The marine industry is categorized as shipbuilding, shipping and port industry. It is a significant area that plays a large part in national competitiveness. In 2017, maritime safety committee(MSC) of the international maritime organization(IMO)
began to discuss marine cyber security due to increased threat from cyber space targeting the marine industry. In this article, the marine cyber security cases and the cyber security guideline’s trends of global maritime organization will be
examined and those meanings will be considered.
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Information Technology Republic of Indonesia in The Indonesia Information Security Forum 2012
Bandung, 10 October 2012
Welcome Address by Director General of Informatic Application Ministry of Communication and Information Technology in The Indonesia Information Security Forum
The document discusses the history and current state of cyber warfare between several nations including Israel/Palestine, India/Pakistan, the US/Al Qaeda, Cuba/US, and China/US. It outlines the key hackers and groups involved on both sides of these conflicts, their main targets and strategies. It also examines how cyber warfare has influenced military operations and foreign policy, and considers its importance relative to traditional warfare.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
This newsletter provides information on the passing of Bharat Verma, founder and editor of Indian Defence Review, who died of lung cancer at age 62. It discusses the history and editors of Indian Defence Review, which was the first magazine in independent India to focus on national security issues in the private sector. The newsletter also includes commentary from Pakistan praising Verma as a professional and precise defense analyst. Finally, it provides biographical information on DC Nath, the chief patron of the International Council of Security & Safety Management.
Cyber war a threat to indias homeland security 2015Ajay Serohi
The document discusses cyber warfare as a threat to India's homeland security. It notes India's increasing reliance on digital infrastructure and discusses potential future cyber incidents like power grid failures, financial system paralysis, and satellite or communication system disruptions. The document outlines challenges like attribution of attacks and issues with cyber deterrence. It also examines threats in India's cyber domain from state actors like China and Pakistan as well as non-state groups, and argues for integrating cyber security into India's overall homeland security strategy.
The document discusses security issues related to transportation infrastructure in India. It notes that the transportation sector is vast, interconnected, and moves millions of passengers and goods daily, making it an attractive target for terrorists. It calls for an Indian Infrastructure Security Policy and Sector Specific Security Plans for different transportation modes (aviation, maritime, mass transit, etc.) to provide a secure network while enabling legitimate travel and commerce. Key challenges include criminal activities, terrorism, health threats, and improving security without unduly increasing costs or inconveniences.
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax Cybersec
Role of Cybersecurity in Maritime: A high-risk sector
Maritime, an ancient industry responsible carriage for 90% of global trade, stands as a cornerstone of the world economy. Despite initial perceptions that maritime assets are immune, the increased reliance on industrial control systems (ICS) and satellite communications renders this age-old industry susceptible to cyber adversaries. The reluctance to openly share information and collaborate on cybersecurity best practices has exacerbated the issue, leading to a surge in maritime cyber incidents, up by a staggering 900% since 2017. The NotPetya cyberattack in June 2017 stands out as one of the most devastating incidents, causing over $10 billion in damages. This malware, initially targeting Ukrainian companies, had a far-reaching impact, affecting global giants like Maersk, which lost significant data and infrastructure.
In this article, we will take you through the crucial role of cybersecurity in the maritime sector, offering insights into the intricacies of the maritime ecosystem, and identifying key vulnerable systems. Additionally, we will explore the far-reaching consequences of successful cyberattacks and effective strategies for cyber risk management in this high-stakes domain.
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Information Technology Republic of Indonesia in The Indonesia Information Security Forum 2012
Bandung, 10 October 2012
Welcome Address by Director General of Informatic Application Ministry of Communication and Information Technology in The Indonesia Information Security Forum
The document discusses the history and current state of cyber warfare between several nations including Israel/Palestine, India/Pakistan, the US/Al Qaeda, Cuba/US, and China/US. It outlines the key hackers and groups involved on both sides of these conflicts, their main targets and strategies. It also examines how cyber warfare has influenced military operations and foreign policy, and considers its importance relative to traditional warfare.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
This newsletter provides information on the passing of Bharat Verma, founder and editor of Indian Defence Review, who died of lung cancer at age 62. It discusses the history and editors of Indian Defence Review, which was the first magazine in independent India to focus on national security issues in the private sector. The newsletter also includes commentary from Pakistan praising Verma as a professional and precise defense analyst. Finally, it provides biographical information on DC Nath, the chief patron of the International Council of Security & Safety Management.
Cyber war a threat to indias homeland security 2015Ajay Serohi
The document discusses cyber warfare as a threat to India's homeland security. It notes India's increasing reliance on digital infrastructure and discusses potential future cyber incidents like power grid failures, financial system paralysis, and satellite or communication system disruptions. The document outlines challenges like attribution of attacks and issues with cyber deterrence. It also examines threats in India's cyber domain from state actors like China and Pakistan as well as non-state groups, and argues for integrating cyber security into India's overall homeland security strategy.
The document discusses security issues related to transportation infrastructure in India. It notes that the transportation sector is vast, interconnected, and moves millions of passengers and goods daily, making it an attractive target for terrorists. It calls for an Indian Infrastructure Security Policy and Sector Specific Security Plans for different transportation modes (aviation, maritime, mass transit, etc.) to provide a secure network while enabling legitimate travel and commerce. Key challenges include criminal activities, terrorism, health threats, and improving security without unduly increasing costs or inconveniences.
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax Cybersec
Role of Cybersecurity in Maritime: A high-risk sector
Maritime, an ancient industry responsible carriage for 90% of global trade, stands as a cornerstone of the world economy. Despite initial perceptions that maritime assets are immune, the increased reliance on industrial control systems (ICS) and satellite communications renders this age-old industry susceptible to cyber adversaries. The reluctance to openly share information and collaborate on cybersecurity best practices has exacerbated the issue, leading to a surge in maritime cyber incidents, up by a staggering 900% since 2017. The NotPetya cyberattack in June 2017 stands out as one of the most devastating incidents, causing over $10 billion in damages. This malware, initially targeting Ukrainian companies, had a far-reaching impact, affecting global giants like Maersk, which lost significant data and infrastructure.
In this article, we will take you through the crucial role of cybersecurity in the maritime sector, offering insights into the intricacies of the maritime ecosystem, and identifying key vulnerable systems. Additionally, we will explore the far-reaching consequences of successful cyberattacks and effective strategies for cyber risk management in this high-stakes domain.
