Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security - tackling the risks involved

Published byCoral Cain Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security - tackling the risks involved"— Presentation transcript:

1 Cyber Security - tackling the risks involved
Ashok Srinivasan Manager, Maritime Technology and Regulation E-Nav underway 2019

2 Who we are and what we do.. BIMCO is the world’s largest international shipping association, with around 2,000 members in more than 120 countries. Our global membership includes shipowners, operators, managers, brokers and agents. Contracts and Clauses (from shipbuilding to recycling) Information on website ( Cargo databases, KPI system, Regulatory and technical content) Training – In-depth and high level training on commercial matters Support and advice Martech – Technical and regulatory affairs Talk more about the tech department

3

4 Cyber Security Cyber incident types , real life cases
IMO work and the regulatory enviroment Industry Cyber security guidelines (3rd version) What is new in this version Steps that should be taken to make Cyber resilient ships

5 Cyber Survey by BIMCO and IHS Markit
2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

6 Budget Allocation on Cyber Security
2018 survey 2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

7 Cyber incidents have been happening
Ship agent and shipowner ransomware incident Main application server infected by ransomware Worm attack on maritime IT and OT Crash of integrated navigation bridge at sea Navigation computer crash during pilotage Bunker surveyor’s access to a ship’s administrative network Unrecognised virus in an ECDIS delays sailings Increase line spacing

8 A complex network A single protection layer might not be enough. Systems should be designed keeping security in mind and more layers of security is essential. Picture source: Inmarsat

9 Cyber Security at IMO Regulation : MSC, at its 98th session in June 2017, adopted Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems. Encourages administrations/companies to include Cyber risk management in their SMS no later than first annual verification of DOC after 1 January 2021 The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021 (audit and PSC from 2022). st version -BIMCO and the Industry have been very active and gave tech advice

10 Regulatory space Regulation :
IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management The important links in an effective cybersecurity management Should start at senior management level Effective cyber risk management Culture of risk awareness at all levels Constant and effective feedback mechanisms Version 3 is aligned with these guidelines

11 Guidelines Guidelines on Cyber Security on board Ships issued by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and WSC. IEC standard on Information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework). All other guides on IT IT – data OT – real ships

12 Cyber Survey by BIMCO and IHS Markit
2019 survey is under preparation – more detail into education and training – Type of attack and how they handled it inside the company Result will be out during NOR shipping – released in a month’s time Striking – spending less than 10K Under reporting – because it can cause a damage to the company reputation The law GDPR – you only have to let the individual when there is a significant risk. Source: IHS Markit

13 Accepted by shipowners, classification societies and the International Maritime Organisation

14 The differences Version 3 Version 2 Animate to bring the difference.

15 The differences between v2 and v3
1.1 Differences between IT and OT systems 1.3 Relationship between ship manager and shipowner 1.4 The relationship between the shipowner and the agent 1.5 Relationship with vendors Annex 2 Cyber risk management and the safety management system Animate to bring the difference.

16 Annex 2: Cyber risk management and safety management system
Links the Cyber risk mangement to the ISM code (step by step)

17 Annex 2: Cyber risk management and safety management system
Example: Industry Guidelines: 1.1 connects with ISM Code: Update the safety and environment protection policy to include reference to the risk posed by unmitigated cyber risks. OT – directly connects safety and environmental

18 Human factor in Cyber incident
Cyber attack can spread very quickly between ships and offices Disconnection procedure should not be long Just have a simple network cable disconnection or a simple stop switch Seafarer- Accident – Complexity -

19 Equipment software should be designed with cyber risks in mind
Annex 2 - Cyber risk management and safety management system Cyber resilient ships Equipment software should be designed with cyber risks in mind Ships should be built in a cyber resilient way The cyber risk must be managed by the shipowner

20 International Association of Classification Societies (IACS) recommendations on how to build new cyber resilient ships Recommendation 1 'Software Maintenance' Recommendation 2 ‘Manual Backup’ Recommendation 3 'Contingency Post Failure' Recommendation 4 'Network Architecture' Recommendation 5 'Data Assurance' Recommendation 6 'Physical Security' Recommendation 7 'Network Security' Recommendation 8 'Vessel System Design ' Recommendation 9 'Programmable System Equipment Inventory' Recommendation 10 'Integration' Recommendation 11 'Remote Update / Access' Recommendation 12 'Communication and Interfaces' Industry recommends to bring this into 1 or 2 To become mandatory

21 In the era of digitalization, the approach to cyber security should be proactive and not reactive.
Build cyber resilient ships Keep the software updated and do it the right way Prepare SMS, Implement the cyber policies and procedures and make them a way of life. Just like personal safety! The way forward ?

22 For more information, please contact: martech@bimco. org / asr@bimco
For more information, please contact: /

Download ppt "Cyber Security - tackling the risks involved"

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.

E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
REGULATIONS and STANDARDISATION an example from CEN/TC 12.

REGULATIONS and STANDARDISATION an example from CEN/TC 12.
Shipping Community Bureau Veritas Training Course For the benefit of business and people.

Shipping Community Bureau Veritas Training Course For the benefit of business and people.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Good Hygiene Practices along the coffee chain The Codex General Principles of Food Hygiene Module 2.3.

Good Hygiene Practices along the coffee chain The Codex General Principles of Food Hygiene Module 2.3.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
IACS Requirements.

IACS Requirements.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
2006-03-04 Classification Societies – Contribution to Martime Safety Gesa Heinacher-Lindemann LL.M., Legal Director.

Classification Societies – Contribution to Martime Safety Gesa Heinacher-Lindemann LL.M., Legal Director.
Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG 2011 1.

Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Laboratory Biorisk Management Standard CWA 15793:2008

Laboratory Biorisk Management Standard CWA 15793:2008

Similar presentations

Ads by Google