Cyber_security_class_notation_1288x500_tcm8-169174.jpg

In an age where electronics seemingly control everything, cybersecurity has never been more critical to the marine sector. We depend on electronics for everything from vessel navigation to maintenance, and their proper function is essential to protect crew and vessel safety.

As maritime technology advances, electronic OT — Operational Technology — systems that physically control the ship are being integrated with IT — Information Technology — systems. As vessels update their systems to more advanced, electronically controlled components, they’ll need to increase their vigilance because IT systems can be attacked and controlled by outside parties.

In an attempt to reduce cybersecurity threats, the United States Coast Guard has paired with the Transportation Security Administration to fight potential cyber risks in the shipping industry and prepare mariners with the knowledge to combat them.

In this article, we’ll discuss the types of cybersecurity threats and offer a few best practices to prepare crew members to guard against attacks and misuse. By understanding how and why cyber risks happen, mariners can reduce the chances they’ll occur.

 

Source: mitags


Cyber-Security-ABS.jpg
In the wake of the Petya cyber-attack, which disrupted a host of industries around the world, including the shipping sector, Captain Rahul Khanna (RK), Global Head of Marine Risk Consulting, AGCS, Captain Andrew Kinsey (AK), Senior Marine Risk Consultant, AGCS and Emy Donavan (ED), Global Head of Cyber, AGCS discuss the growing threat cyber risk poses to the maritime sector and what companies can do about it.
How much of a threat is cyber risk to the shipping sector? Which parts of the industry are exposed?

AK: The digital era is opening up new possibilities for the maritime industry but its growing reliance on computer and software and increasing interconnectivity within the sector, also makes it highly vulnerable to cyber incidents.  The shore-based offices of shipping companies are often the target of hackers. However, cyber poses a threat to all parts of the shipping sector, as recent examples testify. The risk of an attack or incident occurring is significant but ship-owners are often reluctant to share information for fear of being identified. This is a big problem and there are efforts underway to form an anonymous incident reporting platform.

Other common vulnerabilities include: lack of awareness, ineffective policies and procedures and an undeveloped cyber risk management culture. To date, the vast majority of attacks have been aimed at breaching corporate security, resulting in loss of critical data, financial loss or IT problems, rather than taking control of a vessel itself. In addition to this threat, it is estimated that as many as 80% of offshore security breaches could be the result of human error.

How would you describe the awareness of the shipping industry when it comes to cyber risk?

RK: The good news is that there is a growing awareness about the risk of maritime cyber-attacks. However, the sector as a whole still doesn’t have a  particularly heightened risk awareness. As no major incident involving a vessel has been reported to date, many in the industry remain complacent about the risks involved, with cyber incidents largely regarded as onshore affairs, even though the number of incidents impacting the shipping industry has been increasing in recent years.

A changing geopolitical scenario could transpose cyber risk into a real threat and if cyber risks are not appropriately addressed, it is only a matter of time before the maritime sector suffers a major cyber-attack on a vessel. The potential for a cyber disruption or a cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its position and in terms of its stability and cargo operations. Just imagine if hackers were able to take control of a large container ship on a strategically-important route. They could block transits for a long period of time, causing significant economic damage

What should shipping companies do to best mitigate cyber risk. How can they best protect themselves?

AK: There are a growing number of resources available to help mariners learn about common vulnerabilities. Just one example is the internationally-recognized United States Maritime Resource Center, which assists the industry in cyber awareness, safety and security through evidence-based research.

Then there are an increasing number of cyber security guidelines which can be followed. Last year, the United Nations’ global shipping regulator, the International Maritime Organization (IMO), approved interim guidelines on maritime cyber risk management, which provide high level recommendations on cyber security (see below). Meanwhile, guidelines have also been issued by other important organizations such as BIMCO, CLIA, Intercargo and Intertanko.

There are standard practices that can be implemented to reduce cyber risk, such as defining personnel roles and responsibilities for cyber risk management and identifying the systems, assets and data that, when disrupted, pose risks to ship operations. Ship-owners also need to implement risk control processes and contingency planning, developing and implementing activities necessary to quickly detect a cyber event. Identifying measures to back up and restore cyber systems impacted by a cyber event is obviously crucial.

