Maritime Cybersecurity Takes A Big Step Forward

The international shipowners’ association, BIMCO will introduce a cyber security clause into its charter party agreements and other contracts to include the need to protect both IT and OT-based systems onboard ship.

The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons. It is anticipated that the cyber clause will be included in BIMCO contracts from May 2019.

Asaf Shefi, CTO of Naval Dome, the Israel-based developer of the award-winning Endpoint cyber security platform welcomed this imprtant step. 

“That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cyber security measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”

“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of Operation Technologies means that shipowner realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” said Shefi.

With the market proliferation of maritime cyber solutions, however, Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.

“Most cyber security systems just protect IT. Naval Dome Endpoint is the only cyber security system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system onboard needs its own protection.”

It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singles out for particular praise.

“The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause.”

BIMCO has said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.

“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Sela.

“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat.”

You Might Also Read:

The Maritime Industry's Slow Boat To Cybersecurity:

Cybersecurity At Sea:

 

« Russian Hackers Have New Phishing Tricks
Cathay Pacific Admits Cyber-Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.