Cybersecurity: minimising Maritime cost and disruption ......cyber risk poses a lesser threat to the marine sector. Lack of reporting . by organisations within the marine industry

Cyber security: minimising cost and disruption after a cyber event 6 August 2020 • 09:00-09:45 BST

Part ofMaritime Cyber Security Webinar Week4-6 August 2020

Presentation documents:Page 2: Gwilym Lewis, Neptune CyberPage 7: Philip Roche, Norton Rose FulbrightPage 18: Andrew Hill, Willis Towers Watson

w w w. n e p t u n e c y b e r . c o m

Cyber security: minimising cost and disruption after a cyber event

Riviera Maritime Media | Maritime Cyber Security Webinar Week

Gwilym Lewis, CEO, Neptune Cyber


Where the cyber security function should sit in your organisation?There is no ‘one size fits all’ answerCommon traits do exist, however:1. It should have access to direct

access to senior management and decision-makers

2. It needs to be cross-functional including input from; captains, IT, engineering & legal and finance

3. It must have genuine authority; if it doesn’t have the power to change behaviors it will be useless



Why should we care?

It’s open season for cyber attackers with numbers increasing• Successful maritime attacks are

happening on a regular basis (even if not openly reported)

• Human factors play a key as many attacks start with crew unintentionally doing something they shouldn’t

• If a hack ‘only’ serves to degrade operational capability it may not be spectacular but it will still be costly


What does an effective disaster recovery plan look like?

It needs to exist• Obvious as this sounds even the

simplest plan is better than no plan at all

• It can’t just be a boilerplate ‘box tick’ exercise as it is a very safe bet it will be needed one day

• It should ‘assume the worst’, whatever you think ‘can’t possibly happen’ probably will

• It must be constantly updated, cyber threats evolve on a daily basis, vessel systems and technology get upgraded, thus the plan needs to keep pace too



If you would like a pragmatic conversation about your cyber security don’t hesitate to contact us:

+1 514 476 6722 [email protected]

neptunecyber.com

• Philip Roche

Cyber security: minimising cost and disruption after a cyber event

1 January 2021

• This is a false deadline– First verification of the DOC after 1 January – Good safety management requires a plan to be in place now if the ship is

to be seaworthy• This involves risk management • Cyber security must be seen as just another risk, albeit a novel one, to be

managed as part of the safety management of the ship.• Safety management is a key component of ensuring and demonstrating that

an owner/operator us exercising due diligence to make his ship seaworthy and cargo worthy.

2

Test for seaworthiness

• i) the ship must have that degree of fitness which a prudent ship owner would require the vessel to have at the commencement of her voyage bearing in mind all the probable circumstances of it.

• ii) this degree of fitness extends beyond the physical condition of the ship but includes having properly trained crew able to deal with contingencies arising at sea.

• iii) such tests are to be considered against the current state of knowledge of the risks and regulations in the industry

3

Current BIMCO and IMO guidelines on cyber security

4

Test for seaworthiness

Therefore, to ensure a ship is seaworthy today the ship needs to have:

• reasonable measures to protect against cyber-attack including trained crews who have good cyber hygiene practices and are aware of the risk;

and

• a plan to detect, deal with and recover from a cyber-attack.

5

Dealing with and recovering from a cyber-attackThe ISM Code requires that the safety-management objectives of the Company should, inter alia:1.2.2.1 provide for safe practices in ship operation and a safe working environment;1.2.2.2 assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards; and1.2.2.3 continuously improve safety-management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.

6

IMO Guidance

• Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.

• Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

• Must distinguish between attack affecting IT and an attack on OT

7

8

The following is a non-exhaustive list of cyber incidents, which should be addressed in contingency plans on board:

• � loss of availability of electronic navigational equipment or loss of integrity of navigation related data• � loss of availability or integrity of external data sources, including but not limited to GNSS• � loss of essential connectivity with the shore, including but not limited to the availability of Global Maritime

Distress and Safety System (GMDSS) communications• � loss of availability of industrial control systems, including propulsion, auxiliary systems and other critical

systems, as well as loss of integrity of data management and control• � the event of a ransomware or denial or service incident.

