The certificate was delivered to the vice president of SHI, Hyun Joe Kim, by the chief country executive of BV Korea, Christophe Capitant, during a ceremony at SHI R&D Centre in Daejeon, Republic of Korea.

As informed, the AiP was delivered for SHI’s “SVESSEL” smart ship solution, which focuses on the complete digitalisation of the ship and its applications to efficiently and safely assist operations.

BV’s Cyber Managed Prepared notation confirms the design’s compliance with the industry’s best practices and the International Maritime Organisation (IMO) 2021 requirements in terms of cyber security, the certification body explained.

According to SHI, the company is confident that the “SVESSEL” solution will strengthen its success and position in the marine and offshore market, which is moving towards autonomous ships in the future.

“Strong cyber security is key to enable shipping to move on to the next level of digitalized and connected ships. For years, SHI has been at the forefront of innovative design and equipment, helping our clients address the risk of cyber-attacks while complying with the current rules and regulations. All the efforts and good collaboration with BV’s expertise led to the issuance of this Approval in Principle”, Hyun Joe Kim, vice president of SHI, said.

Laurent Leblanc, senior vice president Technical & Operations at BV Marine & Offshore, added: “Bureau Veritas is proud to see the successful completion of this AiP with SHI upon the development of this design of an LNG carrier with BV Cyber Managed Prepared notation. This announcement demonstrates it is a viable solution that will support the journey towards smart and autonomous ship technology and cyber security. We are also excited to see this cooperation pave the way for further successes for both SHI and BV in the development of technologies for smart and autonomous shipping and cyber security”.

Earlier this year, SHI signed an agreement with its compatriot Dae Sun Shipbuilding & Engineering to foster technology exchange in the field of smart and eco-friendly ships and share its smart ship system.

Source: offshore-energy.

French certification company Bureau Veritas has granted approval in principle (AiP) to a liquefied natural gas (LNG) carrier design from South Korea-based shipbuilding company Samsung Heavy Industries (SHI).

The design won AiP under Bureau Veritas’ Cyber Managed Prepared Notation, which confirms that the design aligns with the International Maritime Organization’s (IMO) 2021 norms for cyber security as well as the industry’s best practices.

SHI secured the AiP for its SVESSEL smart ship solution, making it the first shipbuilder to receive such approval.

The company’s solution supports comprehensive digitalisation of the vessel, along with its applications, to provide secure operations.

SHI vice-president Hyun Joe Kim said: “Strong cyber security is key to enable shipping to move on to the next level of digitalised and connected ships. For years, SHI has been at the forefront of innovative design and equipment, helping our clients address the risk of cyber-attacks while complying with the current rules and regulations.

“All the efforts and good collaboration with Bureau Veritas’ expertise led to the issuance of this AiP.”

Bureau Veritas marine and offshore technical and operations senior vice-president Laurent Leblanc said: “Bureau Veritas is proud to see the successful completion of this AiP with SHI upon the development of this design of an LNG carrier with Bureau Veritas Cyber Managed Prepared Notation. This announcement demonstrates it is a viable solution that will support the journey towards smart and autonomous ship technology and cyber security.”

At present, several SHI-built vessels feature SHI’s Cyber Security technology.

Source: ship-technology

As more of our lives move online, experts are warning people and businesses to be extra careful about data breaches, particularly as there is an uptick in cyber attacks with more people working from home.

October is Cyber Security Awareness Month.

“We’re seeing different types of cyber attacks, especially with work from home initiatives,” said Tillman Hodgson, president of the Kelowna-based data security firm SeekingFire Consulting.

“Even businesses that had robust security frameworks in place maybe didn’t take into account most of the workforce being at home,” he said.

Hodgson recommends keeping devices updated with the latest security patches and using unique accounts and passwords.

soruce:globalnews

As much of our lives go online, experts warn people and businesses to pay particular attention to data breaches. In particular, the number of cyber attacks that increase the number of people working at home is increasing.

October is Cyber ​​Security Awareness Month.

Tillman Hodgson, president of Kelowna-based data security company Seeking Fire Consulting, said:

“Even companies that have implemented robust security frameworks may not have taken into account most of their home-based employees,” he said.

Hodgson recommends keeping your device up-to-date with the latest security patches and using unique accounts and passwords.

According to a recent BC Chamber of Commerce survey, more than 60% of companies have experienced cyber breaches, but only three-quarters have reported them.

“When we think of cyber breaches, the typical impact we see is the impact on business productions that have been knocked out for some time,” he said.

“But there is also an impact on reputation, so there is an incentive to do things internally,” Hodgson said. “But in the long run, it really affects everyone.”

Hodgson suggested that businesses should spend about 4% of their revenue on security and privacy initiatives.

He said companies need to scrutinize how employees share data and make sure the data is safe.

Soruce:eminetracanada

Establishing public-private partnerships to support information sharing in defense of critical infrastructure and homeland security has been a challenge for over 20 years. We have enacted policy, created incentives, attempted to build bridges, and more to bring government and industry together to close the gaps in our national defense strategy. However, as recent attacks against our critical infrastructure have shown, we have not been successful.

Attempts to overcome public-private information silos have been reinvigorated by CISA’s establishment of the Joint Cyber Defense Collaborative (JCDC). The newly formed collaborative represents an unprecedented — and, as yet, untested — partnership between a variety of government agencies (including the Department of Homeland Security, Department of Defense, U.S. Cyber Command, and others) and private-sector partners (including Microsoft, Google, and Amazon). The JCDC has been tasked with “coordinating cyber defense capabilities to ensure a whole-of-nation approach to securing critical infrastructure and defending national interests,”^[1] aligning both commercial and government interests and marshaling the respective resources of both to defend against increasingly sophisticated cyber attacks against critical infrastructure.

