Maritime Cybersecurity Takes A Big Step Forward

Uploaded on 2018-11-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The international shipowners’ association, BIMCO will introduce a cyber security clause into its charter party agreements and other contracts to include the need to protect both IT and OT-based systems onboard ship.

The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons. It is anticipated that the cyber clause will be included in BIMCO contracts from May 2019.

Asaf Shefi, CTO of Naval Dome, the Israel-based developer of the award-winning Endpoint cyber security platform welcomed this imprtant step. 

“That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cyber security measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”

“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of Operation Technologies means that shipowner realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” said Shefi.

With the market proliferation of maritime cyber solutions, however, Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.

“Most cyber security systems just protect IT. Naval Dome Endpoint is the only cyber security system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system onboard needs its own protection.”

It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singles out for particular praise.

“The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause.”

BIMCO has said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.

“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Sela.

“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat.”

You Might Also Read:

The Maritime Industry's Slow Boat To Cybersecurity:

Cybersecurity At Sea:

 

« Russian Hackers Have New Phishing Tricks
Cathay Pacific Admits Cyber-Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.