The document discusses cyber security risks in the maritime industry. It notes that the International Maritime Organization (IMO) Secretary General and Maritime Safety Committee (MSC) have prioritized cyber security risks. The MSC urged member states to collaborate on cyber security guidance and regulatory proposals. While regulations and best practices are still being developed, the document recommends companies take proactive steps to enhance their cyber security through strategies, managed security services, and consulting from experts like Regency IT Consulting.
The document provides an overview of cybersecurity as it relates to the maritime industry. It discusses new threats to maritime cybersecurity like increased attacks targeting crews and the ability to remotely control ship systems. It also covers new impacts of cyberattacks such as the potential for fleet-wide outages and business disruption. Finally, it discusses cybersecurity management, including preserving the confidentiality, integrity and availability of data. The key points are that cyberattacks pose serious risks to ships and shipping operations, and proper cybersecurity management is important to mitigate these risks in accordance with IMO requirements.
Following the 9/11 attacks, the US government implemented new legislation and programs to enhance security of the US maritime system. This included the Container Security Initiative, which aimed to screen high-risk cargo containers before arrival at US ports. New regulations like ISPS and MTSA required facilities, ships, and companies to follow security guidelines and appoint security officers. The Coast Guard also issued rules on vessel and facility security plans. However, complying with these new mandates was very costly for ports and facilities, who felt more funding was needed to implement all the required physical and personnel security upgrades.
This document discusses the digitalization trends transforming the shipping and logistics industry. Key points include:
- Technologies like GPS, smart containers, vessel sensors are improving efficiency by enabling real-time tracking and monitoring of goods and vessel operations.
- Digitalization benefits include optimized transport, reduced waiting times, improved energy efficiency from weather routing and predictive maintenance.
- However, increased data and connectivity also introduce cyber risks if systems are hacked or data is leaked accidentally. Proper security measures are needed to address risks to cargo tracking systems, vessel navigation and more.
- The shipping industry must work closely with software and hardware providers as well as insurers to continuously enhance data security as digitalization increases complexity and exposure to
The rise of the robot and the lie of resilienceGirija Shettar
1) The shipping industry is rapidly developing advanced technologies like autonomous systems, sensors, artificial intelligence and cyber connectivity on ships to increase efficiency.
2) However, these technologies also introduce new risks as ships become more dependent on computer systems and vulnerable to hackers, with the potential for ships to be hacked and used as weapons or deliberately crashed.
3) While technologies promise increased safety, efficiency and lower costs, there are concerns that fully cyber-enabled infrastructure can never be 100% safe and that overreliance on these systems could ultimately prove destructive if major cyber attacks or technical failures were to occur.
Respond to discussion with 250 wordsThe focus of maritime secmickietanger
Respond to discussion with 250 words:
The focus of maritime security post September 11th was to improve the physical infrastructure of port facilities and vessels by implementing security plans, identification systems, detection methods, and strict inspection and clearance procedures for cargo and personnel. There are numerous legislative pieces which have created a layered security approach to protecting the marine industry (CSI, C-TPAT, foreign port assessment, etc.). According to the U.S. Department of State, this layered approach “aligns all Federal government maritime security programs and initiatives into a comprehensive and cohesive national effort involving appropriate Federal, State, local, and private sector entities” (2005, p. ii). While there have been improvements in maritime security to protect against physical attacks, little has been done in terms of cyberattacks.
When enacted, the Maritime Transportation Security Act and Safe Accountability For Every Port Act did not include elements of cybersecurity, and there is still no such legislation in place today. The United States Coast Guard has not conducted a thorough assessment on cyber risks, and until properly done, “maritime stakeholders will be less able to appropriately plan and allocate resources to protect the maritime transportation mode” (USGAO, 2014, p. 17). Ports are concerned with operations, vessel movement, and cargo flow. Cyber threats are not a priority and are not considered a large enough to warrant action. According to Kramek, “not only is cybersecurity awareness in U.S. port facilities generally low, but the cybersecurity culture in U.S. port facilities is generally lacking” (2013, p. 27). This is extremely concerning, because ports across the nation use technology to manage all aspects of their operations. A cyber-attack would devastate port and economic activity, especially if it targeted the Global Positioning System (GPS).
The Global Positioning System is a satellite based navigation system which can accurately determine an object’s position on the earth. GPS was developed by the United States military in the 1970’s, and became available for public use some time after. It’s an extremely valuable system and has transformed the transportation and logistics industry. In terms of marine applications, it “is playing an increasingly important role in the management of maritime port facilities” (NCO, 2006, para. 6). Port and marine operators heavily rely on GPS to monitor cargo and ships deployed around the world, which would have a significant impact on the day to day operations if hacked.
A cyber event on GPS within a port system could disrupt operations, sending a ripple effect, much like a tsunami, throughout supply chains. Kugler explains the ease in which GPS can be “spoofed”, and “cargo shipments are at risk, especially dangerous or high-value ones that are required to follow designated GPS routes” (2017, p. 19). Hijacking GPS receivers would allow ...
Yovanof, "The Digital Transformation of Shipping & Clusters of Innovation", J...Gregory Yovanof
This document provides an overview of the digital transformation of the global shipping industry and the development of maritime clusters of innovation. It discusses emerging technologies like autonomous ships, the Internet of Things, 3D printing, blockchain and cybersecurity. It highlights the need for digital strategies and regional clusters to support innovation. The presentation then focuses on the STRATEGIS Maritime ICT Cluster in Piraeus, Greece, which aims to be a catalyst for growth through R&D, entrepreneurship and collaboration between industry and academia in the digital shipping space.
The document discusses cyber security issues onboard ships. As ships increasingly rely on digital technologies, the risk of cyber attacks has grown. The document outlines common cyber attack methods like phishing and malware. It also discusses potential consequences of attacks, such as navigational system manipulation. The document recommends guidelines for maritime cyber risk management, including addressing risks in safety management systems.
This document proposes enhancing communications for maritime transportation services through a satellite-based Internet of Things (IoT) system. It discusses challenges in maritime logistics from increased demand during the pandemic and need to monitor refrigerated containers. The proposed system would use a constellation of satellites to transmit sensor data from ships, including location from GPS and security data, to support fleet management and ensure cargo status and safety. It presents the system design, network dimensioning on ships, and a communications protocol to enable decision making. The goal is to improve efficiency in maritime transport and port operations through enhanced monitoring and real-time route updates.
Is the future of shipping in ships and ports, or chips and blocks?EY
EY, Guardtime and industry participants launch the world’s first marine insurance blockchain platform, Insurwave. Insurwave leverages blockchain and distributed ledger technologies Microsoft Azure infrastructure and ACORD data standards. It will support more than half a million automated ledger transactions and help manage risk for more than 1,000 commercial vessels in the first year. By connecting participants in a secure, private network with an accurate, immutable audit trail and services to execute processes, the platform establishes a first of its kind digital insurance value chain.
