Two years to go. The International Maritime Organization (IMO) encourages ship owners and managers to have incorporated cyber risk management into ship safety by the 1st of January 2021. But what does that mean? And how to address maritime cyber risks?

Digitalization

The maritime sector is on the verge of a digital disruption. Digitalization is increasingly considered one of the key solutions to the many significant challenges the sector is facing, ranging from overcapacity, low margins, regulatory pressure, and lack of efficiency, to new digital demands from customers. Although digital transformation of the maritime sector is still in its infancy, it’s safe to assume that digitalization will have a major impact on operations and existing business models in the years to come.

But fast-moving changes do not come without risk. Industrial automation and control systems that were once isolated and deemed secure, are increasingly being connected to corporate networks and the Internet. Individual devices across enterprise Information Technology (IT) and Operational Technology (OT) networks – from smart digital equipment and tools to navigation, engines and more – will present potential new pathways to cyber attacks and incidents on vessels.

First steps towards regulation

This has driven IMO to issue the Resolution on Cyber Risk Management. The resolution “encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems” by 2021.

While that does not sound too obligatory, potential implications of inappropriate cyber risk management are obvious, as it may lead to, for example:

• Increased (unforeseen) expenses;
• Operational loss due to incidents;
• Safety and personnel damage;
• Limited competitive edge.

But potentially, consequences are more widespread. Lack of compliance with these requirements may also lead to increased insurance fees, port access denial and even detention of ships, again meaning huge financial losses for their owners.

It is expected that, though for now just a recommendation, the IMO Guidelines can become the GDPR for the maritime sector: that regulation where noncompliance potentially affects your license to operate – and that regulation that seems difficult to get a grip on.

As cyber security may not be the core business of most maritime organisations, proper guidance on efficiently incorporating cyber risk management is needed. This is where KPMG offers its global expertise on cyber security advisory and digital risk management for the maritime sector.

Addressing cyber risk

KPMG’s solutions aim at letting maritime organisations manage cyber risk in the way that is intended in, for example, the IMO Guidelines on Maritime Cyber Risk Management and the BIMCO Guidelines on Cyber Security Onboard Ships. This includes:

• Identify: To be able to identify and manage risks and turn them into business advantages, you first need to understand your connected landscape and identify the most relevant threats and highest risks for your environment.
• Protect: Once you understand your maritime IT and OT landscape and the impact and risks of the different systems within, you can take appropriate measures to protect it where relevant.

Source: linkedin

The European General Data Protection Regulation (GDPR) entered into force on 25 May this year. While many of its provisions already applied under existing national and European data protection laws, the advent of the GDPR raised the profile of the issue and concentrated the minds of those in organisations that are now faced with the possibility of huge fines for any failure to protect adequately the personal data of their customers and employees and, most importantly, to report when a breach has occurred.

Under GDPR, companies are obligated to do three basic things: to ensure that data is held only for specific reasons and purposes; to ensure data subjects’ consent is not only freely given but as easy to withdraw as to provide, and to ensure systems for the storage and processing of data are secure.

This has led to the emergence of a whole industry of instant experts in data protection, who flooded many people’s inboxes with apocalyptic warnings of impending catastrophe and quick-fix solutions of high cost and limited results.  Quite how they compiled their distribution lists without breaching pre-existing data protection laws is not entirely clear.

One of the key issues for those in the shipping industry concerned cross-border transfers of personal data, particularly between EEA and non-EEA states. To what extent would GDPR apply to seafarers recruited from non-EEA countries?  Would it be lawful for personal data to be passed to organisations in countries outside the EEA?  These would include crewing and manning agencies, but also Port State Control and other statutory authorities and overseas ports.

The Chamber sought answers to these important questions from legal experts at law firm Hill Dickinson, who led a workshop for members at the UK Chamber last September.  Following on from this, the Chamber prepared a publication, ‘The GDPR: Guidance to Shipping Companies’, which was published by Witherby Publishing in June this year.

