SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP

Slides:

Advertisements

Similar presentations

E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.

Advertisements

Cloud computing security related works in ITU-T SG17

INPO Update CMBG Meeting June 2013

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Christopher Cotter Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs Representative Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Dubai Government Policies for Enhancing the Competitiveness of Multimodal Transportation and Logistics Cluster June 2014.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

1 High Level Panel on Double Hull Tankers Ib Matthiesen – Head of Unit INTERTANKO – Athens Tanker Event 2005.

“The Cruise Industry’s Efforts to Enhance Passenger ShiP SAFETY” Bud Darr SVP, Technical and Regulatory Affairs May 28, 2015 Miami, Florida BAHAMAS SHIPOWNERS.

IUMI International Union of Marine Insurance IUMI in a Nutshell Organization, Work and Current Developments IUMI Executive Committee Spring Meeting, Istanbul.

Leading the way; making a difference Latin American Panel October 31, 2012 UPDATE ON PIRACY Joseph Angelo Deputy Managing Director.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG

A PRESENTATION TO THE SELECT COMMITTEE ON PUBLIC SERVICES (NCOP) 24 OCTOBER 2007 BY MPATLISENG RAMAEMA CHIEF DIRECTOR: MARITIME TRANSPORT REGULATION DEPARTMENT.

SEC835 Database and Web application security Information Security Architecture.

Information Security Issues at Casinos and eGaming

GWS SMS INTRODUCTION MSM Manual. 3. MISSION STATEMENT AND CORE VALUES OF THE COMPANY  MISSION  Our Mission is to provide expertise in the fields of.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

October 2009 Klaus Grensemann, Division WS 23 St. Petersburg 1 Development and Implementation of an Overall E-Navigation Strategy.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Brussels, 4 June 2010 Introduction I. HOTREC – an umbrella II. HOTREC Fire safety Project.

Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.

1 World Meteorological Organization Ship owners and masters concerns with regard to VOS data exchange WMO-EC LVIII, June 2006 –No reclassification (Res.

Risk Management in the Built Environment Qualitative and Quantitative Risk Management By Professor Simon Burtonshaw-Gunn – licensed under the Creative.

Status Report for Critical Infrastructure Protection Advisory Group

Part-financed by the European Union (European Regional Development Fund) “Maritime Spatial Planning - Shipping and Ports in the Baltic Sea” Pan-Baltic.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

INTERCARGO International Association of Dry Cargo Shipowners Presentation to the Public Forum, Anchorage March 29th, 2005.

INTERCARGO Bulk Carriers and Maritime Labour Conventions Rob Lomas Secretary General June 2010.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

VIII INTERNATIONAL SEMINAR RUSSIAN MARITIME REGISTER OF SHIPPING MARINE ENVIRONMENT SAFETY MANAGEMENT JOSEPH ANGELO DIRECTOR REGULATORY AFFAIRS AND THE.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

Standardization, Software, Integrated Navigation & Integrated Radio Communication Systems - developments on the bridge Frances Baskerville Secretary-General,

SecSDLC Chapter 2.

The Fifth Extraordinary International Hydrographic Conference Monaco 7 October 2014 John Murray Director - Marine International Chamber of Shipping 1.

CYBER SECURITY Industry guidelines for use on- board ships Mr Angus Frew, Secretary General.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

AMERICAN PILOTS ASSOCIATION OCTOBER 22, 2008 INTERTANKO PARTNERING WITHPILOTS JOSEPH ANGELO DEPUTY MANAGING DIRECTOR.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.

Tanker industry from the shipowners and safety perspective

ECDIS and safety Dr. Phillip Belcher

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Principles Identified - UK DfT -

Workshop on E-waste Recycling and Refurbishing: Environmentally Sound Management Practices Guidance Supporting Environmentally Sound Management (ESM)

MEM Cybersecurity Working Group Update to PCD Technical Committee

ISSeG Integrated Site Security for Grids WP2 - Methodology

Cybersecurity - What’s Next? June 2017

MEM Cybersecurity Working Group Update to PCD Technical Committee

Ship Construction File CESA Seoul, September 2009

Hydrographic Services and Standards Committee

Protective Security Advisor Program Brief

Activities affecting HSSC

Understanding Existing Standards:

