Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Cyber security: minimising cost and disruption after a cyber event 6 August 2020 • 09:00-09:45 BST
Part ofMaritime Cyber Security Webinar Week4-6 August 2020
Presentation documents:Page 2: Gwilym Lewis, Neptune CyberPage 7: Philip Roche, Norton Rose FulbrightPage 18: Andrew Hill, Willis Towers Watson
w w w. n e p t u n e c y b e r . c o m
Cyber security: minimising cost and disruption after a cyber event
Riviera Maritime Media | Maritime Cyber Security Webinar Week
Gwilym Lewis, CEO, Neptune Cyber
w w w. n e p t u n e c y b e r . c o m
Where the cyber security function should sit in your organisation?There is no ‘one size fits all’ answerCommon traits do exist, however:1. It should have access to direct
access to senior management and decision-makers
2. It needs to be cross-functional including input from; captains, IT, engineering & legal and finance
3. It must have genuine authority; if it doesn’t have the power to change behaviors it will be useless
w w w. n e p t u n e c y b e r . c o m
w w w. n e p t u n e c y b e r . c o m
Why should we care?
It’s open season for cyber attackers with numbers increasing• Successful maritime attacks are
happening on a regular basis (even if not openly reported)
• Human factors play a key as many attacks start with crew unintentionally doing something they shouldn’t
• If a hack ‘only’ serves to degrade operational capability it may not be spectacular but it will still be costly
w w w. n e p t u n e c y b e r . c o m
What does an effective disaster recovery plan look like?
It needs to exist• Obvious as this sounds even the
simplest plan is better than no plan at all
• It can’t just be a boilerplate ‘box tick’ exercise as it is a very safe bet it will be needed one day
• It should ‘assume the worst’, whatever you think ‘can’t possibly happen’ probably will
• It must be constantly updated, cyber threats evolve on a daily basis, vessel systems and technology get upgraded, thus the plan needs to keep pace too
w w w. n e p t u n e c y b e r . c o m
w w w. n e p t u n e c y b e r . c o m
If you would like a pragmatic conversation about your cyber security don’t hesitate to contact us:
+1 514 476 6722 [email protected]
neptunecyber.com
• Philip Roche
Cyber security: minimising cost and disruption after a cyber event
1 January 2021
• This is a false deadline– First verification of the DOC after 1 January – Good safety management requires a plan to be in place now if the ship is
to be seaworthy• This involves risk management • Cyber security must be seen as just another risk, albeit a novel one, to be
managed as part of the safety management of the ship.• Safety management is a key component of ensuring and demonstrating that
an owner/operator us exercising due diligence to make his ship seaworthy and cargo worthy.
2
Test for seaworthiness
• i) the ship must have that degree of fitness which a prudent ship owner would require the vessel to have at the commencement of her voyage bearing in mind all the probable circumstances of it.
• ii) this degree of fitness extends beyond the physical condition of the ship but includes having properly trained crew able to deal with contingencies arising at sea.
• iii) such tests are to be considered against the current state of knowledge of the risks and regulations in the industry
3
Current BIMCO and IMO guidelines on cyber security
4
Test for seaworthiness
Therefore, to ensure a ship is seaworthy today the ship needs to have:
• reasonable measures to protect against cyber-attack including trained crews who have good cyber hygiene practices and are aware of the risk;
and
• a plan to detect, deal with and recover from a cyber-attack.
5
Dealing with and recovering from a cyber-attackThe ISM Code requires that the safety-management objectives of the Company should, inter alia:1.2.2.1 provide for safe practices in ship operation and a safe working environment;1.2.2.2 assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards; and1.2.2.3 continuously improve safety-management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.
