ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY



Similar documents
Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

CYBER SECURITY INDUSTRY GUIDELINES

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Security Issues with Integrated Smart Buildings

Joint statement on supply-chain security

International Port Security Program Overview and Common Challenges

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

CYBER SECURITY GUIDANCE

Cybersecurity in the maritime and offshore industry

Lessons from Defending Cyberspace

Defending Against Data Beaches: Internal Controls for Cybersecurity

Franchise Data Compromise Trends and Cardholder. December, 2010

Standards for Private Maritime Security Company (PMSC) Accreditation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Incident Response 101: You ve been hacked, now what?

Protecting against cyber threats and security breaches

WRITTEN TESTIMONY OF

S. ll IN THE SENATE OF THE UNITED STATES

Cyber Security for audit committees

NEW ZEALAND S CYBER SECURITY STRATEGY

September 20, 2013 Senior IT Examiner Gene Lilienthal

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Cybersecurity Awareness. Part 1

ARMED PERSONNEL ONBOARD VESSELS IMO PERSPECTIVE. Chris Trelawny Senior Deputy Director Maritime Safety Division International Maritime Organization

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks

No. 33 February 19, The President

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

TUSKEGEE CYBER SECURITY PATH FORWARD

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Department of Homeland Security

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Cyber Security Strategy

IMO ANY OTHER BUSINESS. Shipping noise and marine mammals. Submitted by the United States

U. S. Attorney Office Northern District of Texas March 2013

How To Protect Your Data From Being Hacked

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Statement for the Record. The Honorable Janet Napolitano. Secretary United States Department of Homeland Security

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES

EY Cyber Security Hacktics Center of Excellence

Maritime cybersecurity using ISPS and ISM codes

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Public Private Partnerships and National Input to International Cyber Security

Application of Technology to Create an Integrated, Multidisciplinary Approach to Safe and Secure Ports

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cyber Risks and Considerations for the Marine Insurance Industry Joseph G. Grasso David L. Hall February 26, 2015

CONSULTING IMAGE PLACEHOLDER

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Supplier Vigilance: A Critical Layer of Defense

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

This is a preview - click here to buy the full publication

MARINE K&R INSURANCE Frequently Asked Questions

PCI Security Scan Procedures. Version 1.0 December 2004

The Guidelines on Cyber Security onboard Ships

2 Gabi Siboni, 1 Senior Research Fellow and Director,

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

S. ll IN THE SENATE OF THE UNITED STATES A BILL

BLUEPRINT FOR INTEGRATION

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

IQware's Approach to Software and IT security Issues

Maritime Domain Awareness: Mapping, Tracking, and Visualization

Evaluating DMARC Effectiveness for the Financial Services Industry

Cybersecurity: What CFO s Need to Know

BSA GLOBAL CYBERSECURITY FRAMEWORK

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Cyber Security for Advanced Manufacturing Next Steps

future data and infrastructure

Security Intelligence

Marine K&R an above Average Marine Insurance

Technology and Cyber Resilience Benchmarking Report December 2013

Obtaining Enterprise Cybersituational

Transcription:

E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted by Canada SUMMARY Executive summary: This document proposes the development of Guidelines on maritime cybersecurity in light of the dramatic increases in the use of cyber systems across the maritime sector and related risks Strategic direction: 6.1 High-level action: 6.1.1 Planned output: No related provision Action to be taken: Paragraph 11 Related document: FAL 38/7 Introduction 1 This document recommends the development of voluntary guidelines on cybersecurity practices to protect and enhance the resiliency of cyber systems supporting the operations of ports, vessels, marine facilities and other elements of the maritime transportation system. For the purposes of this proposal, cybersecurity is defined as measures taken to protect cybersystems, or any data contained therein, against unauthorized access or alteration. Discussion 2 There are numerous examples of cybersecurity issues of relevance to the maritime community:.1 researchers from the University of Texas in the United States demonstrated in July 2013 that it is possible to change a vessel's direction by interfering with its GPS signal to cause the onboard navigation systems to falsely interpret a vessel's position and heading;