Following requests from members, the Chamber will host a follow-up workshop entitled ‘The GDPR – Implementation and Next Steps’ on the afternoon of Thursday 18 October. The key purposes of the workshop will be to introduce the guidelines and hear members’ experiences of bringing their data protection procedures into line with GDPR.

Hill Dickinson’s Javed Ali will take centre stage and will provide answers to some of the most important questions that members have raised concerning the GDPR. These include how transfers of personal data between data controllers and processors inside and outside the EEA should be conducted in order to be GDPR-compliant; the use of data protection clauses in contracts and charterparties, and the link between shipboard and shore-based data protection policies.

Mr Ali will also report on Hill Dickinson’s own experiences of the application of GDPR, the role that the Information Commissioner’s Office has played since 25th May and details of prosecutions for breaches of GDPR that have been brought.

Following Mr Ali’s presentation, members will have the opportunity to put their own questions to him and raise any further matters that might have come to light since the regulation’s entry into force. Suggestions for further actions by the UK Chamber will also be welcomed.

Source: ukchamberofshipping

Life was pretty difficult for a sailor in the age of exploration, and every day was filled with hard work, and back breaking labor. Journeys could take years, since ships could only cover about 100 miles a day, and the pay was poor. Food wasn’t of the best standard either, with crews getting 3,000 calories a day of salted beef, hardtack, ale or wine, and dried fruits or vegetables. How far would you make it in the Age of Exploration with only one set of clothes, and scurvy “the scourge of the seas,” nipping at your heels — along with the mice?

Source: maritimecyprus

The financing was led by PowerOne Capital Markets Limited and Primary Capital Inc. The proceeds of this financing will enable MLS to achieve first flight heritage in 2022 of a small class launcher and mature the site and the Cyclone 4M medium class launch vehicle for launch in 2023 from its state-of-the-art complex near Canso, Nova Scotia.  With construction to begin this fall, Maritime Launch’s commercial launch complex will be the first of its kind in Canada.

“We are thrilled with today’s announcement as it advances our initiative to disrupt the launch industry by giving our clients an affordable price per kilogram and just as importantly, the ability to deliver their payloads to space when they want them and where they want them,” said Steve Matier, President and CEO of MLS. “We are grateful for the dedication and support of many, beginning with the people of Canso and the surrounding community to our investors, customers, government, suppliers and engineering support teams that have backed our initiative from the beginning. We are looking forward to starting construction, ramping up operations and finalizing our launch vehicle offerings.”

Maritime Launch provides the necessary skills, assets, launch vehicle technology, and infrastructure to serve the rapidly growing commercial space launch requirements for satellites. Leveraging highly reliable and mission-proven launch vehicles designed by Yuzhnoye, Maritime Launch will offer the most efficient lift capacity to address the launch requirements of the fast-growing LEO space industry worldwide. The medium class launch vehicle, the Cyclone 4M, is right sized for today’s market with its 5-ton satellite payload capacity and 4-meter fairing.

“We have selected the most optimal location for our launch complex” said Matier. “Near the town of Canso, our launch site will provide a wide range of launch inclinations including optimal polar and sun-synchronous launch trajectories. Along with the creation of the launch site, we are looking forward to hiring a talented team and contributing indirectly to economic growth, including local infrastructure improvements and increased tourism”.

About Maritime Launch Services

Maritime Launch is a Canadian-owned commercial aerospace company based in Nova Scotia that has been executing a plan to establish a commercially controlled, commercially managed, launch site that would provide rocket launch services to clients, in support of the growing commercial space transportation industry over a wide range of inclinations. The development of this facility will allow the Cyclone 4M and other prospective launch vehicles to place satellites into low-earth orbit, building to a launch tempo of eight to ten launches per year. This will be the first commercial orbital launch complex in Canada.

Maritime Launch’s supplier, Yuzhnoye and Yuzhmash, are the developers of the Cyclone 4M rocket, and are proven leaders in the aerospace industry with over 65 years of experience. This expertise was most recently demonstrated with the successful Arianespace Vega launch on April 28, 2021 and the Northrop Grumman Antares launch on February 20, 2021. Both launch vehicles deploy significant Ukrainian technology; the 4th stage propulsion system and the first stage core, respectively.

