vor 1 Jahr

HANSA 11-2021

  • Text
  • Hansaplus
  • Wasserstoff
  • Container
  • Maritimen
  • Deutschen
  • Automation
  • Unternehmen
  • Schifffahrt
  • Hamburg
  • Hansa
  • Maritime
Seadevcon 2021 · Windforce · Maritime Schiedsgerichtsbarkeit · Premiere für synthethisches LNG · Lürssen & Blohm+Voss · Deutsches Maritimes Zentrum · Flagship Founders · ShipMoney


SCHIFFFAHRT | SHIPPING Cyber Security – it is going to get better ... … but we are nowhere near that, say Mission Secure’s Don Ward and lawfirm Ince & Co.’s Julian Clark, regarding cyber security of IT and OT in the maritime space. While urging the industry to take cyber training seriously, they offer a solution for the meantime It has been a while since the last big cyber attack – at least as far as the public is concerned, thinks Julian Clark, Senior Partner at maritime law firm Ince. »Although there have been some huge instances like Maersk getting caught up in Notpetya, our very strong fear and actual believe is that we are looking at the tip of the iceberg in relation to the reported incidents.« One reason nobody is talking about it could be the risk of the reputational damage for a business by telling customers that one’s systems have been hacked and confidential information has been lost. Clark cites estimates of cyber attacks taking place every eleven seconds somewhere. »There is no doubt about it that the shipping industry is now seen as the target,« he says. In fact, since 2017, four of the biggest players in the world have been hit: Maersk, Cosco, CMA CGM and MSC. Since then, IT experts have seen a steady increase in the amount of ransomware attacks and cyber ©Ince »We are looking at the tip of the iceberg in relation to the reported incidents« Julian Clark, Ince – Partner attacks on operational technology (OT). »Another scary statistic estimates that by 2031 we will be looking at 265 bn $ of loss in relation to cyber attacks. So, it is a real problem,« says Clark. While Maersk were not even targeted by Notpetya but got »caught up as innocent bystanders in a geopolitical issue«, Clark thinks that the case »put a message out there to hackers, whether they are hacktivists or criminals, environmentalists or script kiddies. They all suddenly thought of shipping, because they saw what happened to Maersk.« Don Ward, Senior Vice President, Global Services at Mission Secure, sees a problem of glorifying and glamorizing of hackers in the media, pushed by interviews with such groups as Anonymous. »This creates more interest in malware distribution, if people think they can make money out of it. And there is a very large attack surface – especially in the maritime space. And as we are now digitally connected globally, it just presents a large opportunity.« OT is full of low hanging fruits Helping get your decarbonisation strategy shipshape. Make it sure, make it simple. What Mission Secure finds when doing assessments of vessels, is not exactly reassuring. »It never ceases to amaze me, the number of access point into and out of theses vessels and the lack of standardization of technology stacks, whether it is on a vessel or even on land – we find it everywhere,« says Ward. Even big companies are not immune against the lack of correlation between what goes on in the IT network side and the OT side. »You have these little islands and pods of information, but nobody is communicating,« he says. Mission Secure is offering the technology that helps provide additional protection and segmentation with visibility in the OT combined with a 24/7 managed detection response offering. »It is a requirement we are seeing in the industry, because even large companies don not have the resource depth to have the same level of expertise on the IT side and the OT side. And the OT side is just full of low hanging fruit, because of all the vulnerabilities that exist and because of the dated infrastructure,« says Ward. He expects that ten years from now, »when everything is on software defined switches and we have swapped out all the routing and switching infrastructure in the OT environments and have put in segmentation and micro-segmentation in all the switches and software, it is going to get better, but we are nowhere near that.« That is why he sees a need for an »overlay component« to protect the existing infrastructure and to provide data cor- 34 HANSA – International Maritime Journal 11 | 2021

