The aviation safety sector is the study and practice of managing aviation risks. It is a solid concentration of regulations, legal documents, investigations of accidents and near-miss aviation incidents. On top of them lie lessons learned and shared knowledge; reports, facts and stats forming a cognitive super vitamin, that the aviation community uses to keep their business healthy and safe.

The above concept is successful. People trust the aviation sector and consider it the safest transportation. Sadly, when it comes to cybersecurity the community feels quite exposed and vulnerable. Stats that are not available, dark corners, and a lack of lessons learned from cyber incidents are some of the aspects that blur its reputation. Wouldn’t it be better if businesses and organizations adopt the successful “how-to” of the aviation safety sector to increase their cybersecurity level and the confidence of the community?

The idea behind

The recent cyber attacks renewed the interest of the industry, academia, and the US government in a form of a Board that could investigate cyber incidents. In the spring of 2021, a workshop was organized on creating a cyber incident investigative capacity modeled on the National Transportation Safety Board (NTSB). The NTSB is considered the most robust set of aviation safety programs. It acts as an independent Federal agency charged by Congress with investigating aviation accidents and major transportation incidents. NTSB investigates the causes and issues safety recommendations to prevent future disasters.

The workshop examined the feasibility of whether aviation safety procedures can be adopted by the cybersecurity sector to improve its posture. The output was a report where key findings were highlighted, research questions were recorded and a road map of recommendations was proposed. The report concluded that the cybersecurity industry does not have processes or authoritative and independent investigations whose focus is publishing lessons learned from cyber incidents and enabling improvements.

Policymakers in the cybersecurity industry have urged for an agency that will investigate cyber attacks and incidents, identify leaks and gaps in security controls and inform the community. From that perspective, the NTSB transportation safety paradigm is used frequently as an analogy, since it provides body, maturity, and substance to that concept.

The “cyber NTSB” conceptual approach

The workshop involved 70 expert minds who worked over four months on the concept of creating a “Cyber NTSB”, an idea born back in 1991. The problem handed over to the participants was the same as in the NSF 2014 Report: “A critical problem in cyber security is a lack of reliable, consistently reported data about security incidents. The lack of data makes it difficult for others to learn from these attacks, and is leading to misplaced priorities”.

The workshop was predicated on assumptions, all of which hold that the present cybersecurity safety system is insufficient and should be adjusted to match what the aviation safety industry performs. What the participants observed was that cybersecurity lacks information, knowledge and wisdom, not data; these are abundant.

Key findings of the workshop

At first, the workshop examined how a Board can be alerted about incidents to determine whether they merit investigation. Unlike in aviation, cyber incidents are not kinetic like air crashes and are wrapped with secrecy, as companies fear liability and damaged brand reputation, making their discovery difficult. The workshop’s findings were that:

  • The Board can use existing reporting mechanisms effectively by filling the gaps between them.
  • Cybersecurity and IT lack incentives for voluntary reporting, although it is clarified that information sharing does not violate antitrust laws.
  • The awareness of the Board can be enhanced by individual reporting, although it may be considered as a company’s weakness and low investment in security.

Having an adequate reporting system present, the next question arose: which incidents require investigation? The workshop highlighted that there should be quantitative and qualitative criteria that will trigger the investigation procedure. Furthermore, it would be extremely useful if the Board could investigate not only incidents but trends as well. If it could track the cybersecurity ecosystem, identify common failures and trends in attack patterns, and associate best defense practices against these trends.

Next, the steps for a successful investigation were examined. How should investigations run, what exactly should be investigated, and what techniques should be used? The Board concluded that:

  • Fact-finding should be a collaborative process; the analysis independent. As happens in aviation incidents, a lot of parties provide expertise related to the investigation, but they are excluded from the analysis and don’t contribute to the final report.
  • Slow and careful investigations give value to the effort. Deep and detailed questions help knowledge gaining for the incident. Failures of the involved products, tools, and controls are significant and need to be looked at.
  • The independence of the NTSB allows the Board to evaluate regulators and regulations.

Publishing reports of incidents and “near-miss incidents” is paramount. The workshop concluded that since there are no reliable data, records, and history of cyber incidents that can be used to build policies and response plans based on what has happened, the defender community often fights cases they don’t completely understand.

Finally, the reporting system should use narratives and numbers, as this will improve the “learning and sharing” concept, but should share knowledge wisely. There might be sensitive data, like “pilots’ last words to families”, that need to be disseminated with discretion.

