MARITIME CYBER SECURITY Archives - Page 27 of 28

A group of US ports and infrastructure organisations have come together to share information on cyber security under the umbrella of The Maritime Transportation System Information Sharing and Analysis Centre (MTS-ISAC).

The board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (Jaxport), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

David Cordell, cio for the Port of New Orleans, offers, “By correlating cybersecurity information across MTS critical stakeholders, the ISAC provides all of us with the early warning needed to protect our individual organizations from incidents. We see value from our participation in the MTS-ISAC that we could not obtain elsewhere.”

Christy Coffey, MTS-ISAC vp of operations, said: “Response to the MTS-ISAC has been phenomenal. Strong leadership from our board and executive team, early adopter sharing of suspicious and malicious activity targeting their organizations, and quality partnerships have led to an extraordinarily successful launch.”

The Department of Homeland Security recognises the Maritime Transportation System (MTS) as one of the seven critical subsectors within the Transportation System Sector. The American Association of Port Authorities believes the MTS is worthy of cybersecurity protection.

The MTS-ISAC serves as a centralised point of coordination between the private and public sector to share timely and actionable cyber threat information between trusted stakeholders. Information sharing and analysis efforts focus on threats to both information technology (IT) and operational technology (OT) systems that stakeholders can use to prevent and/or minimize potential cyber incidents.

The MTS-ISAC’s services assist MTS critical infrastructure stakeholders with understanding and addressing cyber risk areas that are outlined in the 2021 IMO requirements and the recently released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20, “Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities”.

Source: https://www.seatrade-maritime.com/ports-logistics/us-ports-and-infrastructure-providers-come-together-cyber-security

France LNG Shipping is a joint venture of NYK Line and Geogas LNG, a subsidiary of France’s Geogas Group.

Elisa Larus has an overall length of 297 m, beam of 46.4 m, with a GTT Mark III Flex cargo containment system and a WinGD X-DF dual-fuel, slow-speed engine.

Built to Bureau Veritas (BV) class, Elisa Larus is the first LNG carrier to be awarded the French classification society’s cyber security notation. The BV cyber notations provide procedures and methodologies to address design and operational requirements for cyber security in compliance with IMO 2021 requirements and the new IACS recommendation 166.

“A cyber security notation from BV provides a pragmatic approach to cyber security – reflecting industry needs and cyber security best practice,” said Bureau Veritas Marine & Offshore director of advanced services Jean-Baptiste Gillet. “And with a newbuilding we are able to help ensure ‘cyber security by design’”, added Mr Gillet. BV cyber security notations are based on BV’s rule NR-659 and are the result of co-development with marine security experts.

Elisa Laurus is the first LNG carrier with BV’s cyber security notation

BV is seeing a rapid growth in the number of ships applying for its ‘Cyber Managed’ notation.

The notation was co-developed by BV and external marine security experts as part of joint technical working groups organised by BV. It ensures compliance with the main existing cyber security standards and will enable shipowners to meet the requirements of IMO’s guidance to administrations that maritime cyber security risk should be reflected in ship security practice under the ISM Code by 1 January 2021.

Shipowners in Greece have been pioneers in applying the notation and now it is gaining traction with other shipowners and across the entire maritime ecosystem, including ship managers, charterers, insurers, and offshore operators.

BV expects that more than 100 ships will be operating under the Cyber Managed notation in 2020.

Cyber Managed focuses on ensuring cyber security is managed on board as per industry best practice for change management and traceability of IS/IT systems on board, emergency procedures and basic security protection measures.

Cyber Managed is based on a security risk assessment developed from an initial mapping of onboard systems that results in a practical set of requirements. The initial risk analysis and mapping exercise can be performed either during the newbuilding phase or at any time during the lifecycle of the vessel. As such, the notation is applicable to both new and existing ships.

Source: https://www.rivieramm.com/news-content-hub/new-lng-carrier-lsquocyber-secure-by-designrsquo-59456

The digital application Navigate enables shippers and freight forwarders to choose the most efficient and sustainable transport options for their container shipments. By adding a new route engine and utilising data sourced directly from carriers and operators, the current version of Navigate is more efficient, more complete and – as a result – more reliable.

In 2017 the Port of Rotterdam Authority launched Navigate: a digital application that provides insight into connections to, from and via Rotterdam, as well as business activity in the port. Navigate Rotterdam offers a comprehensive overview of all deep sea and short sea connections via Rotterdam and links these to rail and inland shipping connections in the hinterland. In addition, Navigate’s ‘empty depot service’ shows users where empty containers can be collected and dropped off. The application also includes an online business directory that offers details on the wide range of companies in the port area.