This document provides an overview of maritime cyber security and risks. It begins with some definitions and opinions on the increasing issues around cyber attacks. Statistics are presented showing cyber attacks are rising in both impact and likelihood. Various cyber threats are described, from hacking and espionage to disruption. Specific issues for the maritime industry are then covered, such as the increasing digitization of vessels and challenges around crew connectivity and access to the internet. The differences between information technology (IT) and operational technology (OT) are also discussed in the context of maritime cyber security.
Maritime cyber security threats & consequence part 2pankaj kapoor
The global shipping industry is highly vulnerable to cyber attacks that can compromise key vessel systems like GPS, ECDIS, auto-pilot and cause accidents. Simple attacks using inexpensive software-defined radios can hack GPS and redirect vessels. Connected systems on ships like bridge equipment, engine controls, and passenger WiFi present many opportunities for hackers. Incidents have involved spoofing vessel positions, falsifying cargo documents, and potentially even purposefully grounding a ship. The shipping industry needs to urgently address these cybersecurity threats to prevent accidents and disruptions.
The presentation discusses the increasing risk of cyber attacks against the maritime sector. It notes that ships now rely heavily on computerized systems for navigation, cargo handling, and operations that may be vulnerable to attack. A successful cyber attack could endanger lives, damage ships or infrastructure, and cause significant economic losses by disrupting operations or cargo. While previous attacks were often financially motivated, modern threats increasingly aim to cause physical damage by hacking industrial control systems. The maritime sector is at high risk due to its reliance on computer networks and accessibility of critical onboard systems and infrastructure.
The document discusses challenges facing the global shipping industry, including overcapacity, lack of transparency, and increasing regulations. It introduces BitNautic as a decentralized platform using blockchain technology to connect ship owners, carriers, and shippers. BitNautic aims to address issues like high freight rates, limited shipping options for small cargo, and difficulties finding the best rates through features like a cargo booking system, ship brokerage, cargo tracking, and escrow services.
Top 10 most disruptive maritime solution providers 2020Merry D'souza
MariApps is a company committed to developing digital solutions for the maritime industry. Their flagship product, smartPAL, provides ship management and monitoring services and has connected over 1500 vessels. MariApps offers a comprehensive suite of digital solutions covering fleet management, mobile applications, business intelligence, and more. Their solutions aim to increase efficiency, simplify processes, and provide real-time operational data and monitoring to help customers make effective decisions. MariApps is focused on developing partnerships with customers and ensuring training to fully utilize their solutions.
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comNihal Peter Moraes
Maritime cybersecurity developments from IMO and IRClass. Also, reference guidelines from ISO/IEC 27001 Standards, NIST and guidelines published by BIMCO, INTERTANKO and ICS among others.
The document discusses the failure of past container security solutions to gain adoption due to not addressing the business interests of ship owners in reducing costs. It proposes a solution that would bundle security monitoring hardware and software on ships with fuel consumption monitoring to provide a recurring revenue stream and quick return on investment. Trials and pilots are suggested to prove the concept with partnerships in Singapore before seeking global deployment and standardization.
1. The document discusses the importance of the global transportation system, including air, rail, and maritime components. It explores their historical development and contributions to economic prosperity.
2. After 9/11, security became a greater priority for these industries. The industries established security plans and increased coordination with government agencies.
3. The transportation systems play a crucial role in trade and movement of goods worldwide. Disruptions could significantly impact the global economy. Maintaining secure infrastructure across all components is important.
MARITIME CRITICAL
INFRASTRUCTURE
PROTECTION
DHS Needs to Better
Address Port
Cybersecurity
Report to the Chairman, Committee on
Commerce, Science, and
Transportation, U.S. Senate
June 2014
GAO-14-459
United States Government Accountability Office
United States Government Accountability Office
Highlights of GAO-14-459, a report to the
Chairman, Committee on Commerce, Science,
and Transportation, U.S. Senate
June 2014
MARITIME CRITICAL INFRASTRUCTURE
PROTECTION
DHS Needs to Better Address Port Cybersecurity
Why GAO Did This Study
U.S. maritime ports handle more than
$1.3 trillion in cargo annually. The
operations of these ports are
supported by information and
communication systems, which are
susceptible to cyber-related threats.
Failures in these systems could
degrade or interrupt operations at
ports, including the flow of commerce.
Federal agencies—in particular DHS—
and industry stakeholders have
specific roles in protecting maritime
facilities and ports from physical and
cyber threats.
GAO’s objective was to identify the
extent to which DHS and other
stakeholders have taken steps to
address cybersecurity in the maritime
port environment. GAO examined
relevant laws and regulations;
analyzed federal cybersecurity-related
policies and plans; observed
operations at three U.S. ports selected
based on being a high-risk port and a
leader in calls by vessel type, e.g.
container; and interviewed federal and
nonfederal officials.
What GAO Recommends
GAO recommends that DHS direct the
Coast Guard to (1) assess cyber-
related risks, (2) use this assessment
to inform maritime security guidance,
and (3) determine whether the sector
coordinating council should be
reestablished. DHS should also direct
FEMA to (1) develop procedures to
consult DHS cybersecurity experts for
assistance in reviewing grant
proposals and (2) use the results of the
cyber-risk assessment to inform its
grant guidance. DHS concurred with
GAO’s recommendations.
What GAO Found
Actions taken by the Department of Homeland Security (DHS) and two of its
component agencies, the U.S. Coast Guard and Federal Emergency
Management Agency (FEMA), as well as other federal agencies, to address
cybersecurity in the maritime port environment have been limited.
• While the Coast Guard initiated a number of activities and coordinating
strategies to improve physical security in specific ports, it has not conducted
a risk assessment that fully addresses cyber-related threats, vulnerabilities,
and consequences. Coast Guard officials stated that they intend to conduct
such an assessment in the future, but did not provide details to show how it
would address cybersecurity. Until the Coast Guard completes a thorough
assessment of cyber risks in the maritime environment, the ability of
stakeholders to appropriately plan and allocate resources to protect ports
and other maritime facilities will be lim.
An Integrated Security System Optimises Global Port SecurityEES Africa (Pty) Ltd
Due to global developments, it is becoming increasingly important to enhance and optimise the security of ships and port facilities worldwide. Ports are having to progressively improve safety and security strategies and systems to maintain global security compliance.