The next steps

If safety was a fashion show, no doubt that aviation safety would be the top model; delicate but sturdy, where the maturity of time would add more charm to her. The challenge is whether cybersecurity can walk shiny on the same runways as aviation safety. The workshop proved that this is feasible if all parts cooperate to integrate knowledge to the highest possible security level.

To that end, the workshop sums up several research questions around adapting lesson learning systems from aviation, and key findings for further investigation. Finally, it suggests a series of recommendations for the Cyber Safety Review Board (CSRB) and Congress to evolve “Cyber NTSB” concept into reality; an entity that can learn from mistakes and successes, sharing knowledge generously.

Source: https://www.tripwire.com/state-of-security/featured/aviation-safety-cybersecurity-learning-from-incidents/cyber


When it comes to cyber-attacks, shipowners should assume the worst and expect to be hit at some point.

These concerns are backed by a report from March 2022 showing that shipping companies pay an average US$3.1 million in cybersecurity ransom payments per incident due to gaps in their risk management. Attacks on the maritime industry range from phishing and ransomware to targeting infrastructure or ship systems for financial or political reasons.

More than half of shipowners spend less than $100,000 a year on cybersecurity management, which the organisations behind the report – maritime consultancy firm Thetius, law firm HFW and shipping cybersecurity company CyberOwl – believe isn’t enough.

Additionally, around two-thirds of respondents aren’t sure whether their insurance covers cyber-attacks. Other eye- raising results show that only 55% of industry suppliers are asked by shipowners to prove they have cyber-risk management procedures in place, while 25% of seafarers don’t know what’s expected of them if involved in a cyber incident.

The big worry is that shipping companies haven’t invested enough time or money to shore up their defences, leaving them exposed to attack and short of meeting IMO 2021, the International Maritime Organization’s requirements for cyber-risk management.

Cyber-attacks and vessel safety

Failing to establish safeguards against any cyber risks to vessels, personnel and the marine environment can prove damaging to shipping companies from an operational perspective.

The rapid pace of maritime digitalisation provides shipowners huge benefits in terms of improved efficiency, safety and asset tracking. Such technology has been around for some time and is now an established part of vessel operation.

One example can be found in navigation. Paper charts have long been replaced with digital alternatives on most vessels, to the point where traditional navigation techniques are rarely, if ever, practised by seafarers. Today, some shipowners have gone further and implemented shore-based dynamic route management, to fully optimise vessel efficiency and safety.

A cyber-attack on one of these onboard systems could have dramatic implications on vessel safety. If navigation controls are altered, or charts deleted, it can become very difficult for a crew to safely operate a vessel. The impact could be even more dramatic for digital systems connected to engines or ballast pumps.

Since January 2021, cyber threats have been included in the ISM Code’s risk management protocols. Under the updated protocol, cyber risks must now feature in a vessel’s Safety Management Systems.

This reform means that shipowners must identify and create an inventory for their critical technology and data assets (both hardware and software, IT and operational technology) on board their vessels and linked to their onshore systems. They should also assess the cyber risks to those assets and establish specific risk-mitigation measures to manage and guard against any threats. Additionally, any cyber-security policies must ensure that crewmembers receive the appropriate training to understand the threats, and that the roles and responsibilities for addressing those risks are clearly defined.

A properly formulated Safety Management System should cover worst-case measures to ensure that a vessel and its crew remain safe should a system fail, which may include hard-copy back-ups or manual overrides. It should also include regular audits to ensure new risks are identified, and a commitment to continuous improvement.

It is important that shipowners work proactively to ensure that their Safety Management Systems are fully up to date and fit for purpose, yet it can be a complex task. Such systems are inherently technical, and an owner may need outside support to properly evaluate and understand vulnerabilities.

West’s Loss Prevention department can provide vessel and issue specific guidance and support in improving Safety Management Systems – both to meet regulations and to improve the safety of a vessel. Our expert team is ready to give practical advice to any Member, and can help ensure a vessel stays safe and P&I cover remains valid.

Major commercial risks

Vessel safety is not the only cyber risk shipowners face. Phishing attacks, where cyber-criminals posing as legitimate institutions send individuals or companies emails to obtain sensitive information, are perhaps the biggest concern for most owners.