SCHIFFFAHRT | SHIPPING relation across the IT and OT boundaries, so that one can make conform decisions. Earlier this year, Mission Secure and Ince have teamed up to develop the first of its kind integrated legal advisory, business consultancy, and technology offering for the maritime sector. Beginning with cyber security, over the course of 2021, InceMaritime plans to launch further managed service solutions in key areas for the maritime industry. InceMaritime will provide clients with »a fully integrated cyber security offering that protects on-shore and onvessel OT networks, safeguards operations, and ensures compliance and business continuity«. The joint proposition comprises a full audit of a company’s existing policies to ensure compliance in line with the new ISM Code for Cyber Security Guidelines (IMO 2021); the implementation of the patented Mission Secure Platform, the first integrated platform built for OT cyber protection, which is designed to harden vessels’ control systems networks against cyber threats; the deployment of Mission Secure Managed Services, providing 24/7 cyber security monitoring, threat hunting, and incident response support to ensure continual vessel resilience for ship owners and managers; legal and crisis management services in the event of a cyber attack. 92 % costs of cyber attacks being uninsured © Mission Secure »It never ceases to amaze me, the number of access point into and out of theses vessels« Don Ward, Mission Secure – SVP Global Services »The integrated offering will provide ship owners, operators and managers with complete reassurance that the significant operational, commercial and compliance risks that they face from the impact of cyber attacks are mitigated. With 92% of estimated costs arising from cyber attacks being uninsured, and the access and limits of cover often restricted, it is intended that owners and operators who sign up to the new service will benefit from better insurance terms and preferential premiums. In addition, P&I Clubs and insurance companies will also benefit from a reduction in potential claims«, the partners stated. The two partners also put an emphasis on the human element. While there exist drills for all aspects of physical maritime safety, this kind of training is largely missing in relation to cyber awareness and dealing with an attack. »That is something we are committed to improve. We will do anything from training your crew on basic cyber awareness to running full emergency drills,« Julian Clark tells HANSA. »We have spoken to number of operators who say: We don’t even know who to call. Do we call the port captain, the IT department? Crews don’t know what to look out for. I think the industry has to go through a massive learning curve with that,« he adds. Don Ward also stresses the importance of physical security: »International crews are coming in and out, the captain is changing, there is always a risk involved – we find security always lacking.« This goes right down to the fragmented OT side. The cyber security experts find that the vendor gear on these vessels is »never standardized«. »We often find five or six vendors of networking and even securitytechnology, whether it is endpoint security or firewalls, and a lot of it is consumer grade,« says Ward. In his view, the efforts so far have been weighted on the IT and business IT side. »The OT side scrambles for financing and typically buys from the cheapest vendor. This is very difficult to deal with. Even for a dedicated IT person it is difficult to manage all the software updates,« Ward says. The human element then adds another layer of risk by bringing on board mobile devices, streaming devices, printers, road access points – »it is a constant fight to keep that OT environment clean and set up as a zero trust environment«, says Ward, adding that only very few people are listening to it, »because on the operational side it is all about resilience and uptime. There is no time to manage the IT side. What is ironic, is that there are more and more hooks into OT side: IT, IOT, sensor technology, remote maintenance information. It is a source for desaster.« fs HANSA Ad October 21-Round 1 10/21/2021 9:03:14 AM Employingastateof theart DetentionPrevention Program,theLiberianRegistryhascontinued to improve on its safety record and maintain its White Listingin the Tokyo MOU and Paris MOU. Liberia has seena reductioninPortState Control Detentions overthe pasttwoyears of: PSC Detention Reduction 2019-2020 ≈USA: 74% Reduction ≈Paris MoU: 19% Reduction ≈Tokyo MoU: 28% Reduction ≈China: 83% Reduction HANSA – International Maritime Journal Tel: +49 1140 | 2021 35 00 4660 LISCR (Deutschland ) GmbH Neuer 35 Wall 10 20354 Hamburg

HANSA Magazine

HANSA Magazine

Hansa News Headlines