Based on the selected point of departure and destination, the route planner presents a number of different door-to-door options. For each route, the application outlines possible maritime connections, as well as which rail, inland shipping or road haulage options are available for transporting the shipment to its destination. Users can apply filters to quickly pinpoint which solution best suits their needs. After this, they can use Navigate to get in touch with different service providers – at the click of a button – to request a price quote, for example.

It has become very simple to directly submit data to Navigate, enhancing the quality of the presented route options even further. The heart of Navigate is formed by a new intermodal route engine for all sea, rail and inland shipping connections. Navigate currently connects 3,186 terminals worldwide and is processing over 1,435,000 schedules daily.

The Port of Rotterdam Authority is working together with a range of parties in the sector to continuously improve the quality of its digital applications. These applications are in line with the Port Authority’s ambition to develop into the world’s smartest port, by taking advantage of the opportunities presented by new technologies. This will ultimately make operations in the port of Rotterdam swifter, safer, more efficient and more sustainable.

Source: https://seawanderer.org/navigate-rotterdam-improved-thanks-to-data-sourced-from-sector-players

Bureau Veritas (BV), a world leader in testing, inspection, and certification (TIC) services is classing the recently delivered ‘Elisa Larus’.

France LNG Shipping SAS (a French ship-owning company jointly owned by NYK and Geogas LNG*) has taken delivery of the LNG carrier ‘Elisa Larus’ from Hyundai Samho Heavy Industries in South Korea. The 174,000 cbm gas carrier is classed by Bureau Veritas.

The new vessel has been awarded a Bureau Veritas cyber security notation. The BV cyber notations provide procedures and methodologies to address design and operational requirements for cyber security in compliance with IMO 2021 requirements as well as the new IACS recommendation 166.

‘This is the first such award of a cyber notation for an LNG carrier’, commented Jean-Baptiste Gillet, Director Advanced Services, Bureau Veritas Marine & Offshore.

‘A cyber security notation from BV provides a pragmatic approach to cyber security – reflecting industry needs and cyber security best practice. And with a newbuilding we are able to help ensure “cyber security by design”.’ BV cyber security notations are based on BV’s rule NR 659 and the result of co-development with marine security experts.

Source: https://www.marineinsight.com/shipping-news/bureau-veritas-awards-nyk-jvs-new-lngc-elisa-larus-cyber-security-notation/

Iran Press/ Iran News: An official at Shahi Rejaei port said due to the vigilance and readiness of defensive Sybercecurity units at the port, attacks neutralized.

The source confirmed the cyber attacks from the zionist Regimes in past weeks and said that no interruption caused by the attacks.

Also, Mohammad Rastad, managing director of the Ports and Maritime Organization of Iran, said the terrorist attack “failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports”.

The Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz.

According to intelligence and cybersecurity officials, cited by the Washington Post, the attack was carried out by Israeli operatives. It came after the occupying regime claim that it had been the target of an attempt to penetrate the computers that operate water distribution systems in Israel.

Iran has been the target of US and Israeli cyber terrorism for a decade, including attempts to remotely sabotage the Islamic Republic’s nuclear program.

On December 15, Iran’s Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi said that Iran detected foreign spying malware on the Government servers and the related suspects are under investigation.

The systematic cyber-attack on Iranian electronic government systems was discovered and foiled by Dejfa fortress at the time.

Source: https://iranpress.com/en/iran-i147423-zionist_regime_failed_cyber_attack_at_shahid_rajaee_port

Maritime cyber security, threats, trends, and relevant safeguards

Milan – Even more than within other sectors, across the maritime domain’s evolving landscape of real-time connectivity requirements, which provides data in order to optimize maritime operations and customer experience, there are increasing vulnerabilities onboard vessels, potentially leading to ever more disruptive incidents; in what follows, Giuseppe D’Agostino, Associate Cybersecurity & Privacy Partner at PwC, talks about the subject.

Maritime cyber security

Cyber Security is increasingly becoming a topic of great interest across all economic sectors. After all, the statistics speak for themselves: 30% of businesses believe there’s a high probability they could be target of a cyber attack (source: PwC Digital Trust Insights 2018); proceeds from cyber crime, particularly those of drug smuggling operations, are estimated to be close to 3,000 billion dollars (source: Serious & Organized Crime Threat Assessment); around 15% of companies indicated they had uncovered over 50 cyber incidents over the past year (source PwC Digital Trust Insights 2018), marking a trend that’s on the rise.