Cyber whaling, a particularly dangerous variation of phishing, is becoming more common. In these attacks, emails target a group of senior executives or digital gatekeepers using personal vocabulary and information to trick them into cooperating. Messages are usually from fake email accounts that look almost identical to a genuine sender’s address.

The criminals behind cyber whaling aim to socially engineer their victims, to trick them into making financial transfers or sharing confidential material. Anyone duped into doing either usually has no idea until it’s too late – which would be incredibly disruptive to shipowners’ shore- side and sea-based operations.

An attacker could gain access to the organisation’s computer system, forcing the shipowner to take the entire office function offline. In this instance, the company would have to painstakingly organise hundreds of paper, rather than electronic, records and forms.

The ramifications can extend to ships, with vessels stuck at ports or unable to secure bunkers. Payment, logistics and planning systems could be completely decimated, while compliance paperwork may force some owners to temporarily cease some trades.

How to plan for cyber-attacks

Some of the principles inherent in the ISM Code can guide a shipowner across other parts of their business. IT and digital teams should regularly identify and conduct an audit of all potential cyber threats, while staff need training to spot the warning signs and understand the systems in place for blocking hackers.

Staff within the organisation should never share any personal information in an open, online public forum. For example, an attacker could verify an employee’s identity by using their birthday, after sourcing that information from the victim’s LinkedIn profile.

Given that even the best defences can be breached, owners should also plan to mitigate the impact of any successful attack. This may include maintaining back-up systems and servers where appropriate to keep office functions online if under attack.

It is also important to protect against worst-case scenarios through proper, specialist insurance. Where cyber risks onboard a vessel are covered by P&I, other commercial risks are not – and must be insured separately.

West is proud to have partnered with Astaara, the only specialist marine cyber insurer in the market. Astaara can cover a client’s entire business, including shoreside operations, and provides unique business interruption cover on a tailored basis.

Astaara also offers marine cyber-risk management consultancy services, working with clients to measure and improve their cyber-risk profile through a five-stage process. By building a comprehensive picture of an organisation’s cyber enterprise risk management and increasing resilience, they can dramatically improve security. The process also covers business continuity planning to ensure rapid recovery should an event occur.

Ultimately, shipowners are responsible for building and maintaining strong defences to deter or prevent cyber incidents. Building resilience is critical, both for vessels and backroom functions. Yet, even the most secure systems are vulnerable – and shipowners must work closely with insurers, including their P&I insurer, to ensure business continuity if the worst were to happen.

Source: West of England, by Bill Egerton, Chief Cyber Officer (Astaara)


by John Konrad (gCaptain) The Port of Los Angeles is the victim of approximately 40 million cyber attacks per month, mostly from Europe and Russia including former Eastern Bloc nations. This is double the number of attacks since the start of the COVID19 pandemic. The Port has contacted the FBI for assistance.

“Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce,” said Gene Seroka, director of the Port of Los Angeles, in a BBC interview. “We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo.”

The Port of Los Angeles is now working with the Federal Bureau of Investigation’s cyber-crime team to prevent attacks and improve security. It has also invested millions of dollars in a Cyber Resilience Center (CRC) it built with IBM to study cyber crimes, prevent attacks, and share information with the FBI.

The new Cyber Resilience Centre acts as a hub for the port, receiving, analyzing, and sharing information with those who operate on the dock, such as cargo handlers and shipping lines. In this way, it enhances intelligence gathering and provides heightened protection against cyber-threats within the maritime supply chain.

Related Book: Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick

This is not the port’s first attempt to fight cybercrime. In 2014, the Port of Los Angeles established a Cyber Security Operations Center designed to help protect the Port’s internal networks. The newly-designed CRC builds upon that technology infrastructure by improving the quality, quantity and speed of cyber information sharing among Port stakeholders.

Source: https://gcaptain.com/port-of-la-calls-fbi-after-cyber-attacks-double/


Green Award welcomes IQ Solutions SA as an incentive provider. With reference by the Chairman of the Green Award Foundation, Captain Dimitrios to the ceremony (presentation of Green Award Flag and a Plaque) on 7 June 2022 at Posidonia Exhibition, Athens. The Greek company provides certified cyber secure ICT Solutions and Services for the Maritime Industry. They give a complete managed information technology and communications for vessels with a Green Award certificate a discount of:

• 10% for certified companies (seagoing shipping)
• 15% for certified seagoing ships
• 15% for certified inland ships
• 10% for other participating Incentive Providers
The team of IQ Solutions SA is highly skilled engineers and consultants, experienced in large and complex IT projects, tackle the cyber security in the most credible, effective, and highly professional manner. IQ Solutions SA is a Maritime ICT Integrator with unique Intellectual Property, offering ICT solutions Type Approved for Cyber Security by IACS members & Flag States.