Ports are evolving from mere transportation centres to centres directly involved in more complex, value-added activities such as cargo processing and logistics. This requires new processes, practices and technological advances in control, integration and connectivity.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
The document discusses cyber security risks in the maritime industry. It notes that the International Maritime Organization (IMO) Secretary General and Maritime Safety Committee (MSC) have prioritized cyber security risks. The MSC urged member states to collaborate on cyber security guidance and regulatory proposals. While regulations and best practices are still being developed, the document recommends companies take proactive steps to enhance their cyber security through strategies, managed security services, and consulting from experts like Regency IT Consulting.
The document provides an overview of cybersecurity as it relates to the maritime industry. It discusses new threats to maritime cybersecurity like increased attacks targeting crews and the ability to remotely control ship systems. It also covers new impacts of cyberattacks such as the potential for fleet-wide outages and business disruption. Finally, it discusses cybersecurity management, including preserving the confidentiality, integrity and availability of data. The key points are that cyberattacks pose serious risks to ships and shipping operations, and proper cybersecurity management is important to mitigate these risks in accordance with IMO requirements.
Following the 9/11 attacks, the US government implemented new legislation and programs to enhance security of the US maritime system. This included the Container Security Initiative, which aimed to screen high-risk cargo containers before arrival at US ports. New regulations like ISPS and MTSA required facilities, ships, and companies to follow security guidelines and appoint security officers. The Coast Guard also issued rules on vessel and facility security plans. However, complying with these new mandates was very costly for ports and facilities, who felt more funding was needed to implement all the required physical and personnel security upgrades.
This document discusses the digitalization trends transforming the shipping and logistics industry. Key points include:
- Technologies like GPS, smart containers, vessel sensors are improving efficiency by enabling real-time tracking and monitoring of goods and vessel operations.
- Digitalization benefits include optimized transport, reduced waiting times, improved energy efficiency from weather routing and predictive maintenance.
- However, increased data and connectivity also introduce cyber risks if systems are hacked or data is leaked accidentally. Proper security measures are needed to address risks to cargo tracking systems, vessel navigation and more.
- The shipping industry must work closely with software and hardware providers as well as insurers to continuously enhance data security as digitalization increases complexity and exposure to
The rise of the robot and the lie of resilienceGirija Shettar
1) The shipping industry is rapidly developing advanced technologies like autonomous systems, sensors, artificial intelligence and cyber connectivity on ships to increase efficiency.
2) However, these technologies also introduce new risks as ships become more dependent on computer systems and vulnerable to hackers, with the potential for ships to be hacked and used as weapons or deliberately crashed.
3) While technologies promise increased safety, efficiency and lower costs, there are concerns that fully cyber-enabled infrastructure can never be 100% safe and that overreliance on these systems could ultimately prove destructive if major cyber attacks or technical failures were to occur.
Respond to discussion with 250 wordsThe focus of maritime secmickietanger
Respond to discussion with 250 words:
The focus of maritime security post September 11th was to improve the physical infrastructure of port facilities and vessels by implementing security plans, identification systems, detection methods, and strict inspection and clearance procedures for cargo and personnel. There are numerous legislative pieces which have created a layered security approach to protecting the marine industry (CSI, C-TPAT, foreign port assessment, etc.). According to the U.S. Department of State, this layered approach “aligns all Federal government maritime security programs and initiatives into a comprehensive and cohesive national effort involving appropriate Federal, State, local, and private sector entities” (2005, p. ii). While there have been improvements in maritime security to protect against physical attacks, little has been done in terms of cyberattacks.
When enacted, the Maritime Transportation Security Act and Safe Accountability For Every Port Act did not include elements of cybersecurity, and there is still no such legislation in place today. The United States Coast Guard has not conducted a thorough assessment on cyber risks, and until properly done, “maritime stakeholders will be less able to appropriately plan and allocate resources to protect the maritime transportation mode” (USGAO, 2014, p. 17). Ports are concerned with operations, vessel movement, and cargo flow. Cyber threats are not a priority and are not considered a large enough to warrant action. According to Kramek, “not only is cybersecurity awareness in U.S. port facilities generally low, but the cybersecurity culture in U.S. port facilities is generally lacking” (2013, p. 27). This is extremely concerning, because ports across the nation use technology to manage all aspects of their operations. A cyber-attack would devastate port and economic activity, especially if it targeted the Global Positioning System (GPS).
The Global Positioning System is a satellite based navigation system which can accurately determine an object’s position on the earth. GPS was developed by the United States military in the 1970’s, and became available for public use some time after. It’s an extremely valuable system and has transformed the transportation and logistics industry. In terms of marine applications, it “is playing an increasingly important role in the management of maritime port facilities” (NCO, 2006, para. 6). Port and marine operators heavily rely on GPS to monitor cargo and ships deployed around the world, which would have a significant impact on the day to day operations if hacked.
A cyber event on GPS within a port system could disrupt operations, sending a ripple effect, much like a tsunami, throughout supply chains. Kugler explains the ease in which GPS can be “spoofed”, and “cargo shipments are at risk, especially dangerous or high-value ones that are required to follow designated GPS routes” (2017, p. 19). Hijacking GPS receivers would allow ...
Yovanof, "The Digital Transformation of Shipping & Clusters of Innovation", J...Gregory Yovanof
This document provides an overview of the digital transformation of the global shipping industry and the development of maritime clusters of innovation. It discusses emerging technologies like autonomous ships, the Internet of Things, 3D printing, blockchain and cybersecurity. It highlights the need for digital strategies and regional clusters to support innovation. The presentation then focuses on the STRATEGIS Maritime ICT Cluster in Piraeus, Greece, which aims to be a catalyst for growth through R&D, entrepreneurship and collaboration between industry and academia in the digital shipping space.
The document discusses cyber security issues onboard ships. As ships increasingly rely on digital technologies, the risk of cyber attacks has grown. The document outlines common cyber attack methods like phishing and malware. It also discusses potential consequences of attacks, such as navigational system manipulation. The document recommends guidelines for maritime cyber risk management, including addressing risks in safety management systems.
This document proposes enhancing communications for maritime transportation services through a satellite-based Internet of Things (IoT) system. It discusses challenges in maritime logistics from increased demand during the pandemic and need to monitor refrigerated containers. The proposed system would use a constellation of satellites to transmit sensor data from ships, including location from GPS and security data, to support fleet management and ensure cargo status and safety. It presents the system design, network dimensioning on ships, and a communications protocol to enable decision making. The goal is to improve efficiency in maritime transport and port operations through enhanced monitoring and real-time route updates.
