly evolving area that needs an innovative and joined-up approach. The partnership between the University and BMT is a perfect example of that, uniting our collective expertise in both identifying potential issues and solutions and finding the means for them to be applied in maritime engineering and design.”

Jake Rigby, Research and Development Lead at BMT, added:

“BMT is delighted to be working with the University of Plymouth in this important work in helping the UK drive the highest possible standards in maritime security. With this knowledge and experience in place, the UK can then offer the benefits of the insights, operational practices and training to the global shipping and marine community. Through combining our expertise and our knowledge, we are confident great strides will be made in enhancing security and cyber protection across maritime.”

Source: https://seawanderer.org/university-of-plymouth-and-bmt-join-forces-to-improve-cyber-security-in-the-maritime-sector


The new agreement will look at harnessing the capabilities of the University’s recently opened £3.2 million Cyber-SHIP Lab. This facility is dedicated to simulating and understanding maritime cyber threats and facilitating future secure maritime operations through cyber resilience research, tools, and training. The facility forms part of the University’s Marine Navigation Centre, which includes a physical ship’s bridge used to simulate attacks and test equipment.

BMT was a founding industry supporter of the Cyber-SHIP Lab when it was launched in 2019, based on the firm belief that through the development of these new tools and lab, the UK can become a leading power in maritime cyber security.

Jake Rigby, research and development lead, BMT, said: “BMT is delighted to be working with the University of Plymouth in helping the UK drive the highest possible standards in maritime security. With this knowledge and experience in place, the UK can then offer the benefits of the insights, operational practices and training to the global shipping and marine community. Through combining our expertise and our knowledge, we are confident great strides will be made in enhancing security and cyber protection across maritime.”

Professor Kevin Jones, executive dean of science and engineering at the University and principal investigator on the Cyber-SHIP Lab project, added: “With our ever-increasing dependence on the global maritime sector, ensuring ships and port operations are cyber secure has never been more critical. Advances in cyber technology, and the emergence of new threats, mean this is a constantly evolving area that needs an innovative and joined-up approach. The partnership between the University and BMT is a perfect example of that, uniting our collective expertise in both identifying potential issues and solutions and finding the means for them to be applied in maritime engineering and design.”

The MoU was signed by professor Judith Petts CBE, vice-chancellor of the University of Plymouth, and Sarah Kenny, CEO of BMT, and will kick-start a range of collaboration opportunities from student engagement and employee development to collaborative research and joint consultancy.

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7977-university-of-plymouth-and-bmt-team-up-on-maritime-cyber-security


Zero Trust has become a well-recognized framework in the cybersecurity world. SecOps teams are championing this ‘trust no-one’ strategy to support the fight against the escalating risk of cybercrime, and in helping to monitor threat actors across their network. In fact, research from Gigamon found that 70% of IT leaders agree that Zero Trust would enhance their IT strategy.

In short, this approach to cybersecurity eradicates the implicit trust often given to internal traffic within a network. This security-first mindset also benefits business efficiency; 87% of IT teams believe productivity has increased since the start of their Zero Trust journey, as systems run faster and downtime is reduced due to fewer breaches.

However, the threatscape is evolving. Ransomware now represents one of the biggest threats to businesses across the world and many are falling victim to catastrophic attacks. This type of malware surged by 82% in 2021 and it shows no signs of stopping, especially as 82% of British firms which have been victims of ransomware attacks reportedly paid the hackers to get back their data.

So, can Zero Trust Architecture (ZTA) help organizations protect themselves from one of the biggest threats in today’s cyber landscape?

Ian Farquhar, Field CTO, Gigamon.

What does Zero Trust mean today?

When putting trust into something, we should always have a rational reason for doing so. However, this has not always been the case in IT. Instead, for years, IT teams have used approximations for trustability, often because mechanisms to support trust-measurement were not practical in the past. This could be because an organization owns a system, if a user is an employee or if the network has previously been secure.

Yet these are not actual trustability measurements, they are instead gross approximations often based on assumptions. When that trust assumption fails, risk is introduced. And when a threat actor recognizes those assumptions are part of an organization’s security strategy, they can use them to evade network controls and cause problems for cybersecurity.

Zero trust changes this. It dynamically measures whether something is trustworthy by analyzing how it works and assessing whether an organization has a rational basis for trusting it and allowing the connection. This is not only the case for entire systems, but also, for individual devices, security mechanisms and users.