From left to right: Jan Fransen, Executive Director of the Green Award foundation, Capt. Dimitrios Mattheou, Chairman of the Green Award foundation, Panagiotis Gavalas, IQ Solutions Director of Operations and Paris Papanastasiou CEO and Managing Director of IQ Solutions.

Specialized products & services are presented below:
• VCell Cyber
Type Approved/certified for Cyber Security (by BV and ABS) end-to-end vessel ICT solution, providing a managed, enhanced, fully controllable and monitored ICT environment, consisted of highly available, redundant, and secure infrastructure covering servers, clients, managed networking, and printing.
• VTalos
Universal Vessel USB Protection Unit, certified by ABS, designed to control, and protect from a sensitive onboard Cyber Security issue, the use of USB devices on vessel networks & devices.
• Ermis
Augmented Reality solution for vessels making onboard remote view, inspection, assistance and knowledge transfer direct and immediate, without the need of shore experts to be physically present onboard.

Captain Dimitris Mattheou, Chairman of the Green Award Foundation comments, “We are happy to welcome IQ Solutions to the Green Award scheme and see many synergies. Digital integrations become a greater reality for the maritime industry.Quality standards is not only what they promise but also what they provide. Green Award, along with IQ Solutions and the rest of our distinguished incentive providers, fairly represent the determined, passionate, faithful, devoted and pioneering sailors of Green Shipping.”
Source: IQ Solutions SA


New technology and increasing automation and digitalization are combining to streamline the efficiency of the maritime industry. But along with the increasing number of integrated vessels featuring multiple interconnected systems comes the threat of remote attacks that can potentially gain access to or impact critical on-board control systems. Optimal cyber security needs to be in place to ensure vessels remain in operation and to safeguard the safety of crew, passengers, assets and the environment. 

It is critical to implement optimal preventative measures against cyber attacks
“Shipping is the backbone of global trade and the potential disruption that attacks could cause, not to mention the danger to life and property, is a clear temptation for cyber criminals and state-sponsored hackers. It is imperative to protect both corporate infrastructure and individual ships amid increasingly high vessel connectivity. Most people are aware of the risks, the focus is now on implementing optimal preventative measures,” says Jarle Coll Blomhoff, Group Leader Cyber Safety & Security, Control & Bridge Systems – Ship Classification Maritime at DNV.

While corporate IT systems are considered “mature” with a lot of attack surfaces, attacks are still most likely to have a financial impact on a company rather than directly on vessel operations (low consequence). However, operational technology (OT) on board a ship or offshore mobile asset is increasingly connected to shore-based IT systems, providing a potential “back door” for attackers. “Cyber security must protect this low-maturity, high-consequence digital infrastructure so that a ship can stay safe and moving despite being attacked. You can’t risk losing the main engines or any other system considered essential and important under SOLAS rules,” says Blomhoff.

New IACS unified requirements focus on cyber risks of on-board systems
While regulations like the IMO cyber resolution from 2021 require owners, operators and managers to consider overall cyber risks, at the systems level there are no concrete requirements. However, this is now changing, as the International Association of Classification Societies (IACS) just published new unified requirements (URs) that will oblige both yards as system integrators and system vendors to build cyber security barriers into their systems and vessels.

“The URs will apply to everything computer-based on board such as main-engine control systems, steering, cooling systems, fire detection, communications systems including public address systems, and navigation systems – basically anything that is integral to making the ship move, navigate and operate safely,” says Blomhoff.

His team is also working on autonomous shipping, where class qualification of autonomous pilot tools such as object detection will also be very important. “Any kind of decision-support system that provides critical navigation advice to the captain and contributes directly to steering the vessel will also be subject to the URs in future,” he said.

The URs will apply to all newbuilds contracted after 1 January 2024 and will also serve as non-mandatory guidance for existing ships as well as new vessels contracted before that date.