Is the future of shipping in ships and ports, or chips and blocks?EY
EY, Guardtime and industry participants launch the world’s first marine insurance blockchain platform, Insurwave. Insurwave leverages blockchain and distributed ledger technologies Microsoft Azure infrastructure and ACORD data standards. It will support more than half a million automated ledger transactions and help manage risk for more than 1,000 commercial vessels in the first year. By connecting participants in a secure, private network with an accurate, immutable audit trail and services to execute processes, the platform establishes a first of its kind digital insurance value chain.
This document provides an overview of maritime cyber security and risks. It begins with some definitions and opinions on the increasing issues around cyber attacks. Statistics are presented showing cyber attacks are rising in both impact and likelihood. Various cyber threats are described, from hacking and espionage to disruption. Specific issues for the maritime industry are then covered, such as the increasing digitization of vessels and challenges around crew connectivity and access to the internet. The differences between information technology (IT) and operational technology (OT) are also discussed in the context of maritime cyber security.
Maritime cyber security threats & consequence part 2pankaj kapoor
The global shipping industry is highly vulnerable to cyber attacks that can compromise key vessel systems like GPS, ECDIS, auto-pilot and cause accidents. Simple attacks using inexpensive software-defined radios can hack GPS and redirect vessels. Connected systems on ships like bridge equipment, engine controls, and passenger WiFi present many opportunities for hackers. Incidents have involved spoofing vessel positions, falsifying cargo documents, and potentially even purposefully grounding a ship. The shipping industry needs to urgently address these cybersecurity threats to prevent accidents and disruptions.
The presentation discusses the increasing risk of cyber attacks against the maritime sector. It notes that ships now rely heavily on computerized systems for navigation, cargo handling, and operations that may be vulnerable to attack. A successful cyber attack could endanger lives, damage ships or infrastructure, and cause significant economic losses by disrupting operations or cargo. While previous attacks were often financially motivated, modern threats increasingly aim to cause physical damage by hacking industrial control systems. The maritime sector is at high risk due to its reliance on computer networks and accessibility of critical onboard systems and infrastructure.
The document discusses challenges facing the global shipping industry, including overcapacity, lack of transparency, and increasing regulations. It introduces BitNautic as a decentralized platform using blockchain technology to connect ship owners, carriers, and shippers. BitNautic aims to address issues like high freight rates, limited shipping options for small cargo, and difficulties finding the best rates through features like a cargo booking system, ship brokerage, cargo tracking, and escrow services.
Top 10 most disruptive maritime solution providers 2020Merry D'souza
MariApps is a company committed to developing digital solutions for the maritime industry. Their flagship product, smartPAL, provides ship management and monitoring services and has connected over 1500 vessels. MariApps offers a comprehensive suite of digital solutions covering fleet management, mobile applications, business intelligence, and more. Their solutions aim to increase efficiency, simplify processes, and provide real-time operational data and monitoring to help customers make effective decisions. MariApps is focused on developing partnerships with customers and ensuring training to fully utilize their solutions.
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comNihal Peter Moraes
Maritime cybersecurity developments from IMO and IRClass. Also, reference guidelines from ISO/IEC 27001 Standards, NIST and guidelines published by BIMCO, INTERTANKO and ICS among others.
The document discusses the failure of past container security solutions to gain adoption due to not addressing the business interests of ship owners in reducing costs. It proposes a solution that would bundle security monitoring hardware and software on ships with fuel consumption monitoring to provide a recurring revenue stream and quick return on investment. Trials and pilots are suggested to prove the concept with partnerships in Singapore before seeking global deployment and standardization.
1. The document discusses the importance of the global transportation system, including air, rail, and maritime components. It explores their historical development and contributions to economic prosperity.
2. After 9/11, security became a greater priority for these industries. The industries established security plans and increased coordination with government agencies.
3. The transportation systems play a crucial role in trade and movement of goods worldwide. Disruptions could significantly impact the global economy. Maintaining secure infrastructure across all components is important.
MARITIME CRITICAL
INFRASTRUCTURE
PROTECTION
DHS Needs to Better
Address Port
Cybersecurity
Report to the Chairman, Committee on
Commerce, Science, and
Transportation, U.S. Senate
June 2014
GAO-14-459
United States Government Accountability Office
United States Government Accountability Office
Highlights of GAO-14-459, a report to the
Chairman, Committee on Commerce, Science,
and Transportation, U.S. Senate
June 2014
MARITIME CRITICAL INFRASTRUCTURE
PROTECTION
DHS Needs to Better Address Port Cybersecurity
Why GAO Did This Study
U.S. maritime ports handle more than
$1.3 trillion in cargo annually. The
operations of these ports are
supported by information and
communication systems, which are
susceptible to cyber-related threats.
Failures in these systems could
degrade or interrupt operations at
ports, including the flow of commerce.
Federal agencies—in particular DHS—
and industry stakeholders have
specific roles in protecting maritime
facilities and ports from physical and
cyber threats.
GAO’s objective was to identify the
extent to which DHS and other
stakeholders have taken steps to
address cybersecurity in the maritime
port environment. GAO examined
relevant laws and regulations;
analyzed federal cybersecurity-related
policies and plans; observed
operations at three U.S. ports selected
based on being a high-risk port and a
leader in calls by vessel type, e.g.
container; and interviewed federal and
nonfederal officials.
What GAO Recommends
GAO recommends that DHS direct the
Coast Guard to (1) assess cyber-
related risks, (2) use this assessment
to inform maritime security guidance,
and (3) determine whether the sector
coordinating council should be
reestablished. DHS should also direct
FEMA to (1) develop procedures to
consult DHS cybersecurity experts for
assistance in reviewing grant
proposals and (2) use the results of the
cyber-risk assessment to inform its
grant guidance. DHS concurred with
GAO’s recommendations.
What GAO Found
Actions taken by the Department of Homeland Security (DHS) and two of its
component agencies, the U.S. Coast Guard and Federal Emergency
Management Agency (FEMA), as well as other federal agencies, to address
cybersecurity in the maritime port environment have been limited.
• While the Coast Guard initiated a number of activities and coordinating
strategies to improve physical security in specific ports, it has not conducted
a risk assessment that fully addresses cyber-related threats, vulnerabilities,
and consequences. Coast Guard officials stated that they intend to conduct
such an assessment in the future, but did not provide details to show how it
would address cybersecurity. Until the Coast Guard completes a thorough
assessment of cyber risks in the maritime environment, the ability of
stakeholders to appropriately plan and allocate resources to protect ports
and other maritime facilities will be lim.
