MPA Tables Major Cybersecurity Collaboration

By Max Schwerdtfeger

The Maritime Port Authority of Singapore (MPA) has tabled a proposal to form and lead an initiative to increase maritime security called the ‘Port Authorities Chief Information Officer Cybersecurity Network” (PACC-Net).

The proposal was made at the 5th Edition of the Port Authorities (PAR) 2019 and the initiative will look to enhance cybersecurity awareness in the maritime sector and facilitate early sharing of cyber-attack information to counter threats.

To continue reading, please click here.

Source: porttechnology.org

Advertisements

Cyber Hack: Fortifying Maritime, Port Security

Andrew Kinsey

The United States Coast Guard Marine Safety Alert 06-19 (USCG MSA 06-19) outlines a February 2019 incident aboard a deep draft commercial vessel that called on the Port of New York / New Jersey after experiencing a significant cyber incident that impacted their shipboard network. 

The Safety Alert stated in part:
“An interagency team of cyber experts, led by the Coast Guard, responded and conducted an analysis of the vessel’s network and essential control systems. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted. Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities.”

To continue reading, please click here.

Source: marinelink.com

Autonomous Shipping – Cyber Hazards Ahead

By Jeffery Mayger

If autonomous vessels are the future of maritime shipping, then cyber threats may be its Achilles heel. 

Congested shipping, restricted visibility, limited maneuverability, and intensive docking activities all contribute to port hazards – 42 percent of EU reported marine accidents (injury/death/damage to ships) took place in port areas and 44 percent of workboat fatalities occurred on Tugs. Autonomous shipping should provide numerous benefits including increased safety by relieving crewmembers of unsafe and repetitious tasks. Yet, with cyberattacks threatening every industry, this nascent technology is a large target. If autonomous vessels are the future of maritime shipping, then cyber threats may be its Achilles heel.

To continue reading, please click here.

Source: marinelink.com

Safety At Sea And BIMCO Publish Cyber Security White Paper

Safety at Sea, its parent company IHS Markit and its partner BIMCO, have been conducting surveys for years and the white paper, supported by ABS Advanced Solutions, combines an analysis of four years (2016-2019) of survey findings and feedback from experts and matches them to cyber behaviour and investment trends observable in the wider maritime industry.

Gathering knowledge of cyber security is an important tool and will benefit the entire industry.

“BIMCO takes cyber security very seriously and we are continually working on raising awareness among shipowners about cyber risks and how to prepare for cyber incidents” says Aron Sørensen, head of Maritime Technology & Regulation at BIMCO.

To continue reading, please click here.

Source: hellenicshippingnews.com

Coast Guard Warns Shipping Firms of Maritime Cyberattacks

Robert Lemos

A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.

In February 2019, a large ship bound for New York City radioed the US Coast Guard warning that the vessel was “experiencing a significant cyber incident impacting their shipboard network.” 

The Coast Guard led an incident-response team to investigate the issue and found that malware had infected the ships systems and significantly degraded functionality. Fortunately, essential systems for the control of the vessel were unimpeded.

To continue reading, please click here.

Source: darkreading.com

The MCERT and Lampe & Schwartze launch Maritime Cyber Insurance Partnership

An industry first – Leading marine underwriter Lampe & Schwartze join the advisory board of the Maritime Cyber Emergency Response Team (MCERT) and announce their new Ship Owner’s Marine Cyber Cover (SOMCC) covering exclusion Clause 380.

Leading marine underwriter Lampe & Schwartze has joined the advisory board of the Maritime Cyber Emergency Response Team (MCERT). Today’s announcement took place at a reception for insurance brokers and vessel operators hosted by Lampe & Schwartze at the Hafen Club in Hamburg. Guest speakers included Norton Rose Fulbright, Verein Hanseatischer Transportversicherer (VHT), and from the MCERT, Wärtsilä and Templar Executives.

The MCERT partnership underpins the formal launch of Lampe & Schwartze Marine Unit’s (L&S MU) new Ship Owner’s Marine Cyber Cover (SOMCC) covering exclusion Clause 380, and provides the basis for a joint approach to protect the maritime industry, especially shipowners, from cyber attacks. MCERT is one of the first companies providing a trusted platform for industry wide collaboration on cyber incident reporting and response and sharing of threat intel, especially for the maritime sector.

‘We are delighted to welcome Lampe & Schwartze onto our Advisory Board. This is the culmination of months working together to incorporate MCERT as an integral part of the process for the cyber cover eligibility,’ said Andrew Fitzmaurice, CEO at Templar Executives.

Mark Milford, VP Cyber Security at Wärtsilä added, ‘This exciting partnership with Lampe & Schwartze brings a new dimension and is a great example of how the MCERT is enabling collaboration and adopting solutions by leading industry players for the industry.’

Anu Khurmi who has been leading the MCERT collaboration with Lampe and Schwartze commented, ‘‘At a time when digitisation and automation are shaping the future of the maritime industry, the spectre of cyber attacks is becoming ever more prominent. Marine insurance has a critical role in facilitating and safeguarding international maritime trade especially if it enables best practices in cyber hygiene and resilience throughout the entire ecosystem.  Lampe & Schwartze are leading experts in complex transport and maritime risks, providing highly specialised insurance concepts such as their ground-breaking SOMCC offering’.

‘Our Ship Owner’s Marine Cyber Cover provides certainty in scope of insurance cover and is a standalone insurance policy covering the exclusions of the clause 380 in hull & machinery policies. Our exciting partnership with MCERT will provide international cyber incident reporting and response and ensure due diligence on vessel operators taking out the SOMCC. In addition, the MCERT has a key role in providing daily alerts and global threat intel which will further help in loss prevention and cyber risk mitigations.’  stated Hans-Christoph Enge, Managing Partner of L&S MU.

In case of a claim or incident, a co-operation between the MCERT and Verein Hanseatischer Transportversicherer (VHT), the tried and tested Hull & Machinery Claims Organization of the German Market, will guarantee a combination of technical, nautical and cyber security know-how thus giving a holistic 24/7 response line. The insurance capacity for the cover is provided by renowned German direct insurer and reinsurers.

Source: templarexecs.com

Hack The Sea: Bridging the gap between hackers and the maritime sector

Zeljka Zorz

There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry.

The limitations that keep that number low are obvious: both the specialized knowledge and equipment is difficult to come by. And, as Ken Munro of UK-based Pen Test Partners told us a year ago, not many people move from shipping into pentesting (and into information security in general).

But things are looking up for those who are interested: at this year’s DEF CON conference in Las Vegas, a maritime hacking village dubbed Hack The Sea will welcome them and offer all kinds of help.

To continue reading, please click here.

Source: .helpnetsecurity.com