Page 2.2 a hacker caused a floating oil-platform located off the coast of Africa to tilt to one side, thus forcing it to temporarily shut down;.3 hackers infiltrated cyber systems in a port to locate specific containers loaded with illegal drugs and remove them from the port undetected;.4 Somali pirates employed hackers to infiltrate a shipping company's cyber systems to identify vessels passing through the Gulf of Aden with valuable cargoes and minimal on-board security which led to the hijacking of at least one vessel;.5 denial of service attacks (initiating a very high number of requests to a system to overwhelm it and cause it to cease operating) against ports have been reported;.6 efforts to gain unauthorized access to wireless Internet networks in ports have been reported; and.7 studies by the Brookings Institution and the European Union Agency for Network and Information Security both concluded that there is very little awareness of cybersecurity issues in the maritime transportation sector and few initiatives underway to enhance cybersecurity. 3 As the global maritime community moves further into a digital environment, ports, vessels and facilities are increasingly connected to, and dependent on, cyber systems. This includes almost every facet of their operations, such as financial and human resources management, security systems, navigation, communications and the operation of key systems and equipment. 4 As industries worldwide have turned towards greater reliance on cybersystems, organized crime, state-sponsored hackers, terrorists and other malicious actors have turned towards exploiting weaknesses in cybersecurity to gain intelligence, facilitate illegal activities and cause economic and physical damage. 5 The maritime sector is not immune to these potential vulnerabilities. Unauthorized access or alteration of cybersystems could result in compromised strategic, proprietary, or personal information, exploitation of cybersystems for nefarious purposes, or temporary loss of, or damage to, critical systems. Insufficiently robust cybersecurity practices could therefore potentially lead to a loss of life, increased criminality in the maritime sector or, given the importance of the maritime sector to international trade and supply chains, an operational disruption with significant adverse economic consequences. 6 As part of consultations to further the development of a domestic Maritime Cybersecurity Strategic Framework, stakeholders informed the representatives of the Government of Canada of their desire for maritime cybersecurity guidelines to serve as both a guide and benchmark for their own cybersecurity efforts. Given the technical nature of cybersecurity and its rapid emergence as an area of concern, it is likely that maritime sector stakeholders worldwide are also seeking guidance on this issue. Analysis of implications 7 Cybersystems containing sensitive or private information and/or controlling critical equipment or processes are potentially vulnerable to unauthorized access or alteration that could lead to information breaches, system failures, security compromises or other negative

Page 3 consequences. Cybersecurity guidelines developed specifically for the maritime sector could help protect ports, terminals, vessels and other stakeholders, as well as help mitigate the effects of successful intrusions and prevent disruptions to international trade, by providing guidance on areas of cybersecurity. 8 The need for guidance materials on cybersecurity has grown with the use and reliance on cyber systems among maritime stakeholders. As the maritime transportation system carries approximately 90% of international commerce, a successful cyber attack against a maritime stakeholder could have significant negative effects on the global economy and disrupt international trade. 9 Specifically, it is recommended that the Committee develop voluntary guidelines on cybersecurity as it conforms to IMO's objectives of enhancing the security of the maritime transportation system and protecting human life at sea. 10 Information on the potential contents of the proposed cybersecurity guidelines is provided in the annex. Action Requested of the Committee 11 The Committee is invited to develop voluntary guidelines on maritime cybersecurity. The Committee may wish to consider creating an intersessional correspondence group to conduct this work with the following initial work programme:.1 identify relevant existing standards and guidance materials;.2 develop voluntary maritime cybersecurity guidelines, including best practices; and,.3 report to FAL 40. ***

Annex, page 1 ANNEX POTENTIAL CONTENTS OF THE CYBERSECURITY GUIDELINES 1 The proposed voluntary maritime cybersecurity guidelines could include:.1 A description of types of cybersystems typically used by maritime sector stakeholders to support their operations;.2 A description of potential cybersecurity vulnerabilities associated with the types of cybersystems typically used by maritime sector stakeholders;.3 A description of mitigations that could be implemented by maritime sector stakeholders to address potential cybersecurity vulnerabilities. 2 The proposed voluntary maritime cybersecurity guidelines would:.1 Be consistent to the greatest extent possible with similar cybersecurity guidelines previously promulgated by international organizations, such as the International Organization for Standardization;.2 Identify implementable measures to enhance cyber security, but not include specific technical requirements or recommendations to use specific hardware, software, policies or processes. 3 Canada would provide to correspondence group members results of research conducted as part of the development of a Maritime Cybersecurity Strategic Framework, including information on cybersystems used in the maritime sector and associated potential vulnerabilities and mitigations, to serve as a basis for discussion. 4 Canada's Maritime Cyber Security Project has identified five categories to illustrate to maritime sector stakeholders the rationale and importance of identified vulnerabilities and mitigations, categories which could be adopted or adapted by the proposed correspondence group; they are:.1 access control ensuring sensitive data and hardware are accessed or altered only for legitimate ends;.2 network design taking a holistic and risk-based approach to implement security measures that balance between accessibility and security for different systems, data, and other network components;.3 intrusion detection putting in place measures to detect intrusions by malicious actors and limit ongoing harm;.4 communication security ensuring information communicated within or outside an organization is received by the person for whom it was intended without alteration; and,.5 governance establishing a management framework, including strategic planning, employee engagement and specific policies, to align resources and behaviours with an organization's cybersecurity needs.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information