These are challenging times for the shipping industry. Budgets are tight and there is pressure to delay maintenance and reduce crew levels and training. However,  IT security cannot be put on the backburner. It is vital that investment in cyber risk education and security is not neglected at this time, despite economic pressures, as this risk has the potential to have catastrophic consequences, given the right confluence of events.

What role can regulation play?

RK: Earlier this month (June 16) the IMO made the decision to incorporate cyber risk management on a more permanent footing with the adoption of cyber risk management requirements into the International Safety Management Code (ISM Code). Owners will need to comply with this by the start of 2021 and this means that there will now be a lot of impetus on ship-owners to create a concrete cyber risk management plan.  The largely self-regulated tanker industry is expected to take such steps much before 2021. Many companies are looking at employing a cyber risk officer, with part of the role being to carry out regular stress testing.

How does cyber risk insurance work in the maritime sector? What is covered?

ED: Typically, hull policies would exclude coverage against cyber-attack or any loss arising from a malicious act involving the use of a computer system. Shippers would be encouraged to purchase standalone cyber insurance coverage. Most of the risks for shippers would be similar in nature to other non-marine businesses (ransomware, hacker / privacy breach, etc). In general, marine, as well as general liability (GL) and property, policies expressly exclude cyber. We absolutely recommend that shippers, like other businesses, purchase a standalone cyber policy for these types of risks.

Source: agcs

HMM-Jakarta.1a68e3.jpg

The shipping industry continues to be the target of cybercriminals, with South Korea’s HMM becoming the latest major carrier to report an attack on its systems. HMM, however, reports that it has so far been able to limit the scope of the attack to its email servers.

The unidentified security breach was detected on June 12, HMM said in its announcement, and it led to limited access to the carrier’s email outlook system in certain areas. They are reporting that on the fourth day after the virus was discovered that the email system is gradually resuming. HMM is also emphasizing that no information or data leak has been found.

“Except for email, the other system networks and functions are fully operational as usual, attributed to the independent cloud-based system,” reported HMM. “In this context, our e-business platforms, including booking and documentation functionality, are properly running without disruptions.”

 

Source: hstoday


thumbnail_container-1611490_1920_Thumb.jpg

A company we worked with recently on cyber resilience found that our work also improved their ability to recover from general technical failures. We identified areas that they had previously not considered – vulnerabilities that they did not know were vulnerabilities.

We asked them what their process was for recovering from a complete ECDIS failure and how long they expected it would take them to recover.

We listened and found that there were areas that could be improved. We worked with them to give them the ability to rebuild their bridge systems from the ground up if they needed to. Our team worked with the vendors to get them the software they needed and arranged for the crew to be trained to implement the recovery plan. It turned out it was quite simple to put in place but they had never before asked the “what if” question, they had never considered there could be a better way of doing things. They now have in place a far quicker, cheaper and simpler system of recovery than flying a specialist software engineer out to the vessel location or downloading a massive file over a VSAT connection.

That’s a typical situation that we come across. By working on cyber resilience, asking the right questions, my team identified operational improvements.

It’s about looking at the world through a different prism. About identifying problems and coming up with practical solutions that cause the minimum of disruption and ensure that, if any losses our outages do occur, they remain minimal. Forewarned is forearmed as they say.

Simply asking the question “Have we considered the cyber risk for X” brings it into the conversation. You don’t need to know the answer, you just need to make sure that someone else does.

Similarly, we work with some of the world’s leading insurance brokers and that is because we make their risks less risky. That’s good for them because it reduces the level of claims and good for us because we get more business. But the main beneficiary is the end client. They get cheaper insurance cover, less exposure to risk and enhanced operational resilience. It’s a virtuous circle.


Uno degli argomenti particolarmente specifici che riguardano i temi della Cyber Security in ambito marittimo è quello relativo alla raccolta dei dati digitali per le esigenze di analisi forense nei casi di incidenti/attacchi informatici. Nelle risposte ad un evento di natura cibernetica, l’indagine digitale forense rappresenta, infatti, non solo una strategia, ovvero una capacità di raccolta delle informazioni digitali critiche che hanno provocato l’evento massimizzandone il loro uso come prova, ma anche un metodo per la comprensione e la mitigazione di rischi informatici a vantaggio della sicurezza dei traffici marittimi nel loro complesso, dalle navi alle stesse infrastrutture portuali.