Figures regarding the consequences of cyber attacks are equally dire. For instance, data breaches at Yahoo in 2016, and at Equifax in 2017, resulted in 320 million dollars being knocked off its sale price, and in a 32% drop in its share value, respectively. Danish shipping and logistics giant Maersk fared not much better, following an attack employing NotPetya ransomware. It’s estimated that the significant impact on business that followed that incident translated to around $300 million in lost revenue. Analysis of concrete incidents such as these sheds some understanding on the potential economic aspects of a cyber attack, and indeed quantifies them.

The introduction of new technologies has opened new vulnerabilities for enterprises, which, therefore, require innovative approaches to cyber security. An overview of the global picture shows that by 2020 some 50 billion devices will be interconnected (Internet of Things), a trend that is reflected across the maritime domain, with exponential growth expected in the use of wearable devices and integrated sensors; 100% of new cars will, moreover, be connected by 2022; similarly the piece of news that stands out in the maritime sector has to be the upcoming launch of the world’s first autonomous ship, the Yara Birkeland.

Cyber criminals will try to exploit the vulnerabilities that new technologies inevitably carry, and companies are starting to plan for new control regimes as these new developments are rolled out. An analysis of this data clearly shows an increase in vulnerabilities and threats regarding Cyber Security, which results in a need to develop and implement a holistic approach to cyber security incidents, by acting on three separate levels: prevention, identification, and response.

In terms of prevention, for example, it is essential to integrate the principles of security and privacy within evolving business models, such as developing new services and systems (security by-design and by-default). Many studies have shown how the costs for the mitigation of a vulnerability grow exponentially as time elapses; solving a security bug in the development phase, for example, is clearly much easier and cheaper than working on a system in full operation. Another aspect related to the prevention of security incidents concerns external suppliers.

Maritime cyber security

The services provided by companies are becoming increasingly integrated within complex and geographically dispersed value chains, in which relations and data exchanges with third parties assume a predominant role. A company’s security, therefore, hinges on the security of the entire value chain. In addition, less structured suppliers increasingly constitute an entry point for attackers, making no company, however mature, immune from an attack.

No matter how effective the countermeasures implemented may be, it’s essential to be able to detect attacks in a timely manner. An example of how companies are addressing this need is in the setting up of ad hoc structures to perform monitoring and alerting; these structures are usually termed Security Operation Center (SOC) and are responsible for the collection, correlation and analysis of data in order to generate alerts and detect possible security breaches.

The GDPR, particularly the measures concerning data breach (which oblige violations of personal data to be reported within very short times), gives even greater emphasis to the importance of effective monitoring. The response to incidents, that is the containment and restoration of the components impacted, is crucial for damage containment. It is important to make use of adequate professional skills that can contain the incident quickly, ensure the collection of exhaustive data that can stand up in court, and understand the root cause as soon as possible, to ensure that it will not happen again in the future (lesson learned).

Figures show that in this context there are considerable possibilities for improvement, given that it’s estimated that, on average, it takes 197 days time to identify a data breach, and 69 days to contain it (source: 2018 IBM – Cost of a Data Breach Study). The growth in threats and attacks has made cyber threats one of the top 5 priorities for CEOs. In fact, firms often feel unprepared, and 57% of firms in Italy consider action in the field of Cyber Security & Data Protection a priority (source PwC Digital Trust Insights 2018).

In conclusion, the following 5 basic steps should form the basis of a strategic security program: 1. Ensure that Cyber Security strategy is aligned with business objectives and is adequately supported by the company management. 2. Identify the most critical data resources, and prioritize investments through risk analysis to anticipate threats. 3. Be aware of threats (Intelligence), their motivations, resources and methods of attack, to reduce the time between detection and response to an incident 4. Evaluate Cyber Security of third parties and partners across the value chain, ensuring compliance with security policies and procedures 5. Provide training for employees and collaborate with others to raise awareness of Cyber Security threats and response techniques. Increasing knowledge and understanding of the threats and actions to be taken will allow companies and enterprises to improve their resilience. The ability to respond effectively to these challenges will increasingly be a key distinguishing factor in the future, which will reward companies able to provide reliable cyber-ready services on the market, thus turning measures aimed at avoiding risks into true business opportunities.

Maritime cyber security, threats, trends, and relevant safeguards

SOURCE : THEMEDI TELEGRAPH

Maritime Cyber security

The University of Plymouth has created a cyber security research lab that focuses on challenges faced by the shipping industry.