Source: newswire

The maritime industry is responsible for transporting more than 80% of global trade of goods, such as automobiles, bulk commodities, chemicals, wood products, iron and steel, garments and shoes, and consumer goods, toys, electrical appliances, oil and gas, pharmaceutical products and food.

COVID-19 related measures imposed by Governments, including travel bans, embarkation and disembarkation restrictions or suspension in the issuance of travel documents, have severely strained the working conditions in the global shipping sector, resulting in a humanitarian and safety crisis.

Hundreds of thousands of seafarers are trapped on ships as routine crew changes cannot be carried out, while hundreds of thousands are stranded on land, prevented from re-joining ships.

Those stranded on ships are being denied their human rights, including their rights to physical and mental health, to family life, and to freedom of movement, and are often forced to work beyond the default 11-month maximum period of service on board, as established by International Labour Organization (ILO) Maritime Labour Convention, 2006 (MLC, 2006). This is resulting in cases that could amount to forced labour.

The UN General Assembly, the Secretary General and UN agencies have called on governments to designate seafarers as “key workers” and to honour their commitment to seafarers, especially as it relates to medical care, length of service and repatriation.

The UN Human Rights Office, the UN Global Compact, and the UN Working Group on Business and Human Rights have issued a statement calling upon companies to act under the UNGPs. This call has been echoed by the International Labour Organization (ILO).

In the context of the COVID-19 crisis, business enterprises that engage with the maritime industry should undertake human rights due diligence to identify, prevent, mitigate and address adverse human rights impacts on seafarers resulting from restrictions to crew changes. This involves utilizing leverage – individually and collectively – on governments and maritime transport providers to ensure respect for seafarers’ rights. The scale and complexity of due diligence should be reasonable and proportional to its their size and operational context, among other factors.

Moreover, companies should not exert undue pressure on the maritime industry to lessen the protection afforded by existing standards, including those set out in the MLC, 2006. For instance, some are demonstrating irresponsible practices that jeopardize seafarers’ rights, including the appearance of ‘no crew change clauses’ in contracts between charterers and the maritime industry.

Source: maritimecyprus

International Maritime Bureau’s Piracy Reporting Centre (IMB), the Gulf of Guinea hit a record with 130 crew kidnappings in 22 separate incidents in 2020 (source: ICC Commercial Crime Services).

About 95% of all reported maritime kidnapping cases worldwide have taken place in the Gulf of Guinea. Unfortunately, the first months of 2021 do not show any signs of improvement. Already in January several notable attacks and violent kidnappings were reported.

The IMB report notes that incidents in the Gulf of Guinea are particularly dangerous as the majority of the perpetrators were equipped with guns. Until a couple of years ago cargo theft seemed to be the main driver for piracy, but nowadays we are seeing a shift towards violent kidnapping of crew members with the objective to demand a ransom. The kidnapped crew members are consequently taken deep into the jungle where they are held hostage for months until ransom is paid. The conditions in the camps are severe, resulting in sickness or sometimes even death.

The issue of piracy in the Gulf of Guinea used to be significantly different from, for example, the Horn of Africa, where most attacks take place in international waters where vessels can be protected by the international community. Within the Gulf of Guinea, however, many attacks occur near the coast and the responsibility to deal with an act of piracy within territorial waters rests with the coastal state. Previous years have shown that the pirates are now able to operate further from shore, as incidents have been reported to take place at 200 nautical miles from the coastline. As a result, the international community has been alerted and initiatives to protect vessels have been initiated such as, for example, the pilot case of the EU’s Coordinated Maritime Presences (CMP) concept (source: European Council).

It is noted that in addition to the existing High-Risk Area in the territorial waters of Nigeria and Benin, a new Extended Risk Zone has been designated to cover a substantially larger area in the Gulf between Liberia and Angola.

