CYBER SECURITY INDUSTRY GUIDELINES

Similar documents
MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Skibsteknisk Selskab. Standard on Software Maintenance of Shipboard Equipment. Chief marine technical officer Aron Sørensen

The Guidelines on Cyber Security onboard Ships

The International Chamber of Shipping (ICS) Representing the Global Shipping Industry

Committees Date: Subject: Public Report of: For Information Summary

Environmental Compliance

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY

Maritime cybersecurity using ISPS and ISM codes

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS

SHIPPING BUSINESS Group One Syllabus

Cybersecurity in the maritime and offshore industry

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

FURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL SHIPPING

THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR

History of the IMO Effort to Improve Container Safety

Secure by design: taking a strategic approach to cybersecurity

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

The home of integrated marine energy services

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Cybersecurity in the Maritime Domain

QUALITY MANAGEMENT IN VTS

PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine. Merchant Marine Circular No. 193

A Guide to the Cyber Essentials Scheme

Small businesses: What you need to know about cyber security

OCIE CYBERSECURITY INITIATIVE

International Chamber of Shipping

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBERSECURITY EXAMINATION SWEEP SUMMARY

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

KUDELSKI SECURITY DEFENSE.

ESKISP Conduct security testing, under supervision

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

A NEW APPROACH TO CYBER SECURITY

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Code of Practice for Cyber Security in the Built Environment

Cyber attack on Twitter, 250,000 accounts hacked

international centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers

Department of Homeland Security Control Systems Security Program

Microsoft s cybersecurity commitment

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

KEY STEPS FOLLOWING A DATA BREACH

MSC Security Program Security in the Logistics Supply Chain

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Oily Water Separators

An Overview of Large US Military Cybersecurity Organizations

ESKISP Manage security testing

Data Access Request Service

GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

SAFECode Security Development Lifecycle (SDL)

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

WRITTEN TESTIMONY OF

TLP WHITE. Denial of service attacks: what you need to know

How small and medium-sized enterprises can formulate an information security management system

Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators

Attachment A. Identification of Risks/Cybersecurity Governance

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

93% of large organisations and 76% of small businesses

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Looking at the SANS 20 Critical Security Controls

Cybersecurity and internal audit. August 15, 2014

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

Storage Cloud Infrastructures

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

CLASSIFICATION SOCIETIES - their key role

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

N-Dimension Solutions Cyber Security for Utilities

Company Security Officer (CSO) Training course brochure

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD

Piracy and Sea Robbery Conference Sharing Information, Enhancing Response

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Metasploit The Elixir of Network Security

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

Erik Johansson, , Virtualization in Control Systems Possibilities and Challenges

Critical Security Controls

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

External Supplier Control Requirements

The Nautical Institute Seminar on Cargo liquefaction- Hazards and developments

Who s next after TalkTalk?

Transcription:

CYBER SECURITY INDUSTRY GUIDELINES Aron Sorensen, Chief Marine Technical Officer, BIMCO 1

BIMCO Founded in 1905-2,300 members in around 130 countries Membership includes shipowners, operators, managers, brokers and agents Developing industry standards, and providing quality technical information, advice and education Advocating the oppinion of our members at IMO, ISO, IALA, IHO etc. 2

AGENDA Background for industry guidelines Considerations on cyber Risk based and agile approach 3

BIMCO S WORK In 2013, the BIMCO Executive Committee highlighted the importance of cyber security Ø 2013 2014 Information gathering - to deal with cyber security needs and challenges in the maritime sector In March 2014, added to the agenda of the Marine Committee and of the Security Committee Ø Decided to develop industry guidance on cyber security for ships 4

SHIPS ARE VULNERABLE TO CYBER ATTACKS Ships chartered to 3rd party operators Ø The shipowner does not have control over the IT systems required by the charterer Historically ships have been offline Ø Today cyber security cannot be controlled through avoidance of connectivity 5

SHIPS ARE VULNERABLE TO CYBER ATTACKS Critical data pertaining to cargo is passed through numerous land-side entities Ø Penetration of just one entity can result in any data element being compromised A high reliability on IT systems related to safety Ø ECDIS and satellite receivers make a ship susceptible to either penetration or jamming 6

RISKS ON BOARD SHIPS Lack of software and system monitoring Insiders introducing malware by storage devices etc. Outdated (Microsoft) software Remote attacks by criminals Unprotected or badly designed hardware and networks 7

ATTACKING A SHIP WILL NOT STOP WORD TRADE A ship is an independent unit and a cyber attack may compromise safety of that ship, the marine environment and to some extent, the business continuity of the owner To a large extent the crew will use the same contingency plans as for any other emergency if the ship is compromised 8

AGILITY NEEDED Cyber attacks develop constantly so mitigating measurers will also have to change accordingly IMO regulation would be too slow Type approval of software is not the way forward, as it is a static process We see industry best management practice as the way to cope with cyber security 9

SPECIAL ATTENTION Cyber security should be carefully considered: Ø When taking over a new building and buying used tonnage Ø In connection with on-board software maintenance Ø When dealing with an always open on-line connection 10

IT STARTS DURING CONSTRUCTION OF THE SHIP Producer should have a QA system for software lifecycle activities, which specifies cyber-security considerations Ships networks should be configured to have controlled and uncontrolled networks 11

RISK BASED APPROACH NEEDED Some organisations, ships and systems may be more at risk than others, depending on the type and value of data stored To manage risks, ships personnel and owners should understand the probability that an event will occur and the resulting impact 12

INDUSTRY GUIDELINES ON CYBER SECURITY ON BOARD SHIPS The guidance to ship owners and operators includes how to: Ø minimize the risk of a cyber-attack through user access management Ø protect on board systems Ø develop contingency plans and Ø manage incidents if they do occur 13

IMO PROCESS At MSC 94 (November 2014), proposal for guidelines for ports, ships, and other parts of maritime transportation system Ø BIMCO informed that we were working on guidance for shipowners and crew on operational aspects of cyber security on-board ships Update paper by BIMCO, ICS, INTERTANKO and INTERCARGO submitted to MSC 95 (June 2015) Ø Intention to present the finalized guidelines to MSC 96 14

RELATED WORK Working with CIRM since 2013 on a draft industry standard Maintenance and update of onboard programmable electronic systems Ø The cyber work and the CIRM work are interrelated and coordination is essential Manufacturers should develop, manage and update computerbased systems in a secure way 15

INDUSTRY SOFTWARE MAINTENANCE GUIDELINES Event initiation Preventative maintenance Corrective maintenance Planning Where and when Best service engineer for the job Onboard software log Execution Execution and control Cyber security After service Service report and onboard software log Evaluation and feedback 16

CONCLUSIONS Awareness needed in the industry Ships are exposed to a cyber-threat calling for a risk based approach Ø Industry Guidance will be submitted to MSC 96 Ø Cyber crime is developing all the time and we need to keep up Cyber security considerations should start at the software production stage and cyber robustness considerations should be made when the ship is constructed 17

Aron Frank Sørensen Chief Marine Techncal Officer BIMCO www.bimco.org afs@bimco.org Thank you for your attention Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information