An Integrated Security System Optimises Global Port SecurityEES Africa (Pty) Ltd
Due to global developments, it is becoming increasingly important to enhance and optimise the security of ships and port facilities worldwide. Ports are having to progressively improve safety and security strategies and systems to maintain global security compliance.
Ports are evolving from mere transportation centres to centres directly involved in more complex, value-added activities such as cargo processing and logistics. This requires new processes, practices and technological advances in control, integration and connectivity.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
1. Cyber Piracy Threat Analysis
Yong-Hyun Jo*
, Jun-Mo Kang**
, Young-Kyun Cha***
*Graduate School of Information Security, Korea University
Summary
The marine industry is categorized as shipbuilding, shipping and port industry. It
is a significant area that plays a large part in national competitiveness. In 2017,
maritime safety committee(MSC) of the international maritime organization(IMO)
began to discuss marine cyber security due to increased threat from cyber space
targeting the marine industry. In this article, the marine cyber security cases and
the cyber security guideline’s trends of global maritime organization will be
examined and those meanings will be considered.
I. Introduction
The maritime industry through ocean, which
accounts for 70% of the earth, accounts for
more than 90% of international trade and the
shipping market is estimated at $720 billion
in 2010 to $1.2 trillion in 2030. The size of
the Korea’s maritime industry is 217 trillion
won as of 2016 and the total revenue of the
shipping industry is 26 trillion won as of
2016, which is the seventh largest revenue in
the domestic industry. The government
announced the plans for the development of
the shipbuilding and shipping industry since
2018 and is pushing ahead with strategies to
build new ships and develop the shipping
industry. Information and communication
technologies are also applied to the marine
industry as well, so that various navigation
systems on ships are digitalized. It also helps
to connect the devices on ship each other,
ship with ship, ship with port by
communication network. This change is due
to changing to smart ship environment based
on ICT technology because of the
requirement of law/regulation implementation,
increase of requirements of shipper, position
of ship, sailing information, analysis of fuel
use performance, application of IT technology
for the implementation of environmental
regulations, application of satellite
communications to ships, personal e-mail for
ship welfare and popularization of maritime
network for using internet, the network
configuration of ships’ engines and route
control devices, application of IT based ship
management system between ship owners,
ship and operators.
Conventional pirates refereed to armed
groups that hijack/seize the vessels, cargos,
kidnap crews as hostages, that negotiate with
shipping companies and government for the
cost of their release. But recently, people who
sell and distribute legal software in large
quantities refer to cyber pirates.
However, maritime related industries such as
ship, shipbuilding and shipping change to IT
technology based, there has been a case of
hacking, information leakage or cyber crime
linked with hacker and crime organization.
These cyber attacker targeting maritime
industry is defined as cyber pirate in this
article.
In the maritime industry, importing or hiding
of explosives or weapons into ships or ports
was defined as a major threat according to
the law on the security of international
sailing ships and port facilities but turn to
digitalization, cyber security issues such as
hacking to ship, port or something, malware
infection, system disruption come to the fore.
According to survey data from the Baltic and
international maritime council (BIMCO) In
2016, one in five respondents said they were
victims of the cyber attack and only 40
percent of respondents said they took
preventive measures. In order to respond to
maritime cyber security threats, ENISA
2. classified the maritime sector as critical
infrastructure along with ICS SCADA, smart
grid, financial, health. The international
maritime organization(IMO) marine safety
commission(MSC) proposed the plan for
managing maritime cyber risks in accordance
with the increased risk of cyber security and
decided to enforce them on January 1, 2021.
In this article, the cyber security cases, global
security standards and guides for the
maritime industry will be analyzed.
II.Maritime cyber security trends
2.1 Security issue cases
The issues of maritime cyber security in
[Table 1] are as follows.
Case No. 1: a Nigerian crime organization
that used to be armed in waters of West
Africa and hijacked/kidnapped vessels and
crews, worked with hacking group, has taken
over the personal information of officers and
staff of maritime companies in Korea, Japan,
Norway, etc. (User ID, password) and tried
business SCAM, which is a typical example of
a traditional pirate becoming cyber pirate
using cyber attack technology.
Case No. 2: Confirmed that the Dutch
shipping company’s e-mail system was
forwarded to an external attacker at least 11
months, resulting in about 500 sensitive
personal information of Australian national
employees.
Case No. 3, 4: Cases of data leaks or system
down of global shipping companies in UK
and Singapore caused by hacking.
Case No. 5: a serious vulnerability has been
found in the satellite communication system
used in the ship, and the vulnerability can be
exploited to allow attackers to penetrate the
vessel’s satellite communication system,
internal engine equipment, operation
equipment, etc. However, this system is in
end of service (EoS) status since June, 2017.
Vessels equipped with vulnerable systems are
threatened before the patch. But the
durability of vessel’s system is 20 to 30 years,
which is difficult to patch.
Case No. 6: in August, 2017, a US naval ship
collided with an oil tanker on Singapore
Strait, killing 10 crew members. The media
then raised the probability of a cyber attack.
In the US Navy 7 fleet of this ship, in June,
the Aegis collided with Philippines container
ship. Military vessel accidents were
continuously happened.
Case No. 7: according to the ship security
and risk report in 2017 by Allianz, a global
insurance company, the impact of cyber
security on vessel safety is expected to
increase as a result of North Korea’s cyber
attack on the South Korean vessel’s GPS
system in March, 2016. [1]
Case No. 8: Through the vulnerability of
accounting software in use at the Ukrainian
branch of the world’s largest shipping
company, Maesk Line, the NotPeya
ransomware has been transfered to branches
and ports around the world. For the purpose
of preventing further damage, the whole IT
system is forced down and the system is
restored for 3 months over 45,000 PCs and
2,500 applications. Maesk Line’s estimated
total damage amounted to about 300 billion
won. When the infection and spreading
symptoms were discovered at the very
beginning, giant corporation prevented the
leaving of customers by propagating the
damage and restoration measures through
Twitter, quick judgment to force down the IT
system, etc.
Case No. 9: a German container vessel (8,250
TEU) was hacked and lost control of the
vessel for 10 hours. In order to restore the
vessel to its original condition, the vessel
stopped sailing and IT system restoration
operation was executed. Container vessels
carry large quantities of cargos, which can
cause economic losses due to delays in cargo
transportation and an increase of fuel costs,
etc.
Case No. 10: leakage of personal information
of US navy crew through laptop of
maintenance company, which leaded to
leakage of navy information.