Source: maritimecyprus

When the General Data Protection Regulation¹ (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the reach of the GDPR to businesses located outside the European Union who offer goods or services to EU residents or who monitor the behavior of EU residents.²

Under the threat of becoming liable for a breach of the GDPR and potential fines of up to €20m or four percent of global turnover (whichever the higher), many businesses based in the United States and other locations outside the European Union have simply taken a stance of refusing to deal with EU residents, including taking measures such as geo-blocking websites to EU-based visitors. Other businesses, in the United States and elsewhere, have found themselves contemplating whether they might be subject to the GDPR and how to react merely because they have made a new EU-based business connection, acquired the contact details of a potential customer in the European Union, or even become aware that an employee at a customer organization had moved to the European Union.

A court in the United Kingdom has now considered the limits of extraterritorial jurisdiction of the GDPR, which may provide some reassurance to overseas businesses that limited contact with EU residents via a website may not necessarily lead to them being subject to the GDPR.

In the recent case of Soriano v Forensic News,³ the High Court of England and Wales looked at the extent to which the U.S.-based news website defendant, Forensic News, could be regarded as being subject to either limb of the GDPR’s jurisdiction provisions in relation to its processing of the personal data of the UK-resident claimant as part of its journalistic activities. The facts of the case derive from the period prior to Brexit and the end of the transition period, while the United Kingdom was still subject to EU law, and therefore, the court applied the EU version of the GDPR and related jurisprudence and guidance.

The GDPR’s jurisdiction provisions are set out in Article 3 and have two elements: (1) an organization is “established” in the European Union for the purposes of the GDPR, or (2) the extraterritorial jurisdiction provisions, which apply when an organization located outside the European Union offers goods or services to EU residents or monitors their behavior. Although the main purpose of the Soriano case was to decide on whether the United Kingdom was the appropriate forum in which to litigate a range of other potential claims, including defamation, malicious falsehood, harassment, and misuse of private information, its interpretation of the jurisdiction of the GDPR is significant because it is one of the few judicial authorities that have been handed down on this issue so far.

Source: natlawreview

“Carbon reduction is a key strategic objective for our company and follows our mission of connecting the world today, creating a sustainable tomorrow,” said Oeyvind Lindeman, Chief Commercial Officer at Navigator. “We continuously strive to reduce our carbon emissions through innovations in the way we manage our company and in the way we operate our assets. Offsetting is one of several tools we choose to use in order to deliver a true carbon-neutral voyage. We are looking at ways to further promote and develop similar voyages in collaboration with our stakeholders whilst always keeping the UN’s Sustainable Development Goals in mind.”

In addition to industry-led technological and regulatory developments in reducing its carbon footprint, Navigator Gas looks forward to further harnessing the potential of similar projects in the future to provide carbon offsetting to its customers in an effort to abate the current carbon emissions associated with day-to-day shipping activities, whilst future solutions are developed and deployed.

“Navigator is taking the lead in applying new solutions to address the existing carbon footprint associated with seagoing vessels. Their effort marks a landmark change in the global maritime sector by moving from words to tangible action, and we believe many more will follow their example. At CHOOOSE, we are proud to be participating in this global change led by Navigator by building technology that makes the global maritime sector a part of the solution,” said Andreas Slettvoll, CEO and co-founder at CHOOOSE.

Navigator Holdings Ltd. is the owner and operator of the world’s largest fleet of Handysize liquefied gas carriers and a global leader in the seaborne transportation of petrochemical gases, such as ethylene and ethane, liquefied petroleum gas (“LPG”) and ammonia. We play a vital role in the liquefied gas supply chain for energy companies, industrial consumers and commodity traders, with our sophisticated vessels providing a safe, efficient and reliable ‘floating pipeline’ between the parties. Please visit www.navigatorgas.com for more information.

Source: prnewswire

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/20b9430e-9058-4d7f-b953-d5d178def3c5

Fines imposed under the General Data Protection Regulation have increased by almost a half over the past year as European authorities flexed their regulatory muscles despite disruption caused by the pandemic. A total of €272m has been levied in fines by European data protection authorities since the introduction of the GDPR in 2018. Over half of those penalties were imposed by Italy and Germany. According to research by DLA Piper, €159m of those fines were imposed in the past 12 months, an increase of nearly 40 per cent on the first 20-month period after GDPR came into force.

Source: ft