6
IMO Guidance
• Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
• Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
• Must distinguish between attack affecting IT and an attack on OT
7
8
The following is a non-exhaustive list of cyber incidents, which should be addressed in contingency plans on board:
• � loss of availability of electronic navigational equipment or loss of integrity of navigation related data• � loss of availability or integrity of external data sources, including but not limited to GNSS• � loss of essential connectivity with the shore, including but not limited to the availability of Global Maritime
Distress and Safety System (GMDSS) communications• � loss of availability of industrial control systems, including propulsion, auxiliary systems and other critical
systems, as well as loss of integrity of data management and control• � the event of a ransomware or denial or service incident.
BIMCO/ICS/Intertanko/Intercargo/OCIMF – V3
• Initial assessment. To help ensure an appropriate response, the response team should find out:• how the incident occurred / which IT and/or OT systems were affected and how• the extent to which the commercial and/or operational data is affected/ to what extent any threat remains.
• Recover systems and data. Following an initial assessment of the cyber incident, IT and OT systems and data should be cleaned, recovered and restored, so far as is possible, to an operational condition by removing threats from the system and restoring software.
• Investigate the incident. To understand the causes and consequences of a cyber incident, with support from an external expert, if appropriate.
• Prevent a re-occurrence. Considering the outcome of the investigation mentioned above, actions to address any inadequacies in technical and/or procedural protection measures should be considered, in accordance with the company procedures for implementation of corrective action.
An effective response
9
Continuously improve safety-management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection
• Need to have a trained Cyber Security Officer (CySO) onboard or ashore
• Need to familiarise – your crew must act as a buffer to reduce the effects of a successful attack
• Need to run drills
• All members of crew and management need to understand their role in the planned response
• Do not allow the emergency to divert from well-practiced drills and responses
Develop a response and practice it
10
Law around the worldnortonrosefulbright.com
willistowerswatson.com
Cyber losses in the marine sector
Andrew Hill & Charlotte Peniston
2020
GB Cyber Team
© 2020 Willis Towers Watson. All rights reserved.
willistowerswatson.com
The CyNav team
Charlotte PenistonSenior Associate, Cyber &TMT
Andrew HillExecutive Director - ProductInnovation / Complex ClaimsCounsel, Cyber & TMT
willistowerswatson.com
SATELLITE INTERFERENCE
Cyber risk in the maritime sectorSome notable incidents
© 2019 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 3
June 2017
GPS spoofing incident in the Black Sea placed vessels 32km inland at Gelendzhik Airport
June 2019
GPS jamming incident reported at the Port of Shanghai
CYBER ATTACKS
Non-targeted cyber-attack affecting the shoreside operations of Maersk: Loss –est, $300-400m
Computer system onboard a container ship bound for New York completely debilitated. Coast Guard and FBI intervention required: Loss –not in public domain
June 2017 July 2018 February 2019 April 2020
Targeted cyber-attack against MSC caused a data centre outage leading to outage of customer facing websites: Loss - not in public domain
Cyber-attack affecting the shoreside operations of Cosco for five days: Loss – not in public domain
willistowerswatson.com
Cyber risk impact
© 2019 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 4
Direct loss of revenue / loss of hire due to unavailability of
network e.g. Maersk, Cosco, MSC
Increased cost of working i.e. additional expenditure to get
business back up and running
Expenses e.g. costs of hiring external specialists to assist
with managing incident
Physical damage i.e. cost of repairing or replacing physical
assets and other incidental costs
Loss of revenue due to reputational damage e.g. customers take their business elsewhere
SHORT TERM
MEDIUM / LONGER TERM
willistowerswatson.com
The challenges associated with addressing cyber risk in the marine sector
© 2019 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 5
Inadequateinsurance solutions
Late adopter of technology and reliance on interconnectivity of that technology
Misconceptions that cyber risk poses a lesser threat to the marine sector
Lack of reporting by organisations within the marine industry on how cyber risk is affecting them
Absence of a cyber security regulatory framework
The cost of addressingknown vulnerabilities is too high
Inadequate specialist knowledge of how cyber risk affects the marine sector
willistowerswatson.com© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 6
Andrew [email protected]
+44 779 505 7357
Charlotte [email protected]
+44 774 111 7520
CyNav Contacts