Given the prominence of BYOD policies and remote working, it is essential that trust is earned rather than given freely, and all users should be considered threats until proven otherwise.

In a world where the workforce has shifted significantly to a “work anywhere, work anytime” model, embracing a ZTA simply makes sense.

By introducing micro-segmentation – which separates data, assets and applications and represents a key pillar to ZTA – organizations can stop one compromised device becoming an entirely disrupted network.

One famous instance is the Las Vegas casino that was hacked through its IoT thermometer in an aquarium in the foyer. From here, the attacker was able to access the casino’s entire network.

How can businesses protect themselves from this level of threat? With IoT expanding, and adversaries clearly using more innovative tactics and techniques to breach a system, Zero Trust has to be part of the security strategy.

Ransomware and deep observability

The cornerstone of ZTA is visibility. A clear view across all data in motion – from the cloud to the core – means IT teams can best understand any threat to their network. From here they can authorize safe activity, as well as detect undesirable application behavior and analyze the metadata that will detail the origin and movement of an attack.

In other words, you cannot protect against what you cannot see. The deeper the level of observability into a network, the more insight an IT team can gather and then action to improve their entire security posture. This is actually explicitly required by NIST SP 800-207, the gold standard of zero trust.

The very nature of ZTA is deep and thorough inspection of all users and all data, including encrypted traffic. With this architecture and micro-segmentation in place, it will also stop cybercriminals moving laterally within a network – meaning adversaries looking to traverse an IT infrastructure and deploy ransomware across more critical data will be unable to do so.

Over recent years, cybercriminals have become far more savvy and sophisticated, in how they deploy this kind of malware. An attack in today’s climate will typically be carefully considered and strategically targeted against known vulnerable organizations that store critical data. It is also common for bad actors to penetrate a network and lay dormant for months at a time.

Visibility is central in the fight against ransomware; by eradicating blind-spots across the network, adversaries will no longer be able to exist on a network undetected. With Zero Trust and deeper observability into all data, criminal dwell time can be cut dramatically from the current average of 285 days.

It is important to remember that Zero Trust is not the singular silver bullet to ransomware protection. However, paired with visibility, it will be essential for bolstering a company’s cyber posture. By prioritizing deep observability, ZTA becomes far easier to introduce and ransomware threats will become far easier to detect.

Source:https://maritimefairtrade.org/trust-no-one-in-fight-against-ransomware/


Rotterdam-port_shutterstock_1090176152.jpg

Cyber criminals are increasingly targeting container shipping and ports as ransomware gangs step-up attacks on vulnerable supply chains, according to the latest CyberCube Global Threat Briefing.

Worldwide supply chain disruption and shortages and weak cyber security make the maritime sector an attractive target for cyber criminals, according to William Altman, principal cybersecurity consultant at CyberCube, which provides insurers with cyber threat intelligence and analytics. Other critical supply chains that have single points of failure are also vulnerable, including food and agriculture, and information technology, he said at the launch of the report.

“We should expect more attacks on the maritime sector, in particular. Covid-19, labour shortages, wars, and a myriad of other factors are putting a lot of pressure on global supply chains. In the past two years we have witnessed how crisis events, such as key shipping lane blockages and ransomware port attacks, have contributed to intense global supply chain shortages,” said Altman.

“Cyber criminals are known to take advantage of organisations that are experiencing turmoil, such as hospitals during the pandemic. Ransomware actors in particular are increasingly targeting large cargo ships and their onboard operational systems, as well as compromising connected infrastructure at critical port facilities worldwide. This is something we have seen over the past year, but it has built up over the last few months,” he said.

A number of large ports have been hit by ransomware attacks in the past, while the world’s four largest container shipping companies have been attacked in recent years. In February, India’s Jawaharlal Nehru Port, the country’s busiest container terminal, was hit by a ransomware attack, while in March a cyberattack crippled the systems of US freight forwarding company Expeditors International.

“We have seen that the number of attacks has only gone up over the past year, and over the next six months, as supply chain shortages intensify, we expect hackers to take advantage,” said Altman.

The ongoing digitalisation of logistics and the use of autonomous systems creates more vulnerabilities and loopholes, explained Altman. “There is also often a disconnect between the information technology systems and operational technology systems at ports and onboard ships. These two types of systems should be segregated but they are not, and it poses a lot of danger for machinery that moves cargo and navigates ships. The stuff you don’t want attackers to touch,” he said.