The £3 million ‘Cyber-SHIP‘ lab will complement the university’s existing maritime facilities which includes a simulator dedicated to training professional sailors.

The lab is a transformational step towards developing a national centre for research into maritime cyber security, according to Professor Kevin Jones, the executive dean for science and engineering and principal investigator for the project.

Jones believes that the lab will support a range of research and training that cannot be achieved with simulators alone. These will also facilitate the development and delivery of new maritime cyber provision for graduates, postgraduates, and industry.

“Cyber attacks are a Tier1 National UK threat. But, although the maritime sector is advancing technologically, it is not well protected against cyber or cyber-physical attacks and accidents,” he said.

“Worth trillions, it has an unmatched reach across international waters, which exposes people and goods to a diverse range of factors, putting the shipping industry at high risk. As such, this facility has never been more timely.”

The lab has been developed in partnership with shipping equipment manufacturers, port operators, shipbuilders, classification agencies, and insurance companies. Some of the areas it will look at include the cyber risk of autonomous ships, maritime cyber risk assessment, and the scope and impact of evolving tech on international shipping.

The project, which has been funded by Research England will last for three years with the hope that it will be self-sustaining by then. It aims to bring together a host of connected maritime systems currently found on an actual ship’s bridge. Cyber security experts will then assess these systems for vulnerabilities and identify the technology and skillsets needed to make them more secure.

The lab will feature cutting edge maritime technology including radar equipment, a voyage data recorder, an electronic chart display and information system, an automatic identification system, and communications devices.

SOURCE ITPRO

maritime cyber security Kongsberg Maritime director of autonomy Peter Due explains why e-navigation and technology developed for the Yara Birkeland project will enable a future of autonomous shipping

ECDIS and e-navigation will be essential for generations of future autonomous ships. Although the first unmanned ships will be remotely controlled and operating in coastal waters, in the long term there will be ocean-going autonomous ships, with e-navigation technology monitoring their progress onshore.

IMO placed ocean-going autonomous vessels firmly on the global agenda during the Maritime Safety Committee (MSC) 99 session in May this year, by implementing a working group to conduct a regulatory scoping exercise for using MASS (Maritime Autonomous Surface Ships)*.

Kongsberg Maritime will be part of that working group and will deliver technology to the world’s first all-electric, zero emissions and autonomous container vessel, Yara Birkeland. This ship is scheduled to transport fertiliser products along a 30 nautical mile route to the ports of Brevik and Larvik next year and by 2020 is likely to be unmanned.

Kongsberg Maritime director of autonomy Peter Due said new navigation and collision avoidance systems that centre on e-navigation technology were needed for this project, as Yara Birkeland will operate on a busy waterway.

Kongsberg drew on its experience in autonomous underwater vehicles, dynamic positioning, ECDIS and sensor fusion as a foundation for autonomous navigation. But Mr Due explained to Marine Electronics & Communications that more development was required. “Harmonising with artificial intelligence, machine learning and digital twin technology enables the extreme level of safety required,” he said.

Mr Due said Yara Birkeland’s operations will be planned, pretested and optimised in the cloud using the Kognifai digital platform and its digital twin that Kongsberg generated. This includes navigation in different metocean conditions.

“The twin integrates all data including weather, currents, tides and temperature with a detailed physical ship model,” said Mr Due. “We can then decide the optimum route and simply transfer it to the ship’s autonomy engine, navigation systems and ECDIS when it is in port,” he continued.

“Once the ship sets off, sensor fusion comes into play, enabling the autonomy engine, working with the onboard digital twin and e-navigation systems to adjust and reroute at sea according to the going conditions and other vessels in the vicinity.”

It is this dynamism a fully autonomous navigation system requires that led to the establishment of the Hull to Hull (H2H) EU-funded research project. This will develop technical solutions for safer navigation in close proximity of other stationary or moving vessels and objects.

H2H will use the European Global Navigation Satellite System to enhance safety in busy waters and during close manoeuvring. “This will help mariners to make the correct navigation decisions and will create the fundamental conditions for autonomous vessel navigation,” said Mr Due. Data can be used as an input to an autonomy controller.

Navigational safety is essential if the benefits of MASS are ever to be truly realised”

Ensuring e-navigation and collision avoidance technology works correctly will be fundamental to autonomous shipping. “Navigational safety is essential if the benefits of MASS are ever to be truly realised,” said Mr Due.

