Maritime Cybersecurity Takes A Big Step Forward

Uploaded on 2018-11-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The international shipowners’ association, BIMCO will introduce a cyber security clause into its charter party agreements and other contracts to include the need to protect both IT and OT-based systems onboard ship.

The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons. It is anticipated that the cyber clause will be included in BIMCO contracts from May 2019.

Asaf Shefi, CTO of Naval Dome, the Israel-based developer of the award-winning Endpoint cyber security platform welcomed this imprtant step. 

“That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cyber security measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”

“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of Operation Technologies means that shipowner realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” said Shefi.

With the market proliferation of maritime cyber solutions, however, Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.

“Most cyber security systems just protect IT. Naval Dome Endpoint is the only cyber security system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system onboard needs its own protection.”

It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singles out for particular praise.

“The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause.”

BIMCO has said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.

“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Sela.

“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat.”

You Might Also Read:

The Maritime Industry's Slow Boat To Cybersecurity:

Cybersecurity At Sea:

 

« Russian Hackers Have New Phishing Tricks
Cathay Pacific Admits Cyber-Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

CyberGRX

CyberGRX

The CyberGRX Exchange and our risk assessments-as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Otava

Otava

Otava is a global leader of secure, compliant hybrid cloud and IT solutions for service providers, channel partners and enterprise clients.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.