DNV is ready to apply IACS-compliant Cyber secure rules to newbuilds
The URs are minimum prescriptive requirements agreed by all IACS members. Any class society appointed to oversee a newbuild naturally deals with the shipowner and the yard, but from that date they will also need to check that all vendor systems meet the requirements. How individual class societies implement the URs can vary, but for DNV-classed vessels DNV is ready now to apply its existing IACS-compliant Cyber secure rules to existing vessels and current newbuilds, as well as work closely with system suppliers to support a smooth transition in 2024.

“With more than 100 vessels contracted so far for voluntary approval, as well as a larger range of automation and navigation system suppliers type-approving their systems with DNV, we believe DNV and the industry is on a good path,” says Blomhoff. DNV class rules and the IACS URs use the IEC 62443 standards that address OT cyber security in a holistic way, including both technical and process-related aspects.

Ind_404_UR_overview.jpg

New URs ensure holistic cyber security of on-board equipment
Firstly, UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response and recovery.

Secondly, UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment plus additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development of new devices before their implementation onboard.

System delivery across different industries
DNV believes that one strength of the new URs is that they are built on concrete requirements and based on internationally recognised IEC62443 standards for control-system cyber security. This will greatly support suppliers that deliver their control systems across different industries. It is also positive that the two URs are complementary. UR E27 lets suppliers focus on developing cyber-security barriers through, for example, a type approval of their system, so that yards and owners will have a range of pre-approved systems to choose from when implementing the requirements of UR E26 into their vessel designs and operation.

Ind_404_loose_network_cable.jpg

To ensure compliance with the coming IACS unified requirements (URs) E26 and E27 and protect critical control systems, yards and system vendors should take action now.

Steps vendors should take in view of the time pressure
The fact that yards and vendors will have to verify critical systems to meet the requirements represents a big change for the industry given that control systems have a long lifespan and development processes are time consuming. Especially smaller vendors are likely to face resource challenges meeting the requirements within the tight timeframe.

“There are less than two years left and vendors and yards will need this period to assess and verify that their control systems are compliant. We encourage all vendors to, firstly, go through their portfolios and systematically assess which products/systems can they make cyber secure enough to still be in use after 1st January 2024. This pertains especially to vendors offering digital services in the cloud to prevent leakage of, for example, key environmental data,” says Blomhoff.

Vendors should then make a detailed analysis what needs to be done, execute those actions followed by testing and getting type approval. To keep systems safe, they will need to look at attack surfaces, log-in security barriers and configuration protection. They will also need to protect USB removeable device interfaces and network interfaces, especially links to shore, as well as implement consistent patching so software is continually up to date. “They should also ensure that back-up and recovery procedures are in place to return the system to a safe state. If a system goes down you should be able to recover it sufficiently to continue critical operation and ensure key technical functionality,” says Blomhoff.

How can DNV help?
DNV can help in two main ways, by type approval for equipment and systems, either separately or as part of its Cyber secure notation for a new ship, as well as providing advisory services from its independent DNV Accelerator unit. DNV’s Accelerator can help vendors examine all the above challenges on their journey towards type approval. Our experts support customers with support system risk assessment/improvements, penetration testing and training in a third-party witnessing role, as well as system documentation if desired.

Even before the new IACS URs come into force, DNV is already conducting type approval of various automation and control systems with major suppliers on a voluntary basis. For example, DNV has already type-approved key systems from ABB, Kongsberg and Wärtsilä, and is working on the same for several other control and navigation systems.

Type-approved systems reduce risks and documentation work of newbuild projects
“We are fortunate to be the preferred class partner major suppliers choose to work with on type approvals. They value us as a discussion partner based on our experience and expertise. We take the process very seriously as it reflects our brand value. In addition, when vendors choose to get a system type-approved by us it will reduce risks and uncertainties of newbuild projects, as well as reduce the documentation that each vendor needs to provide for each vessel. Detailed cyber security documentation is something that a supplier would like to limit distribution of, hence a type-approval certificate plays more than one role,” says Blomhoff.

He concludes by encouraging all yards and vendors who are in doubt over what the upcoming IACS URs will mean for them, and what do to, to reach out. “Whatever challenges you are facing, I am 100% certain we will be able to support you,” he said.
Source: DNV, https://www.dnv.com/expert-story/maritime-impact/Yards-and-vendors-must-act-promptly-to-comply-with-upcoming-IACS-cyber-security-requirements.html?utm_campaign=Ind_404_Cyber%20sec%20IACS%20reqs&utm_medium=email&utm_source=Eloqua


Recognizing that cyber incidents on vessels can have a direct and detrimental impact on life, property, and the environment, IACS has steadily increased its focus on the reliability and functional effectiveness of onboard, safety-critical, computer-based systems.

