Cyber Security Workbook for On Board Ship Use

Cyber Security Workbook for On Board Ship Use

The maritime industry has done much to embrace digitisation in recent years. Cost savings and efficiencies are always welcome but, as with every benefit, there are potential pitfalls to overcome.

Cyber security in the maritime domain has become a hot topic in the last two years. While many felt immune to the threats posed by cyber criminals – be they organised criminal gangs or malicious hackers – the NotPetya ransomware incident which affected Maersk in 2017 and a number of similar incidents involving major ports have underlined the risks to businesses in the maritime domain. No-one is safe, given attacks can be directly targeted or simply part of a cascade effect at a supplier or third party company.

Shipping companies are uniquely exposed in this regard. Not only do they face the same risks at head office as any other shore-based industry, they also have fleets to protect from malicious attack and supply chains which can all be impacted directly or indirectly by a cyber incident. Flag states, industry bodies and the commercial sector have generally been quick to offer guidance, services and products to mitigate the risk, but actual, practical advice has often been rather scarce. Thankfully, that is no longer the case.

Witherby Publishing, in association with BIMCO and the International Chamber of Shipping, has produced the Cyber Security Workbook for On Board Ship Use, and I have to say I’m extremely impressed.

Aimed initially at Masters and senior officers, the Workbook will hopefully become an industry standard and makes useful reading for anyone in shipping. It is aligned with the guidelines produced by the International Maritime Organisation (IMO) Resolution MSC.428 (98) and other IMO guidelines and is essentially a thoroughly practical guide for cyber security on board a vessel.

Beginning with risk identification and the most common threats and attack vectors, from malware to crew USB sticks and social engineering, the Workbook breaks down each topic into easily read sections before delving deeper into protection and prevention. High on this list is crew training, something which is essential but often not followed up on or repeated. As the threats posed by cyber attack and the methodology itself evolves, so too should the training offered.

What really does impress are the checklists (and Masters should note that the Workbook comes in ring binder format, which will allow the various checklists to be photocopied for ongoing use). These checklists are incredibly thorough, from crew training to detecting a cyber incident to the incident response. The section on detecting, responding and recovering ship’s business systems, for example, is over 40 pages long and contains checklists and guidance aimed at ensuring operational continuity after an incident on board.

Virtually no ship system is left uncovered, and it’s hoped that this Workbook becomes the standard for on board use. It’s concise and extremely relevant and will definitely impress any maritime CISO with the depth it goes in to. An absolute must have for any Captain or Master who wants to protect their vessel from potential cyber intrusion.

The company has produced a short video introduction to the book:

For more information or to purchase the Workbook, please click here.




European maritime sector gets port cybersecurity guide

The European Union’s Agency for Cybersecurity published on 26 November a guidance for ports to strengthen their cybersecurity.

Because of the economic importance of ports in EU trade, they must integrate cybersecurity to ensure their safety, security, compliance and commercial competitiveness.

To continue reading, please click here.


Naval Dome S-Model cyber protection introduced

By Baibhav Mishra

To facilitate shipowner demand for an immediate cyber security solution for critical systems, Naval Dome has introduced a new software-based cyber protection that can be easily installed on all ship, port, or offshore OT systems, including navigational equipment, machinery control systems and cargo handling equipment.

S-Marine Dome and S-Port Dome are aimed at those ship, offshore energy and terminal operators requiring instant protection without having to go through lengthy type approval processes or can no longer afford to wait for suppliers to upgrade or replace critical systems.

To continue reading, please click here.


Cost of Cyber Attack on Asia-Pacific Ports Could Reach $110 Billion

In a globally interconnected world, in which supply chains extend across both countries and continents, it only makes sense to consider the potential risks to those supply chains from a massive cyber attack. What happens, for example, if malicious threat actors decide to launch a cyber attack against the maritime ports of the Asia-Pacific region, which is home to 9 of the world’s top 10 container ports? Insurance company Lloyd’s of London, in partnership with the University of Cambridge Centre for Risk Studies and the Cyber Risk Management (CyRiM) project at Singapore’s Nanyang Technological University, has simulated such a theoretical attack, and projected that the cost of cyber attack could reach $110 billion in a worst-case scenario.

To continue reading, please click here.


BIMCO And ICS Publish New Cyber Security Guide For Crew On Board

The digitalisation of maritime operations and the reliance on technology and network connectivity for daily onboard and on shore operations means that shipping is vulnerable to the threat of cyber incidents.

To help crew prepare, both on the bridge and in the engine room, the new “Cyber Security Workbook for On Board Ship Use” includes several checklists of how to protect, detect, respond and recover from a cyber incident, and thereby offers a practical and easy to use guide for the master and the officers.

To continue reading, please click here.


Plymouth to host maritime cyber security research facility

Sam Chambers

A new research facility designed to address the key cyber security challenges facing the shipping industry is being established at the University of Plymouth.

The £3m Cyber-SHIP Lab, supported by funding from Research England, part of UK Research and Innovation, and industry, will bring together a host of connected maritime systems currently found on an actual ship’s bridge.

To continue reading, please click here.


MPA Tables Major Cybersecurity Collaboration

By Max Schwerdtfeger

The Maritime Port Authority of Singapore (MPA) has tabled a proposal to form and lead an initiative to increase maritime security called the ‘Port Authorities Chief Information Officer Cybersecurity Network” (PACC-Net).

The proposal was made at the 5th Edition of the Port Authorities (PAR) 2019 and the initiative will look to enhance cybersecurity awareness in the maritime sector and facilitate early sharing of cyber-attack information to counter threats.

To continue reading, please click here.