Case No. 11: in August, 2016, the Zeroday
sql-injection(CVE-2016-5817) vulnerability was
disclosured on ship Navis web-based system
of Cargotec corporation in USA which is used
by USA and 13 ports worldwide. The issue of
patch management in ship system has been
raised. [2]
Case No. 12: in 2016, 22,400 pages of
submarine data, including stealth technology
leaked from French defense company by
former navy officer.
Case No. 13: Pirates hijacked the global
shipping company’s vessel, they took away
only containers loaded with certain cargo and
escaped. As a result of a survey of shipping
cargo management system and bill of lading
management system of shipping company
suffered from pirate, malicious code was
3. Case
No.
Date Content
1 2018.04
The Nigerian hacking
group attacked shipping
companies in Korea, Japan
and Norway. Among
these, The personal
information of officers
and staff of 3 Korean
shipping companies are
taken and used for BEC
(Business E-mail
Compromise)
2 2018.03
The Dutch shipping
company's email system
was forwarded to an
external attacker for at
least 11 months through
the automatic forwarding
function, confirming that
about 500 sensitive
personal information of
Australian national officers
and staff was leaked
3 2017.12
Computer system of
Singapore shipping
company BW group went
offline due to hacking
4 2017.12
Clarksons, UK, was
threatened with data
leakage owing to refusing
to pay the amount
demanded by hackers
5 2017.10
Serious vulnerability was
found in related system
of satelite service
company
6 2017.08
About 10 crew members
were missing or killed by
crash accident of US Navy
ship John S.McCain. Some
have since raised the
probability of cyber
attacks or cyber bullying
7 2017.08
According to the
insurance company’s
safety and risk report, the
impact of cyber security
on ship safety is expected
to increase
8 2017.06
The world’s largest
shipping company, Maesk
Line, re-installed about
4,000 servers, 45,000 PCs
and 2,500 applications
owing to
ransomware(NotPetya)
attacks. The estimated
total damage is
approximately 300 billion
won.
9 2017.02
The navigation system of
8,250 TEU ship owned by
Germany was taken over
by the hacker for 10
found in shippping company system. It is
characterized by the fact that the pirates
hired hackers to cause criminal acts using the
shipping company’s computer system. The
security management system of the shipping
company means that the scope of the
security management system of the company
should be widely expanded to include cargos,
vessels and the company’s computer
management system.
Case No. 14: Vessel Data Recoder (VDR)
system, which serves as the BlackBox of the
aircraft, the vulnerability was found in this
system in 2015. It was announced that VDR
data could be remotely deleted and modified.
Therefore, it is judged that the integrity of
the digital evidence will be verified by
checking whether the vulnerability is patched
and whether the VDR data is remotely forged
during investigating vessel accident.
Case No. 15: World Fuel Services (WFS), a
major marine refueling company that supplies
fuel to vessels and others, suffered fraud
losses of $18 million with email SCAM in
October, 2014. Since then, Business SCAM
has continued steadily and in April 2018, a
concentrated attack targeting shipping
companies was found. [3]
Case No. 16: Drug dealers hired hackers to
break into the Belgian port of Antwerp
control system and identified containers that
have shipped cocaine and heroin and took
them out before arriving of legitimate cargo
owner. The hacker infected the relevant PC
through the Trojans attachment e-mail,
installed the USB after invading the office
that seizes the password. Hacker used an
attack method via e-mail and a method of
directly entering the office and plugging the
keylogger into the PC. [4]
Case No. 17: in 2011, a hacker hired by
criminal organization broke into Australian
customs and the cargo system and identified
the shipping container(shipment) information
that the authority custom suspects.
Case No. 18: in August, 2011, a hacker broke
into the Iranian shipping line server, damaged
charges, cargo number, shipping date and
location data information. [6]
4. hours which is sailing
from Cyprus to Djbouti.
10 2016.11
Sensitive information such
as social security numbers
of 134,386 Navy
personnel leaked due to
hacking of the laptop of
IT outsourcing staff
11 2016.08
Z e r o d a y
sql-injection(CVE-2016-581
7) vulnerability was
disclosured on ship Navis
web-based system of
Cargotec corporation in
USA which is used by
USA and 13 ports
worldwide
12 2016
22,400 pages of
submarine data, including
stealth technology leaked
from French defense
company
13 2016.03
Pirates hijacked the global
shipping company’s vessel,
they took away only
containers loaded with
certain cargo and
escaped. As a result of a
survey of shipping cargo
management system and
bill of lading management
system of shipping
company suffered from
pirate, malicious code was
found in shipping
company system
14 2015
Vulnerability of VDR
system which is a
BlackBox function of ship
was found. It ables to
delete/modify data
recorded in VDR remotely
15 2014
World Fuel Services (WFS),
a major marine refueling
company that supplies
fuel to vessels and others,
suffered fraud losses of
$18 million with email
SCAM.
16 2013.10
Drug dealers hired
hackers to break into the
Belgian port control
system and identified
containers that have
shipped cocaine and
heroin and tool them out
before arriving of
legitimate cargo owner.
The hacker infected the
relevant PC through the
Trojans attachment e-mail,
installed the USB after
invading the office that
seizes the password
17 2012
A hacker hired by a
criminal organization in
2012 broke into Australian
customs and the cargo
system and identified the
s h i p p i n g
c o n t a i n e r ( s h i p m e n t )
information that the
authority custom suspects
18 2011.08
Hacker broke into the
Iranian shipping line’s
server and damaged
charges, cargo, cargo
numbers, shipping date
and location data
information
[Table 1] Maritime cyber security cases
This concept is similar to personal
information internal management plan of
Korea’s personal information protection act,
vessels must establish their own security plan
and obtain the approval of the government.
After receiving the government’s security
evaluation, the vessel is required to furnish
international ship security certificate (ISSC,
Term of validity: 5 years) while operating.
Each vessel has enforced to mark
permanently their unique identification
number (IMO number) on its hull, but some
nations or groups of criminals are deleting or
falsifying this IMO number when transporting
illegal weapons.
A vessel without security certificate will have
problems such as docking refusal, port
embargo, etc. It is also not allowed to sail
internationally. Ports should appoint their own
port security officers, establish security plans
after conduct port security evaluation, and
need to obtain government approval.
2.3 Trends of international maritime
organization
IMO, an international organization established
to deal with international issues related to
shipping and shipbuilding, warned that the
spread of electronic and communication
devices equipment and operation would lead
to serious maritime safety problems such as
hacking, information leakage and cyber
terrorism.