IACS identified at an early stage that, for ships to be resilient against cyber incidents, all parts of the industry needed to be actively involved, and so convened a Joint Working Group (JWG) on Cyber Systems which helped identify best practices, appropriate existing standards in risk and cyber security, and a practical risk-based approach.

Building on this extensive collaboration, and utilizing the experience gained from its existing Recommendations, as well as developments at IMO including, in particular, IMO Resolution MSC.428(98) applicable to in-service vessels since the January 1, 2021, IACS has adopted two new IACS Unified Requirements (URs) on the cyber resilience of ships:

UR E26, Cyber resilience of ships, aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the ship’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery.

UR E27, Cyber resilience of on-board systems and equipment, aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment and provides additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development requirements for new devices before their implementation onboard ships.

These URs will be applied to new ships contracted for construction on and after January 1, 2024 although the information contained therein may be applied in the interim as non-mandatory guidance.

Source: https://allaboutshipping.co.uk/2022/07/12/american-club-member-alert-july-12-2022-re-iacs-adopts-new-requirements-on-cyber-security/


Standardisation and automation of updating process is another step towards digitalised vessel operations and improved cyber security

Oslo and Paris, 11 July, 2022. Marlink, the Smart Network Solutions Company, has added another solution to its comprehensive ITLink portfolio. ITLink OS Updates is the latest tool to enable maritime customers to stay safe and compliant through remotely managed updates of the IT operating systems (OS), thus enhancing cyber security.

ITLink OS Updates is simple to implement and represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet. It provides first line protection against cyber threats, improved performance of PCs and servers, by ensuring operating systems have the latest updates and security patches and reports status to a shoreside dashboard.

As digitalisation impacts more areas of fleet operations, managers need to ensure to receive relevant OS data reliably in close to real-time to remain fully compliant. IMO regulations now require new standards of cyber awareness and process onboard ship and third party vetting systems for tanker owners specify much stricter standards.

Out of date operating systems can cause serious issues with performance and user experience and are highly vulnerable to cyberattacks. Previously, crews had to wait for CDs or risk higher data consumption for over-the-air updates but ITLink OS Updates is fully optimised for satellite connectivity, saving around 80% of the data typically consumed when rolling out OS updates to a fleet.

ITLink OS Updates enables significant efficiency gains for shipping companies, allowing crew and fleet managers to focus on their daily tasks and operations onboard rather than implement monthly OS updates. Marlink’s expert ITLink team works closely with maritime customers to identify solutions that best suit their IT resources and business  needs. This includes fast, automated updates across all PCs to keep the ship up to date with tasks completed in as little as one day with full shoreside support.

Source: https://marlink.com/marlink-expands-itlink-portfolio-with-os-updates-to-enhance-remote-it-compliance-onboard/



Marine Energy Systems (MES) are focused on delivering silent, non-polluting and renewable sources of power into the marine sector. The company has a reputation for only working with credible, long-established companies.

With it’s UK nationwide network of trained skilled professionals, MES are able to service the whole of the UK – and one of the customer demands MES engineers face more and more frequently is an intelligent security system onboard.

Security concerns are inherent in two of three vessel owners; this considerable demand faces a lack of choice when it comes to security equipment purchase. Regardless of the vessel size, owners have to choose between spending over £5,000-6,000 for a specialised system or adapting a car/motorcycle alarm system. The last one is quite a hassle because navigation, key vessel indicators, controls and security are expected to be accessible on a digital dashboard and smartphone – anywhere, anytime.

MES works with big players and customers in this sector, including Sunseeker, a well-known luxury Superyacht manufacturer, and many others. MES came up with a request to supply boats with a security system which is compatible with the yachts’ onboard software. The system should: Support cellular connectivity; Have a mobile app to report alerts; Be straightforward to install; Look slick to fit luxury interiors.

Ajax security systems integrated via a proprietary API with wireless detectors that fit both luxury yachts interiors and tight budgets. MES’ engineers appreciated a hassle-free approach to system installation.