SOURCE READ FULL ARTICLE

Maritime Cyber Attack

Cyber attacks like the NotPetya malware that struck Maersk are raising concerns about cyber risk and its effects on resilience, according to specialty insurer XL Catlin

Shipping industry firms and port operators are worried about linkage between cyber-attacks and supply chain risk, insurer XL Catlin has warned.

Big interdependencies between systems mean maritime firms face major business continuity risks from online threats.

“The problem is that nobody knows, other than the computer systems, where your goods are,” said Pascal Matthey, head of global lines for marine risk engineering at XL Catlin.

“You might never find your container again. Refrigerated containers might lose power, which would mean huge damage,” said Matthey.

Maersk was among those organisations worst hit by the NotPetya contagious malware attack last year.

The global shipping and logistics firm had to reinstall some 4,000 servers, 45,000 PCs, and 2,500 applications; the process took 10 days and cost the company around $450m.

The company was forced to temporarily switch to manual systems – pen and paper, and lots of overtime – resulting in a temporary 20% drop in volumes.

Another cyber-attack, revealed in 2013, struck two shipping companies operating in the Belgian port of Antwerp, and had reportedly gone undetected for about two years before that.

An organised crime group allegedly used hackers to infiltrate computer networks, allowing cocaine and heroin, hidden in containers shipped from South America, to be intercepted by criminals.

“The idea was not to harm the port but to get things out by hacking the system,” said Matthey, based in the specialty insurer’s Zurich office.

He warned about the potentially catastrophic consequences of a cyber-attack by terrorists, such as targeting a ship and interfering with its steering or navigation to cause a collision in congested waters, such as a port or major trade artery such as the Panama Canal.

Maritime Cyber Attack

“What happened on 9/11, you could perhaps now do with a ship, by steering a large vessel into an oil or gas terminal, which could have disastrous consequences,” said Matthey.

XL Catlin is among those re/insurance firms involved in developing blockchain applications – distributed ledger technology for smart contracts, sharing data instantaneously between the relevant counterparties.

A new blockchain platform for marine insurance contracts at XL Catlin and MS Amlin is expected to go live this year.

Maritime Cyber Attack

SOURCE STRATEGIC RISK READ FULL ARTICLE

Maritime Cyber Security

More than half of 6,000 seafarers who took part in a crew connectivity survey have had a part of their role automated over the last two years, and 98% of these seafarers are positive about the change.

The largest ever survey of seafarers to date revealed that nearly all who took part feel that technology and automation provide great opportunity to enhance their job roles and shipping operations. Roger Adamson, Futurenautics Maritime’s chief executive officer, who presented the results during the report’s launch in London this week, said that for the first time Futurenautics looked into the “weird and wonderful technology of the future that everyone talks about – robotics, automation, big data, analytics, unmanned ships,” these topics which had not been explored before.

Adamson explained that they first started talking to seafarers about automation levels. “53% of them came back and said we have had one or more components of our role automated within the last two years. That figure increased to 72% when we included officers.”

Maritime Cyber Security

The impact of automation on seafarers and officers’ roles proved to be positive, with the majority (98%) confirming it had helped rather than hindered them in their role at sea. Adamson also confirmed that automation, robotics, artificial intelligence, and augmented/virtual reality, were viewed as opportunities by the majority of seafarers, rather than as threats, which came as a surprise to Futurenautics. According to Adamson, most saw these processes and technologies as a way to enhance the ability for crew to operate the vessel and do their jobs more efficiently.

SOURCE: CLICK TO READ FULL ARTICLE

Newer Posts

Older Posts

US ports and infrastructure providers come together on cyber security

New LNG carrier ‘cyber secure by design’

Navigate Rotterdam improved thanks to data sourced from sector players

Bureau Veritas Awards NYK JV’s New LNGC ‘Elisa Larus’ Cyber Security Notation

Zionist regime failed cyber attack at Shahid Rajaee port

Maritime cyber security, threats, trends, and relevant safeguards

Maritime Cyber security lab launched for UK shipping industry

maritime cyber security ECDIS will be at the heart of autonomous shipping

Maritime firms fear cyber-attack supply chain breakdowns, XL Catlin warns

Maritime Cyber Security – Automated technologies help us to do our jobs, say 98% of seafarers

News

IHM Maintenance Requirements: Ensuring Compliance with Ship Recycling Regulations

Maritime Electronic Log Book: Digital Record-Keeping for Ships

MARPOL Electronic Book: The Future of Ship Compliance

Quick Menu

Company DETAILS

ISO 9001:2015 CERTIFIED