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

NERC Cyber Security Standard

Cyber Security - tackling the risks involved

Status report from UNECE Task Force on Cyber Security &

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Hydrographic Services and Standards Committee

CIRM Presentation Raytheon Anschütz Distributor Meeting 2016

The NIS Directive and Cybersecurity in Maritime

Presentation transcript:

SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP Development of cyber security guidelines Aron Sorensen, Chief Marine Technical Officer

BIMCO at a glance WWW.BIMCO.ORG Founded in 1905 - 2,300 members in around 130 countries Membership – includes shipowners, operators, managers, brokers and agents Developing industry standards, and providing quality technical information, advice and education Advocating the oppinion of our members at IMO, ISO, IALA, IHO etc. WWW.BIMCO.ORG

Today’s Cyber presentation Background for industry guidelines What to consider and what not to do Risk based guidelines

2013 – 2014 Information gathering BIMCO’s work In 2013, the BIMCO Executive Committee highlighted the importance of cyber security 2013 – 2014 Information gathering with the view to deal with cyber security needs and challenges in the maritime sector In March 2014, cyber security added to the agenda of the Marine Committee and the Security Committee Decided to develop industry guidance on cyber security for ships

Risks on board ships Lack of software and system monitoring Outdated software Insiders introducing malware by storage devices etc. Lack of access-control for computers and networks Remote attacks by criminals Unprotected or badly designed hardware and networks

Ships are vulnerable to cyber attacks Ships chartered to 3rd party operators The Shipowner does not have control over the IT systems required by the charterer Historically ships have been offline Today cyber security cannot be “controlled” through avoidance of connectivity Critical data pertaining to cargo is passed through numerous land-side entities Penetration of just one entity can result in any data element being compromised A high reliability on IT systems related to safety ECDIS and satellite receivers make a ship susceptible to either penetration or jamming

Attacking a ship will not stop word trade A ship is an independent unit and a cyber attack may compromise safety of that ship, the marine environment and to some extent, the business continuity of the owner To a large extent the crew will use the same contingency plans as for any other emergency if the ship is compromised

Agility needed Cyber attacks techniques develop constantly so mitigating measurers will also have to change constantly IMO regulation would be too slow Type approval of software is not the way forward, as it is a static process We see industry best management practice as the way to cope with cyber security

Cyber security should be carefully considered: Special attention Cyber security should be carefully considered: When taking over a new building and buying used tonnage In connection with on-board software maintenance When dealing with an always open on-line connection

It starts during construction of the ship Producer should have a QA system for software lifecycle activities, which specifies cyber-security considerations Ships networks should be configured to have controlled and uncontrolled networks

Risk based approach needed Some organisations, ships and systems may be more at risk than others, depending on the type and value of data stored To manage risks, ships’ personnel and owners should understand the probability for an event to occur and the resulting impact

The Industry Guidelines on Cyber Security on board Ships The guidance to ship owners and operators includes how to: minimize the risk of a cyber-attack through user access management protect on board systems develop contingency plans and manage incidents if they do occur

Training and awareness Cyber mitigation Technical Training and awareness Remoteness Procedures

IMO process started At MSC 94 (November 2014), USA and Canada recommended development of voluntary guidelines for ports, ships, and other parts of maritime transportation system BIMCO informed that we were working on guidance for shipowners and crew on operational aspects of cyber security on-board ships Update paper by BIMCO, ICS, INTERTANKO and INTERCARGO submitted to MSC 95 (June 2015) Includes the scope of the industry guidance on cyber security for ships Intention to present the finalized guidelines to MSC 96

Related work Working with CIRM since 2013 on a draft industry standard for Maintenance and update of programmable electronic systems The cyber work and the CIRM work are interrelated and coordination is essential Industry stakeholders should develop, manage and update computer-based systems onboard ships in a secure way

Conclusions Awareness needed in the industry Ships are exposed to cyber-threats calling for a risk based approach Industry Guidance will be submitted to MSC 96 Cyber crime is developing all the time and we need to keep up Cyber security considerations should start at the software production stage and cyber robustness considerations should be made when the ship is constructed

Questions?