All detectors are equipped with SmartBracket panels meaning that there is no need to disassemble the enclosure. To connect a detector to the system, an engineer just scans a QR code with the Ajax app and the device is ready for configuring. The system parameters and detector configuration can be done from desktop or mobile apps. This system feature helps Marine Energy Systems in providing remote technical support throughout the entire vessel lifecycle.

Battery power became another practical aspect. Wireless devices do not require a power supply from a vessel at all. In turn, Ajax control panels, hubs, can be connected to the onboard electricity via the 6 V power supply unit. Backup batteries and low power consumption ensure long-lasting protection with no additional maintenance.

“I see a huge opportunity here,” said Lee Smith, Operations Manager, MES. “We work with various shipyards building leisure, commercial and service vessels – and all of them need some security solution. Having 25 years of experience in the boating industry, I think Ajax is a big leap forward, allowing us to build complex systems that will serve our customers all over the world.”

Source: https://securityjournaluk.com/ajax-disrupting-boat-security-market/


The International Electrotechnical Commission (IEC) has published a new standard to regulate the exchange of data and maritime information in a secure way.

IEC 63173-2 SECOM is a new standard developed with Voyage Information Service within Sea Traffic Management (STM). The new interface works for transfer of S-100 products and can also be used for other formats.

Development started in 2019 and the final version was published on 30 May.

READ: Single window for ship data exchange to become mandatory under FAL treaty amendments.

“Route exchange in the STM Validation project was the starting point. However, in the standardisation work the scope was expanded from voyage plans and navigational warnings to include exchange of all S-100 based products”, said Björn Andreasson STM Testbed Manager.

“SECOM is an exchange layer that guarantees that different services and software exchange data the same way,” added Hannu Peiponen Chair of the Maritime Navigation and Radiocommunication Equipment and Systems Committee at IEC.

“For manufacturers of maritime systems this eliminates the need to support several different service interfaces for different services and products. If a service or product works with one actor using it, it will work with all.

“This will make it easier to provide valuable end-user services to the maritime community to increase safety and efficiency while at the same time opens a possibility to reduce the environmental footprint”.

SECOM aims to be a key reference point for interoperability of the same magnitude as standard data formats and common authentication methods.

Source: https://www.porttechnology.org/news/iec-publishes-new-standard-for-maritime-data-security/


ITLink OS Updates represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet
ITLink OS Updates represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet

Marlink has added another solution to its ITLink portfolio.  ITLink OS Updates is the latest tool to enable maritime customers to stay safe and compliant through remotely managed updates of the IT operating systems (OS), thus enhancing cybersecurity.

ITLink OS Updates is simple to implement and represents an important step towards digital enablement for customers through complete standardisation of IT across the fleet. It provides first line protection against cyber threats, improved performance of PCs and servers, by ensuring operating systems have the latest updates and security patches and reports status to a shoreside dashboard.

As digitalisation impacts more areas of fleet operations, managers need to ensure to receive relevant OS data reliably in close to real-time to remain fully compliant. IMO regulations now require new standards of cyber awareness and process onboard ship and third party vetting systems for tanker owners specify much stricter standards.

Out of date operating systems can cause serious issues with performance and user experience and are highly vulnerable to cyberattacks. Previously, crews had to wait for CDs or risk higher data consumption for over-the-air updates but ITLink OS Updates is fully optimised for satellite connectivity, saving around 80 per cent of the data typically consumed when rolling out OS updates to a fleet.

ITLink OS Updates enables significant efficiency gains for shipping companies, allowing crew and fleet managers to focus on their daily tasks and operations onboard rather than implement monthly OS updates. Marlink’s expert ITLink team works closely with maritime customers to identify solutions that best suit their IT resources and business needs. This includes fast, automated updates across all PCs to keep the ship up to date with tasks completed in as little as one day with full shoreside support.

“Achieving the kind of efficiency gains and compliance reporting required for safer, smarter vessel operations means the full embrace of IT enablement by ship and shore on equal terms,” said Nicolas Furgé, president, digital, Marlink. “Owners and ship managers who want to take digitalisation to the next level can use ITLink to secure their remote operations, reduce vessel visits, save costs and let their crew focus on key tasks; it’s a complete solution for smarter shipping.”

Source: https://thedigitalship.com/news/maritime-satellite-communications/item/7945-marlink-adds-remote-update-function-to-itlink-portfolio