Ransomware gangs are increasingly targeting companies with critical operations, according to Altman. For example, CyberCube warned against the increased threat to space infrastructure and technology, such as satellites, ground terminals and user stations, as governments develop anti-satellite weapons and other space military capabilities.

“These are single points of failure that are critical to the functioning of society that are increasingly being targeted… It’s only a matter of time before there is an attack on a single point of failure in space, such as the global positioning system,” he said.

Following the attack on the Colonial Pipeline in the US, which attracted the attention of law enforcement agencies, ransomware gangs have switched to lower profile critical smaller and mid-sized business. For example, cyber criminals are now targeting the agricultural, food supply and healthcare sectors, which can least afford downtime, yet often lack the cyber security resources to fight off determined attacks, he said.

Ransomware attacks are also growing more sophisticated, timing attacks for maximum damage, as well as using double or triple extortion, and distributed denial-of-service (DDoS) attack to prolong business interruption, he said.

Altman also warned that the LockBit ransomware gang is poised to become the most active ransomware gang in the world. Although it targets a wide range of industries, it prefers vulnerable companies in the legal profession, as well as large manufacturing and construction companies. In May, LockBit hit a manufacturing plant owned by iPhone manufacturer Foxconn, disrupting operations.

However, there are signs that actions taken by insurers in recent years may be stemming the tide of ransomware losses, according to Altman. Ransomware-as-a-service gangs typically target companies with poor cyber hygiene, while insurers increasingly score risks and use analytics tools to identify companies that are most susceptible to losses.

“It is clear that starting in late 2019, loss ratios for P&C industry, aggregate standalone, and packaged cyber risk begin to reflect the rise in ransomware-as-a-service. These criminal actors are largely responsible for the cyber loss experience by companies over the past three years. However, beginning in 2020, and accelerating through 2021, we saw rate increases to account for the outsized frequency and severity of ransomware,” said Altman.

“Today, alongside those rate increases and reductions in coverage, we do see positive signs that cyber insurers are adopting pro-active measures to reduce cyber risk,” he said.

Source: https://www.commercialriskonline.com/cyber-criminals-target-vulnerable-marine-supply-chains/


This new standard has been developed by the IASME Consortium together with the Royal Institution of Naval Architects (RINA), to raise cyber security standards within the maritime sector.

The baseline offers shipping companies the certification required to assert their vessels uphold the maritime cyber security regulation standards. The baseline includes the audit of different types of vessels, such as commercial vessels, especially cargo, passenger ferries, and yachts. It also covers crewed and autonomous vessels.

Nir Ayalon, Cydome’s CEO, said: “We’re very proud to become the first international Certification Body for Maritime Cyber Baseline – and to join the IASME consortium. This step is aligned with Cydome’s vision of providing maritime organisations with the ability to show their cyber resilience through a quick automated process – reducing the friction, hassle, cost and time of manual audits. Getting a Maritime Cyber Baseline certification will give a strong message to the shipping companies, insurance companies and the management of the commitment to having a secure fleet – and to mitigate cyber risks.”

Cydome, a cyber security company for the maritime industry, offers advanced cyber security capabilities designed to fend off maritime cybercrime on and offshore.

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7967-cydome-approved-to-certify-vessels-for-maritime-cyber-baseline


Inmarsat_Cyber_security.jpg

The IMO’s 2021 cyber risk management code (IMO 2021) sets a framework and baseline for cyber security resilience, but Inmarsat advocates for going beyond simple regulatory compliance.

“The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts,” said Ben Palmer, President, Inmarsat Maritime.

With cyberattacks against the maritime sector on the rise, the Inmarsat report promotes Unified Threat Management (UTM) as a foundation for managing cyber risks. UTM combines a range of defences like antivirus programmes, firewalls, intrusion and detection systems and content filters in one software and hardware package. Inmarsat offers its own Fleet Secure UTM which it says streamlines the installation and operation of security infrastructure.

By making security easier to configure and maintain, UTM also makes proactive cyber security more accessible to maritime companies, said Inmarsat.

The report notes a 2021 penetration test across 100 vessels in a particular fleet. Of 292 emails sent to fleet nodes, 92% were opened, a link inside was clicked by 90 seafaring officers and 44 of those went on to enter sensitive information on a website.

Should bad actors succeed in accessing systems, vulnerabilities within our industry include: Bridge systems, Cargo handling and management systems, Propulsion and machinery management and power control systems, Access control systems, Passenger servicing and management systems, Passenger facing public networks, Administrative and crew welfare systems, and Communication systems.