L’efficacia di tale capacità dipende, tuttavia, da una adeguata disponibilità, qualità ed affidabilità dei dati digitali raccolti sia sui sistemi digitali che su peculiari info-tecnologie in uso in ambito marittimo, attraverso metodi di rilievo il più possibile accurati, basati anche su professionalità specifiche oltre che su avanzati strumenti tecnologici. A questi si aggiungono poi anche strumenti di ricerca informativa e di intelligence, ovvero di raccolta e validazione di dati raccolti, ad esempio, da fonti aperte, che rappresentano sempre più un valore aggiunto nelle analisi di eventi malevoli di natura informatica.

Lungi quindi dall’essere uno strumento passivo di post-analisi o richiesto per esigenze esclusivamente legali ovvero assicurative, numerosi sono i casi in cui le stesse organizzazioni e istituzioni, in molti ambiti peraltro anche diversi dal settore marittimo, hanno beneficiato della raccolta e dell’utilizzo di prove digitali anche al fine di migliorare la tutela dei dati e in generale la propria sicurezza informatica. Sebbene i metodi e le tecniche forensi oggigiorno utilizzati, soprattutto se riferiti ai sistemi legati alle tecnologie informatiche, siano sempre più evoluti, per le attività conseguenti a incidenti o attacchi cibernetici nel settore marittimo (soprattutto per navi o infrastrutture/impianti portuali), sussistono elementi di criticità. Ciò è dovuto in gran parte a determinate specificità del settore rispetto ad altri e, soprattutto, alle peculiarità delle navi ma anche relative alle tecnologie di controllo remoto ormai sempre più in uso nei terminal portuali in cui vi è un utilizzo sempre più diffuso di sistemi operativi informatizzati e connessi alla rete dove la raccolta dei dati digitali post-evento presenta notevoli difficoltà. Sulla base di quanto detto, appare particolarmente interessante procedere ad uno studio delle questioni fondamentali legate a questo tema. In particolare, l’obiettivo e quello di provare ad esaminare e valutare, per quanto possibile, le capacità forensi in un settore specifico come quello marittimo, fondamentale nel commercio globale, che opera in una combinazione di fattori legati alle innovazioni tecnologiche, informatiche ed operative altamente sensibili, sia per gli aspetti di sicurezza individuale (safety) e legati ad eventi accidentali, che di sicurezza fisica (security) conseguenti ad eventi intenzionali.

Una volta esaminate le caratteristiche e le criticità, in termini di prontezza e capacità per una adeguata raccolta dei dati digitali utili alle indagini forensi marittime, attraverso il confronto anche con altri settori e basando l’analisi sui principali criteri e scenari di valutazione del rischio nonché di esperienze e tentativi già consolidati, il passaggio successivo è cercare di individuare alcuni passaggi ritenuti essenziali per impostare questo genere attività. L’obiettivo finale rimane comunque quello di aumentare, anche con l’indagine forense, il grado di sicurezza informatica marittima a vantaggio di un settore particolarmente essenziale e sempre più strategico.

 

Source: babilonmagazine


600fr1.png

The White House has released the National Maritime Cybersecurity Plan for the National Strategy for Maritime Security (NSMS).

The plan integrates cybersecurity into the NSMS’s principles of: (1) freedom of the seas; (2) facilitation and defense of commerce to ensure the uninterrupted flow of shipping and; (3) facilitation of the movement of desirable goods and people across our borders, while screening out dangerous people and material.

The plan unifies maritime cybersecurity resources, stakeholders, and initiatives, aggressively mitigating current and near-term maritime cyberspace threats and vulnerabilities and complements the NSMS’ seven supporting plans. The plan identifies federal government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

The plan’s priority actions will evolve as the public sector, private sector, and international partners mature maritime cybersecurity cooperation and initiatives. The National Security Council (NSC) staff, through the NSC policy coordination process, will periodically convene departments and agencies to review progress toward executing the priority actions. Reassessment of this plan will occur at least once every five years and it may be revised and/or updated through the policy coordination committee process.

