Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP

Published byGarry Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP"— Presentation transcript:

1 SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP
Development of cyber security guidelines Aron Sorensen, Chief Marine Technical Officer

2 BIMCO at a glance WWW.BIMCO.ORG
Founded in ,300 members in around 130 countries Membership – includes shipowners, operators, managers, brokers and agents Developing industry standards, and providing quality technical information, advice and education Advocating the oppinion of our members at IMO, ISO, IALA, IHO etc.

3 Today’s Cyber presentation
Background for industry guidelines What to consider and what not to do Risk based guidelines

4 2013 – 2014 Information gathering
BIMCO’s work In 2013, the BIMCO Executive Committee highlighted the importance of cyber security 2013 – 2014 Information gathering with the view to deal with cyber security needs and challenges in the maritime sector In March 2014, cyber security added to the agenda of the Marine Committee and the Security Committee Decided to develop industry guidance on cyber security for ships

5 Risks on board ships Lack of software and system monitoring
Outdated software Insiders introducing malware by storage devices etc. Lack of access-control for computers and networks Remote attacks by criminals Unprotected or badly designed hardware and networks

6 Ships are vulnerable to cyber attacks
Ships chartered to 3rd party operators The Shipowner does not have control over the IT systems required by the charterer Historically ships have been offline Today cyber security cannot be “controlled” through avoidance of connectivity Critical data pertaining to cargo is passed through numerous land-side entities Penetration of just one entity can result in any data element being compromised A high reliability on IT systems related to safety ECDIS and satellite receivers make a ship susceptible to either penetration or jamming

7 Attacking a ship will not stop word trade
A ship is an independent unit and a cyber attack may compromise safety of that ship, the marine environment and to some extent, the business continuity of the owner To a large extent the crew will use the same contingency plans as for any other emergency if the ship is compromised

8 Agility needed Cyber attacks techniques develop constantly so mitigating measurers will also have to change constantly IMO regulation would be too slow Type approval of software is not the way forward, as it is a static process We see industry best management practice as the way to cope with cyber security

9 Cyber security should be carefully considered:
Special attention Cyber security should be carefully considered: When taking over a new building and buying used tonnage In connection with on-board software maintenance When dealing with an always open on-line connection

10 It starts during construction of the ship
Producer should have a QA system for software lifecycle activities, which specifies cyber-security considerations Ships networks should be configured to have controlled and uncontrolled networks

11 Risk based approach needed
Some organisations, ships and systems may be more at risk than others, depending on the type and value of data stored To manage risks, ships’ personnel and owners should understand the probability for an event to occur and the resulting impact

12 The Industry Guidelines on Cyber Security on board Ships
The guidance to ship owners and operators includes how to: minimize the risk of a cyber-attack through user access management protect on board systems develop contingency plans and manage incidents if they do occur

13 Training and awareness
Cyber mitigation Technical Training and awareness Remoteness Procedures

14 IMO process started At MSC 94 (November 2014), USA and Canada recommended development of voluntary guidelines for ports, ships, and other parts of maritime transportation system BIMCO informed that we were working on guidance for shipowners and crew on operational aspects of cyber security on-board ships Update paper by BIMCO, ICS, INTERTANKO and INTERCARGO submitted to MSC 95 (June 2015) Includes the scope of the industry guidance on cyber security for ships Intention to present the finalized guidelines to MSC 96

15 Related work Working with CIRM since on a draft industry standard for Maintenance and update of programmable electronic systems The cyber work and the CIRM work are interrelated and coordination is essential Industry stakeholders should develop, manage and update computer-based systems onboard ships in a secure way

16 Conclusions Awareness needed in the industry
Ships are exposed to cyber-threats calling for a risk based approach Industry Guidance will be submitted to MSC 96 Cyber crime is developing all the time and we need to keep up Cyber security considerations should start at the software production stage and cyber robustness considerations should be made when the ship is constructed

17 Questions?

Download ppt "SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP"

Similar presentations

E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.

E-navigation, and IHO’s role IHO, Monaco, October 2014 John Erik Hagen, Regional Director NCA Coordinator of the completed IMO Correspondence Group on.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
INPO Update CMBG Meeting June 2013

INPO Update CMBG Meeting June 2013
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Christopher Cotter Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs Representative Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs.

Christopher Cotter Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs Representative Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Dubai Government Policies for Enhancing the Competitiveness of Multimodal Transportation and Logistics Cluster June 2014.

Dubai Government Policies for Enhancing the Competitiveness of Multimodal Transportation and Logistics Cluster June 2014.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
1 High Level Panel on Double Hull Tankers Ib Matthiesen – Head of Unit INTERTANKO – Athens Tanker Event 2005.

1 High Level Panel on Double Hull Tankers Ib Matthiesen – Head of Unit INTERTANKO – Athens Tanker Event 2005.
“The Cruise Industry’s Efforts to Enhance Passenger ShiP SAFETY” Bud Darr SVP, Technical and Regulatory Affairs May 28, 2015 Miami, Florida BAHAMAS SHIPOWNERS.

“The Cruise Industry’s Efforts to Enhance Passenger ShiP SAFETY” Bud Darr SVP, Technical and Regulatory Affairs May 28, 2015 Miami, Florida BAHAMAS SHIPOWNERS.
IUMI International Union of Marine Insurance IUMI in a Nutshell Organization, Work and Current Developments IUMI Executive Committee Spring Meeting, Istanbul.

IUMI International Union of Marine Insurance IUMI in a Nutshell Organization, Work and Current Developments IUMI Executive Committee Spring Meeting, Istanbul.
Leading the way; making a difference Latin American Panel October 31, 2012 UPDATE ON PIRACY Joseph Angelo Deputy Managing Director.

Leading the way; making a difference Latin American Panel October 31, 2012 UPDATE ON PIRACY Joseph Angelo Deputy Managing Director.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG 2011 1.

Online Learning 1 Marine Facility Personnel with Security Responsibilities Canaport LNG
A PRESENTATION TO THE SELECT COMMITTEE ON PUBLIC SERVICES (NCOP) 24 OCTOBER 2007 BY MPATLISENG RAMAEMA CHIEF DIRECTOR: MARITIME TRANSPORT REGULATION DEPARTMENT.

A PRESENTATION TO THE SELECT COMMITTEE ON PUBLIC SERVICES (NCOP) 24 OCTOBER 2007 BY MPATLISENG RAMAEMA CHIEF DIRECTOR: MARITIME TRANSPORT REGULATION DEPARTMENT.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
GWS SMS INTRODUCTION MSM Manual. 3. MISSION STATEMENT AND CORE VALUES OF THE COMPANY  MISSION  Our Mission is to provide expertise in the fields of.

GWS SMS INTRODUCTION MSM Manual. 3. MISSION STATEMENT AND CORE VALUES OF THE COMPANY  MISSION  Our Mission is to provide expertise in the fields of.

Similar presentations

Ads by Google