The JCDC is a promising step toward building an effective coalition, but it is a futile exercise if it builds partnerships according to the same information sharing model that previously failed to deliver the kind of public-private collaboration needed to effectively anticipate and respond to attacks against critical infrastructure.

Consider the current hub-and-spoke model of information sharing. In this model, information is passed from discrete organizations (spokes) to a central hub, which analyzes, enriches, and anonymizes data as needed before sharing that data with other spokes. There are benefits to this model, but it also has significant limitations. First, it imposes a one-size-fits-all information sharing protocol on sharing communities with unique needs, resulting in uneven participation. It also slows down incident response time, as information must first pass through the hub before being shared outward with other spokes.

Most importantly, private sector entities have been hesitant of the federal government asking for — or in some instances, demanding — their data. Private sector entities are often unwilling to share information about vulnerabilities or cyber incidents because they don’t have confidence that their information will be properly protected. Should such data be breached, companies run the risk of negative publicity, compromised reputation, regulatory penalties, the loss of trade secrets, and — consequently — falling stock prices and lost revenue.^[2] In short, the private sector has many reasons to see information sharing with the federal government as counter to its best interests.

Historically, the government has resisted mandating threat-information sharing between public and private sectors, attempting instead to alleviate the private sector’s concerns and incentivize the voluntary sharing of information.^[3] However, legislation currently being advanced on Capitol Hill requires the private sector to swiftly report hacks to CISA, with noncompliant companies facing subpoena or even potential penalties if they fail to do so within the mandatory reporting timeframe. In forcing companies to “report hacks or else,” CISA would compromise the public-private information-sharing partnerships currently being cultivated through the JCDC, leaving us right back where we started.

Director Jen Easterly has been clear that CISA is not and should not become a regulatory or enforcement agency and that its goal is to act as a trusted partner.^[4] However, even if it does not compel information sharing, in establishing itself as a central hub and prioritizing receiving threat information from the public sector, CISA runs the risk of developing asymmetrical partnerships plagued with all the old challenges.

Instead, CISA should work to establish partnerships according to a point-to-point distributed model in which information is shared freely among both private and public stakeholders in the national cyber defense mission. In the point-to-point distributed model, no single organization controls the inflow and outflow of threat information, and vertical partnerships between public sector entities and CISA are deprioritized in favor of horizontal partnerships among critical infrastructure owners and operators, government agencies (including CISA), and other cybersecurity partners. As a result, information can be shared at an operational tempo and according to an individual community’s specific needs rather than the needs of the hub.

The point-to-point distributed model more closely reflects how communities already work together — independently of the federal government — to protect their own infrastructure and resources. As such, supporting a point-to-point model is a more efficient use of both regional and federal resources than compelling communities to adopt new sharing practices and standards. In fact, many of CISA’s current resource investments already support a point-to-point distributed model.

Specifically, in recent months the agency has focused on recruiting industry leaders into cybersecurity advisor positions tasked with bringing together regional critical infrastructure owner/operators with federal, state, local, and other stakeholders. CISA has wisely focused on recruiting advisors who are already embedded within their assigned region and who, as a result, already have longstanding community ties. Unsurprisingly, many of these advisors are former National Guardsmen, who have been engaging and defending their communities from cyber attack while simultaneously working within the private sector. As such, the National Guard serves as an excellent example of the kind of community collaboration that already exists and that can be resourced by CISA via a point-to-point distributed model.

That said, the most immediate and useful resource CISA has to offer is the wealth of unclassified information that it currently owns. Offering this information to its private-sector partners without compelling information sharing in return would better enable CISA’s regional cybersecurity advisors to build stakeholder relationships on a foundation of trust rather than policy. It would also position CISA as a participant within a broader community of sharing communities rather than as a regulator of a governmental information sharing process. In short, the hub-and-spoke model may empower CISA, but a new distributed model can better empower the national defense effort as a whole.

As a country, we have an incredible number of resources and partnerships at our disposal, and this puts us at a significant advantage in the cyber fight. However, if we want to outpace increasingly sophisticated cyber warfare, we are going to need to observe globally, protect nationally, and defend locally.

Soruce:hstoday

This article is the third in a series that the Coast Guard will be publishing in recognition of Cybersecurity Awareness Month. Now in its 18th year, Cybersecurity Awareness Month emphasizes the importance of cybersecurity and cyber risk management across all critical infrastructure, especially the Marine Transportation System (MTS).

Cybersecurity incidents are becoming an increasingly frequent occurrence and can have significant impacts, as evidenced by the recent Solar Winds incident and the attack on Colonial Pipeline.

The maritime community is not immune from cybersecurity incidents with several events resulting in reduced operations and financial losses for maritime businesses. Cyber hygiene is the first line of defense in a cyber risk management plan and involves the processes one uses to protect access to an information network.

The first step for good cyber hygiene is password management. This includes:

• changing a password frequently
• ensuring that the password is complex
• and limiting users who have administrative level access

Recent Coast Guard inspections revealed cybersecurity risks from poor cyber hygiene. Examples include:

• passwords semi-permanently attached to the equipment they are used on
• printed emails noting that a password has changed lying in plain view
• and sharing user accounts to display electronic vessel certificates or reference Safety Management System documents

soruce:workboat