 

Source: workboat


700fr2.png

The threat of cyber-attacks on critical systems on board vessels has never been greater. Reports[1] suggests that reliance on digital systems and remote working during the COVID-19 crisis coincided with a fourfold increase in maritime cyber-attacks from February last year.

An IMO resolution[2] came into effect at the start of this year to mitigate this vulnerability. It guides ship owners and managers and requires cyber-risk management in line with the International Safety Management (ISM) Code. In response, Seably is launching a dedicated and comprehensive cybersecurity awareness training course for the maritime sector which directly aligns with the IMO requirements. The course is a collaboration between leading marine insurance providers Alandia and maritime cyber security specialists Deductive Labs.

Sensitive to the complex vulnerabilities within the maritime industry, the dedicated courses have been structured with in-depth content specifically developed by Deductive Labs in line with the established standards and regulations. The virtual training is practical and fulfils all maritime requirements. It provides hands-on instruction and is easily accessible and available both online and offline. Upon completing the training, both participants and shipowner organisations will receive the required certifications for IMO and ISM Code compliance for onboard audits.

The Maritime Cyber-security Awareness Training is suitable for all levels of seafarers. It brings together the understanding of the risks, culture and behaviours – on board and on shore – with the tasks and technology necessary to protect systems, networks, programs, devices, and data from the increasing malicious cyber-attacks.

Commenting on the course content, Johan Sjölund, Business Development Manager for Deductive Labs said, “When designing these courses, we included specialised material that we know from experience creates the right frame of mind. Our goal is to eliminate weaknesses and vulnerabilities at all levels and within all systems. Cyber-security is a complex reality. However, with over 15 years of security knowledge and experience in this field, we are confident that this bespoke training improves cyber security and goes beyond the specified regulations .”

Martti Simojoki, Senior Loss Prevention Manager at Alandia, confirmed their approval and collaboration of the superior quality of instruction contained within these courses. He said, “We have integrated our expertise in pro-active maritime security management and loss prevention with the practical, hands-on and in-depth knowledge of Deductive Labs. We are confident that this new course, now available on the Seably platform, is one of the few recommended and complete learning systems within the maritime sector.”

The introduction of this bespoke maritime training adds to the comprehensive and broad range of specialised content available within the Seably marketplace. Andrea Lodolo, CEO of Seably, said, “Unfortunately, cyber-attacks are on the increase. They are constantly evolving and becoming more common. An attack on a vessel’s critical systems could easily threaten the safety of a ship as well as the business of shipping. No one within our sector can ignore this risk. We are introducing this complete and timely package of training courses to strengthen on-shore and on-board defences. These will equip ship owners and personnel with the required knowledge and skill-sets to ward off cyber threats.”

Created by seafarers for seafarers, Seably is the first maritime digital marketplace that brings together highly-specialised content, cutting edge technology and teaching skills from seafarers, educationalists, industry specialists, insurers, surveyors and a whole range of other related service providers. The launch of the Maritime Cyber-security Awareness Training extends the overall accessibility of global quality online maritime training worldwide. Seably educational modules include IMO and ISM code compliant courses in addition to flag state-approved STCW instruction, legislation typed training, introductory programmes, reflective learning and how-to courses.

 

Source: hellenicshippingnews


800fr.png

Marco (Marc) Ayala is a process automation professional with more than 25 years of experience working in petrochemical facilities where he designed, implemented, and maintained their process instrumentation, automation systems, and process control networks. Currently the director and ICS cybersecurity section lead at 1898 & Co. (part of Burns & McDonnell), Marco has expertise with safety systems, advanced process control, enterprise historians, and industrial network security where he worked with enterprise IT to implement a corporate PCN security solution. He is active in cybersecurity efforts for the oil and gas, maritime port, offshore facilities, and chemical sectors, working alongside federal, local, and state entities for securing the private sector.

Marco is very active in ISA and has been a member for about 20 years. He is now a senior member and a certified cyber instructor for ISA. He sits on the Safety and Security Division (SAFESEC) committee and is their liaison to the ISA Global Cybersecurity Alliance. He is also the membership chair of the Smart Manufacturing and IIoT Division (SMIIoT).