In MSC 94th, USA and Canada suggested to
5. enhance cyber security in various maritime
areas of shipping logistics systems, maritime
facilities on vessels and ports, in MSC 95th,
USA, Canada and others argued that is
urgent to develop integrated guidelines for
cyber security of ports, maritime facilities and
equipment other than ships, but the proposal
submitted to MSC 96th includes only the
ship’s cyber security guideline, reflecting the
opinions of other countries in MSC 95th.
This guidelines includes contents such as
understanding cyber risk, the need and
purpose of cyber risk management,
identifying risk management procedures and
proposing an activity list to be added to the
risk/security management system by owners
and operators.
The MSC 98th session has defined guidelines
for cyber security and made it mandatory for
safety management systems to include the
cyber security management field (Maritime
cyber risk management), as of January 1,
2021, and this applies to all organizations of
the industry.
III. Maritime cyber security guidelines and
guide
3.1 IMO
IMO cyber security risk management
guideline presents shipping and cargo
management, passenger management, engine
and communication system as the vulnerable
system of the ship.
This guideline presents an efficient risk
management framework with the function of
identification-protection-detection-response-rec
overy five steps. This framework is NIST’s
cyber security framework. [7]
For the best risk management, it is
recommended to refer the latest version of
all of relevant guidelines and standards such
as BIMCO’s guideline (Baltic and International
Maritime Council), ISO/IEC 27001, NIST cyber
security framework, etc.
3.2 BIMCO
The 2.0 version was released in June 2016,
following the 1.1 version of the guidelines on
cyber security onboard ships[8]. In this
version, the guidance was specified,
considering continuity planning from cyber
intrusion and vessel’s remote environment
from reponse and recovery planning chapter.
This guide aims to provide essential guidance
for cyber security management.
Chapter 1 is about cyber security and safety
management. It defines that maritime cyber
security protects people on board (passenger
and crew), cargos and ships from
unauthorized access, operation/interruption
and loss of data. Major concerns are integrity
damage of vessel’s electronic part display and
information system (ECDIS), obstacles
resulting from the maintenance and patching
of marine software, damage of satellite
navigation system caused by loss or
manipulation of critical sensors on the vessel.
Chapter 2 identifies the threats of maritime
cyber security as company, ship, operation
and transaction, and suggests that experience
in other industries such as financial
institutions and public institutions can be a
case of sucesseful cyber attack mitigation. It
also suggests that employees of the company
may be exposed to cyber attacks, both at
sea and on land.
Chapter 3 identifies systems that can be
exposed to vulnerability on ships. This is
identical to the ship systems presented in
IMO which is in this article 3.1.
However, an engine performance monitoring
system, which is a system communicates ship
with onshore(a port or vessel operating
company, shipping company), vessel
maintenance system, cargo and crew
management system, navigation management
system, and so on. Such communication
systems are additionally identified to check
and control sailing on land.
Chapter 4 is about the risk assessment which
states that senior management is responsible
for the risk assessment as well as the risk
assessment guides and control items
presented in K-ISMS and ISO 27001. For the
assessment of impacts, the CIA Model[9] is
used. The maritime industry and ship
environment must be considered. For
example, sensitive information includes ship
location, system status/reading, cargo details,
authority and certificates. The ship’s power
management system includes the SCADA
system and it is responsible for power
distribution and control for the entire ship.
The system is connected to the ship’s
communication system and is configured to
monitor from onshore company.
Chapter 5 is about protection measures. The
protection measures should be implemented
under the responsibility of senior
management for the risks presented as a
result of the risk assessment. Protective
measures are consist of procedures and
guidelines. These provide technical and
administrative means. Especially, when the
ships are using satellite and wireless
communication as a protection measure, the
6. Allianz Global Corporate & Specialty,
[1] Safety and Shipping Review 2017,
Aug, 2017
[2] https://ics-cert.us-cert.gov/advisories/IC
SA-16-231-01
[3] https://shipandbunker.com/news/world/
670152-wfs-in-court-over-18m-bunker-s
cam-claim
[4] https://motherboard.vice.com/en_us/arti
cle/bmjgk8/how-traffickers-hack-shippin
g-containers-to-move-drugs
[5] https://www.kaspersky.com/blog/maritim
e-cyber-security/8796/
[6] https://www.csoonline.com/article/32458
03/security/defeating-21st-century-pirat
es-the-maritime-industry-and-cyberattac
ks.html
[7] NIST, Cyber Security Framework, April,
2018
[8] https://www.bimco.org/news/press-relea
ses/20170705_cyber-g
[9] NIST, Standards for Security
Categorization of Federal Information
and Information Systems, Feb, 2004
[10] UK Department for Transport, Ship
security: cyber security code of
practice, Sep, 2017
system and specifications of satellite
communication systems must be considered.
The method to prevent unauthorized access
to the ship must be also considered. The
management interface with the control
software is mainly provided in the form of a
web-based user interface, the protection of
which must be considered from the time of
installation on the ship.
Chapter 6 is about business continuity
planning. In case of ships, the following must
be considered: Availability or exploration
integrity of electronic navigation equipment,
data loss, availability or integrity loss of the
global navigation satellite system (GNSS), loss
of essential communications with the coast,
disruption of the Global Maritime Distress
and Safety System (GMDSS), loss of
availability of industrial control systems,
including ship propulsion systems, auxiliary
system and industrial control systems, loss of
integrity of other data management and
control systems, loss of ransomware or denial
of service (DoS).
Chapter 7 is about incident response plan.
For example, it is necessary to establish a
recovery plan, an incident response plan and
an investigation plan when the electronic
chart display and information system (ECDIS)
is infected with malicious code.
IV. Conclusion
In this article, cyber attackers targeting
maritime industries such as shipbuilding,
shipping companies and ports were defined
as cyber pirates and their damage cases were
examined. The maritime industry is composed
of ship-port-support facility-company (ship
owner company, ship operating
company)-shippers(customer), etc. When such
a system is exposed to cyber attack, it can
give rise to damage of ships, cargos,
passenger’s material and their life. As a
result, the relevant international organizations
resolved to establish a cyber security
management system for the maritime
industry. The ministry of transport of the UK
government has proposed guidelines (Code
of practice: cyber security for ships) for
countering cyber threats in the maritime
industry (ship operator, ship owner, crew, etc)
in September 2017. [10] This moves are
expected to have a close impact on the
Korean maritime industry. It is believed that
maritime cyber security research is essential
for safe shipbuilding and shipping.
[References]