BIMCO/ICS/Intertanko/Intercargo/OCIMF – V3

• Initial assessment. To help ensure an appropriate response, the response team should find out:• how the incident occurred / which IT and/or OT systems were affected and how• the extent to which the commercial and/or operational data is affected/ to what extent any threat remains.

• Recover systems and data. Following an initial assessment of the cyber incident, IT and OT systems and data should be cleaned, recovered and restored, so far as is possible, to an operational condition by removing threats from the system and restoring software.

• Investigate the incident. To understand the causes and consequences of a cyber incident, with support from an external expert, if appropriate.

• Prevent a re-occurrence. Considering the outcome of the investigation mentioned above, actions to address any inadequacies in technical and/or procedural protection measures should be considered, in accordance with the company procedures for implementation of corrective action.

An effective response

9

Continuously improve safety-management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection

• Need to have a trained Cyber Security Officer (CySO) onboard or ashore

• Need to familiarise – your crew must act as a buffer to reduce the effects of a successful attack

• Need to run drills

• All members of crew and management need to understand their role in the planned response

• Do not allow the emergency to divert from well-practiced drills and responses

Develop a response and practice it

10

Law around the worldnortonrosefulbright.com

willistowerswatson.com

Cyber losses in the marine sector

Andrew Hill & Charlotte Peniston

2020

GB Cyber Team

© 2020 Willis Towers Watson. All rights reserved.


The CyNav team

Charlotte PenistonSenior Associate, Cyber &TMT

Andrew HillExecutive Director - ProductInnovation / Complex ClaimsCounsel, Cyber & TMT


SATELLITE INTERFERENCE

Cyber risk in the maritime sectorSome notable incidents

© 2019 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 3

June 2017

GPS spoofing incident in the Black Sea placed vessels 32km inland at Gelendzhik Airport

June 2019

GPS jamming incident reported at the Port of Shanghai

CYBER ATTACKS

Non-targeted cyber-attack affecting the shoreside operations of Maersk: Loss –est, $300-400m

Computer system onboard a container ship bound for New York completely debilitated. Coast Guard and FBI intervention required: Loss –not in public domain

June 2017 July 2018 February 2019 April 2020

Targeted cyber-attack against MSC caused a data centre outage leading to outage of customer facing websites: Loss - not in public domain

Cyber-attack affecting the shoreside operations of Cosco for five days: Loss – not in public domain


Cyber risk impact


Direct loss of revenue / loss of hire due to unavailability of

network e.g. Maersk, Cosco, MSC

Increased cost of working i.e. additional expenditure to get

business back up and running

Expenses e.g. costs of hiring external specialists to assist

with managing incident

Physical damage i.e. cost of repairing or replacing physical

assets and other incidental costs

Loss of revenue due to reputational damage e.g. customers take their business elsewhere

SHORT TERM

MEDIUM / LONGER TERM


The challenges associated with addressing cyber risk in the marine sector


Inadequateinsurance solutions

Late adopter of technology and reliance on interconnectivity of that technology

Misconceptions that cyber risk poses a lesser threat to the marine sector

Lack of reporting by organisations within the marine industry on how cyber risk is affecting them

Absence of a cyber security regulatory framework

The cost of addressingknown vulnerabilities is too high

Inadequate specialist knowledge of how cyber risk affects the marine sector

willistowerswatson.com© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 6

Andrew [email protected]

+44 779 505 7357

Charlotte [email protected]

+44 774 111 7520

CyNav Contacts

mailto:[email protected]

mailto:[email protected]

Documents

Cybersecurity: minimising Maritime cost and disruption ......cyber risk poses a lesser threat to the marine sector. Lack of reporting . by organisations within the marine industry