“Safety, security, and digitalization are all so important,” Marco says. “There’s just so much to do.”

His activities outside of ISA also dovetail with his drive to contribute in these areas. Marco is the Sector Chief for the Maritime Domain Cross Sector Council (CSC) with InfraGard. He is a member contributor of the AMSC Gulf of Mexico (GOM) cyber panel, as well as the chair of the cybersecurity subcommittee of AMSC. Marco served on the working group that developed the “Roadmap to Secure Control Systems in the Chemical Sector” in 2009.

 

Source: blog


500fr.png

Seably has launched a dedicated and comprehensive cybersecurity awareness training course for the maritime sector in collaboration with marine insurance providers Alandia and maritime cybersecurity specialists Deductive Labs.

Sensitive to the complex vulnerabilities within the maritime industry, the dedicated courses have been structured with in-depth content specifically developed by Deductive Labs in line with the established standards and regulations. The virtual training is practical and fulfils all maritime requirements. It provides hands-on instruction and is easily accessible and available both online and offline. Upon completing the training, both participants and shipowner organisations will receive the required certifications for IMO and ISM Code compliance for onboard audits.

The Maritime Cyber-security Awareness Training is suitable for all levels of seafarers. It brings together the understanding of the risks, culture and behaviours — onboard and onshore — with the tasks and technology necessary to protect systems, networks, programs, devices, and data from the increasing malicious cyber-attacks.

Johan Sjölund, business development manager for Deductive Labs said: “When designing these courses, we included specialised material that we know from experience creates the right frame of mind. Our goal is to eliminate weaknesses and vulnerabilities at all levels and within all systems. Cybersecurity is a complex reality. However, with over 15 years of security knowledge and experience in this field, we are confident that this bespoke training improves cybersecurity and goes beyond the specified regulations .”

Martti Simojoki, senior loss prevention manager at Alandia, confirmed their approval and collaboration of the superior quality of instruction contained within these courses. “We have integrated our expertise in pro-active maritime security management and loss prevention with the practical, hands-on and in-depth knowledge of Deductive Labs. We are confident that this new course, now available on the Seably platform, is one of the few recommended and complete learning systems within the maritime sector.”

The introduction of this maritime training adds to the range of specialised content available within the Seably marketplace. Andrea Lodolo, CEO of Seably, said: “Unfortunately, cyber-attacks are on the increase. They are constantly evolving and becoming more common. An attack on a vessel’s critical systems could easily threaten the safety of a ship as well as the business of shipping. No one within our sector can ignore this risk. We are introducing this complete and timely package of training courses to strengthen on-shore and on-board defences. These will equip ship owners and personnel with the required knowledge and skill-sets to ward off cyber threats.”

 

Source: thedigitalship


download-1.jpg

Marco (Marc) Ayala is a process automation professional with more than 25 years of experience working in petrochemical facilities where he designed, implemented, and maintained their process instrumentation, automation systems, and process control networks. Currently the director and ICS cybersecurity section lead at 1898 & Co. (part of Burns & McDonnell), Marco has expertise with safety systems, advanced process control, enterprise historians, and industrial network security where he worked with enterprise IT to implement a corporate PCN security solution. He is active in cybersecurity efforts for the oil and gas, maritime port, offshore facilities, and chemical sectors, working alongside federal, local, and state entities for securing the private sector.

Marco is very active in ISA and has been a member for about 20 years. He is now a senior member and a certified cyber instructor for ISA. He sits on the Safety and Security Division (SAFESEC) committee and is their liaison to the ISA Global Cybersecurity Alliance. He is also the membership chair of the Smart Manufacturing and IIoT Division (SMIIoT).

“Safety, security, and digitalization are all so important,” Marco says. “There’s just so much to do.”

His activities outside of ISA also dovetail with his drive to contribute in these areas. Marco is the Sector Chief for the Maritime Domain Cross Sector Council (CSC) with InfraGard. He is a member contributor of the AMSC Gulf of Mexico (GOM) cyber panel, as well as the chair of the cybersecurity subcommittee of AMSC. Marco served on the working group that developed the “Roadmap to Secure Control Systems in the Chemical Sector” in 2009.