Cyber Security - tackling the risks involved

Slides:



Advertisements
Similar presentations
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Advertisements

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
REGULATIONS and STANDARDISATION an example from CEN/TC 12.
Shipping Community Bureau Veritas Training Course For the benefit of business and people.
Computer Security: Principles and Practice
Good Hygiene Practices along the coffee chain The Codex General Principles of Food Hygiene Module 2.3.
Session 3 – Information Security Policies
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
IACS Requirements.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Classification Societies – Contribution to Martime Safety Gesa Heinacher-Lindemann LL.M., Legal Director.
Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
Laboratory Biorisk Management Standard CWA 15793:2008
1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
BIMCO driving – Maritime Environmental & Efficiency Management BIMCO seminar – in association with Fathom 2 June , Nor Shipping, Norway.
INTERTANKO’s proposal for an Interim Strategy on Ship Recycling EMSA Workshop Lisbon, 21 st September 2006
Presented by : Miss Vrindah Chaundee
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 World Meteorological Organization Ship owners and masters concerns with regard to VOS data exchange WMO-EC LVIII, June 2006 –No reclassification (Res.
INTERCARGO International Association of Dry Cargo Shipowners Presentation to the Public Forum, Anchorage March 29th, 2005.
Randy Beavers CS 585 – Computer Security February 19, 2009.
INTERTANKO LATIN AMERICAN PANEL MARITIME SECURITY: LATEST DEVELOPMENTS LATEST DEVELOPMENTS AT IMO JOSEPH J. ANGELO DIRECTOR, REGULATORY AFFAIRS AND THE.
SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP
Software Integrity and Cyber Security NAMEPA: Managing Change in a Changing World Jim Watson Division President & COO, Americas Division Management New.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.
Chapter 8 Auditing in an E-commerce Environment
Leading the way; making a difference NOx Tier III requirements 1. 1.The NOx Tier III enforcement date of 1 January 2016 is kept for already designated.
ISM Code 2010: Part A - Implementation Malcolm Maclachlan.
CYBER SECURITY Industry guidelines for use on- board ships Mr Angus Frew, Secretary General.
Information Security tools for records managers Frank Rankin.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Security in Laurier Grant Li Wilfrid Laurier University.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
IS YOUR ORGANISATION’S INFORMATION SECURE?
Cybersecurity - What’s Next? June 2017
French Port Cybersecurity Initiative
Information Security Awareness
Introduction to the Federal Defense Acquisition Regulation
GDPR Awareness and Training Workshop
Hydrographic Services and Standards Committee
I have many checklists: how do I get started with cyber security?
Cyber Security in Ports Business as Usual?
The session will commence at Please mute your microphone
BACKGROUND 1987 Joint MSC/MEPC working group on:
Safety Management System Implementation
How to build your Integrated
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Technology Department Annual Update
DSC Contract Management Committee Meeting
Hydrographic Services and Standards Committee
Security in the Real World – Plenary Day One
CIRM Presentation Raytheon Anschütz Distributor Meeting 2016
Aerodrome Certification Workshop
The state of digital supplier risk management: In partners we trust
Keith Manch Director of Maritime New Zealand
Presentation transcript:

Cyber Security - tackling the risks involved Ashok Srinivasan Manager, Maritime Technology and Regulation Email: asr@bimco.org E-Nav underway 2019

Who we are and what we do.. BIMCO is the world’s largest international shipping association, with around 2,000 members in more than 120 countries. Our global membership includes shipowners, operators, managers, brokers and agents. Contracts and Clauses (from shipbuilding to recycling) Information on website ( Cargo databases, KPI system, Regulatory and technical content) Training – In-depth and high level training on commercial matters Support and advice Martech – Technical and regulatory affairs Talk more about the tech department

Cyber Security Cyber incident types , real life cases IMO work and the regulatory enviroment Industry Cyber security guidelines (3rd version) What is new in this version Steps that should be taken to make Cyber resilient ships

Cyber Survey by BIMCO and IHS Markit 2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

Budget Allocation on Cyber Security 2018 survey 2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

Cyber incidents have been happening Ship agent and shipowner ransomware incident Main application server infected by ransomware Worm attack on maritime IT and OT Crash of integrated navigation bridge at sea Navigation computer crash during pilotage Bunker surveyor’s access to a ship’s administrative network Unrecognised virus in an ECDIS delays sailings Increase line spacing

A complex network A single protection layer might not be enough. Systems should be designed keeping security in mind and more layers of security is essential. Picture source: Inmarsat

Cyber Security at IMO Regulation : MSC, at its 98th session in June 2017, adopted Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems. Encourages administrations/companies to include Cyber risk management in their SMS no later than first annual verification of DOC after 1 January 2021 The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021 (audit and PSC from 2022). 2016- 1st version -BIMCO and the Industry have been very active and gave tech advice

Regulatory space Regulation : IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management The important links in an effective cybersecurity management Should start at senior management level Effective cyber risk management Culture of risk awareness at all levels Constant and effective feedback mechanisms Version 3 is aligned with these guidelines

Guidelines Guidelines on Cyber Security on board Ships issued by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and WSC. IEC 27001 standard on Information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework). All other guides on IT IT – data OT – real ships

Cyber Survey by BIMCO and IHS Markit 2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

Accepted by shipowners, classification societies and the International Maritime Organisation

The differences Version 3 Version 2 Animate to bring the difference.

The differences between v2 and v3 1.1 Differences between IT and OT systems 1.3 Relationship between ship manager and shipowner 1.4 The relationship between the shipowner and the agent 1.5 Relationship with vendors Annex 2 Cyber risk management and the safety management system Animate to bring the difference.

Annex 2: Cyber risk management and safety management system Links the Cyber risk mangement to the ISM code (step by step)

Annex 2: Cyber risk management and safety management system Example: Industry Guidelines: 1.1 connects with ISM Code: 3.2 Update the safety and environment protection policy to include reference to the risk posed by unmitigated cyber risks. OT – directly connects safety and environmental

Human factor in Cyber incident Cyber attack can spread very quickly between ships and offices Disconnection procedure should not be long Just have a simple network cable disconnection or a simple stop switch Seafarer- Accident – Complexity -

Equipment software should be designed with cyber risks in mind Annex 2 - Cyber risk management and safety management system Cyber resilient ships Equipment software should be designed with cyber risks in mind Ships should be built in a cyber resilient way The cyber risk must be managed by the shipowner

International Association of Classification Societies (IACS) recommendations on how to build new cyber resilient ships Recommendation 1 'Software Maintenance' Recommendation 2 ‘Manual Backup’ Recommendation 3 'Contingency Post Failure' Recommendation 4 'Network Architecture' Recommendation 5 'Data Assurance' Recommendation 6 'Physical Security' Recommendation 7 'Network Security' Recommendation 8 'Vessel System Design ' Recommendation 9 'Programmable System Equipment Inventory' Recommendation 10 'Integration' Recommendation 11 'Remote Update / Access' Recommendation 12 'Communication and Interfaces' Industry recommends to bring this into 1 or 2 To become mandatory

In the era of digitalization, the approach to cyber security should be proactive and not reactive. Build cyber resilient ships Keep the software updated and do it the right way Prepare SMS, Implement the cyber policies and procedures and make them a way of life. Just like personal safety! The way forward ?

For more information, please contact: martech@bimco. org / asr@bimco For more information, please contact: martech@bimco.org / asr@bimco.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.