Inmarsat uses Danish tanker company Evergas as an example of a shipping company facing its cyber security responsibilities.

Evergas IT Manager, Poul Rævdal, said: “Regulations provide a good starting point, but it is important from our perspective to go above and beyond the guidelines… Being able to unify the separate parts of our network security into a single solution and deal primarily with one supplier allows our IT team to focus on optimising the day-to-day support given to our ships and systems.”

The report goes into further detail on seafarer training and awareness, the vectors of attack used against the maritime industry, creating a cyber security aware culture, pathways to regulatory compliance and moving beyond compliance.

Source: https://www.seatrade-maritime.com/technology/inmarsat-issues-guidance-fortifying-cyber-security


A new report from Inmarsat, the world leader in global mobile satellite communications, highlights the role of the International Maritime Organization’s (IMO) 2021 Cyber ​​Risk Management Code in providing a framework for cyber resilience , but warns that combating attacks is not limited to compliance alone. Compiled by maritime innovation consultancy Thetius, Beyond Compliance – Cyber ​​Risk Management After IMO 2021 encourages proactivity in preventing and mitigating the impact of cyberattacks.

“Ensuring data resilience and cybersecurity are key concerns for the shipping industry,” said Ben Palmer, president of Inmarsat Maritime. “The IMO guidelines on maritime cyber risk management have helped stakeholders deal with cyber threats, but the nature of digital attacks continues to evolve due to advances in computer technology and the development of geopolitical conflicts. In the 12 months between May 2020 and May 2021, cyberattacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone. [1]

“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to managing cyber risks.”

One of the pillars of this approach is Unified Threat Management (UTM). By combining solutions such as firewalls, anti-virus programs, content filters, and intrusion detection and detection systems into a single hardware and software package, Inmarsat’s Fleet Secure UTM streamlines installation, configuration, administration and maintenance of the network security infrastructure. It helps shipping companies, like Denmark-based Evergas, raise safety standards beyond regulatory compliance.

Evergas IT Manager, Poul Rævdal, said: “The regulations are a good start, but it is important from our point of view to go beyond the guidelines, and Inmarsat’s comprehensive Fleet Secure solution facilitates a proactive approach to network security. Being able to unify the different parts of our network security into one solution and deal primarily with one vendor allows our IT team to focus on optimizing day-to-day support to our vessels and systems.

The continued development of seafarer training has been another key bulwark in shipping cybersecurity defenses. Inmarsat’s Fleet Secure Cyber ​​Awareness training program contains everything crew need to know to be aware of vulnerabilities and suspicious behavior online with guidance on best practices. This training module is offered free of charge to all Fleet Secure Endpoint users.

Effective cyber risk management must consider multiple attackers and various lines of attack – targeted and random. Threat actors are making continuous efforts to update their strategies, developing malicious coding, scanning for vulnerabilities in hardware and software, and responding to human behavior. Only by being proactive can shipping stay ahead of cybercriminals.

Source: https://rushhourtimes.com/cyber-risk-management-beyond-imo-2021-compliance/


Cydome has been confirmed as the first international certification body for Maritime Cyber Baseline, a new programme developed by the IASME consortium, together with the Royal Institution of Naval Architects, to raise cybersecurity standards within the maritime sector.

Based in the UK, IASME works alongside a network of certification bodies to help certify organisations of all sizes in both cyber security and counter fraud, with Cydome the latest to be added to that list.

The newly developed baseline offers shipping companies certification to assert that their vessels uphold maritime cybersecurity regulation standards and includes audits of different types of vessels, such as commercial vessels, passenger ferries, and yachts. It also covers both crewed and autonomous ships.

Cydome has been approved to provide certification services for the baseline, with its automated compliance system able to be applied to assess an entire fleet’s cyber risk status.

“We’re very proud to become the first international certification body for Maritime Cyber Baseline and to join the IASME consortium,” said Nir Ayalon, Cydome’s CEO.

“This step is aligned with Cydome’s vision of providing maritime organisations with the ability to show their cyber resilience through a quick automated process – reducing the friction, hassle, cost and time of manual audits.”

“Getting a Maritime Cyber Baseline certification will give a strong message to the shipping companies, insurance companies and the management of the commitment to having a secure fleet – and to mitigate cyber risks.”

Source: https://smartmaritimenetwork.com/2022/07/19/cydome-approved-to-offer-maritime-cyber-baseline-certification/