SlideShare une entreprise Scribd logo

Marlink IMO 2021 Guide to Cyber Risk Management

C
CHRIS CLIFFORD

Applicable to commercial ships with over 500 gross tonnage, the IMO resolution (MSC 428, 98) confirmed all shipping companies need to have cyber security in their safety management system. Flag states are encouraged to ensure these requirements are met by vessel operators in the first annual audit after January 2021. Non-compliance may lead to vessel detainment. This means maritime companies need to be identifying and safeguarding against maritime cyber risks now to be ready for the first annual verification of the Company’s Document of Compliance.

Technologie
1  sur  10
Télécharger pour lire hors ligne
A Mini Guide to IMO2021 Cyber Risk Management August 2020
What is IMO2021? What? Applicable to commercial ships with over 500 gross tonnage, the IMO resolution (MSC 428, 98) confirmed all shipping companies need to have cyber security in their safety management system. Flag states are encouraged to ensure these requirements are met by vessel operators in the first annual audit after January 2021. Non-compliance may lead to vessel detainment. This means maritime companies need to be identifying and safeguarding against maritime cyber risks now to be ready for the first annual verification of the Company’s Document of Compliance. The IMO has indicated that maritime companies must be able to demonstrate that they follow a cyber security framework of: IDENTIFY PROTECT THE 5-STEP APPROACH DETECT RESPOND RECOVER
Recognising that no two organisations in the shipping industry are the same, the IMO is not prescriptive in their guidelines of how these recommendations should be implemented, to ensure a widespread application. The main challenge that this presents for owners, is how to interpret a framework written in very broad terms. Various industry bodies and shipping associations have provided guidance on which concrete measures to implement. The IMO resolution cites the following: • “The Guidelines on Cyber Security Onboard Ships” produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI. - ISO/IEC 27001 Standard on Information technology • Security techniques – Information security management systems • United States National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cyber Security (the NIST Framework). When? Cyber security risks need to be appropriately addressed in Safety Management Systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. 01 January 2021 IMO2021 Compliance
Why? An increase in cyber attacks has demonstrated that shipping companies have become a growing target for cyber attacks. A recent maritime study1 found there to have been a 400% increase in attempted hacks since February 2020, coinciding with greater use of technology and working from home due to the Coronavirus pandemic. IMO member states – in particular the US Coast Guard – encouraged the adoption of a resolution that supports ship operators to implement stricter IT security policies and practice in order to protect the safety of mariners, and continuity of global business.  Ships transport valuable goods all over the world ensuring essential global trade but are also closely connected to the supply chain so the potential impact of a successful attack could have a wide ripple effect. The maritime industry has proven to adopt new technologies at a slower pace than many other industries2 . Over time, this has meant complying with baseline requirements against the impact of possible negative incentives rather than being proactive and embracing newer technology. Given the possible negative impact of cyber attacks, (damage to reputation, increased insurance premiums, failing annual audit, potential prohibition to operate) the IMO has acknowledged that this is a risk that needs to be more closely regulated and monitored. 
Although IMO2021 dictates measures to mitigate cyber risk should apply to both IT and OT, so far the focus and tools available have been mostly focusing on IT, with established tools like anti-virus, firewalls, contentfiltering,andsoon.Asshipoperatorsrecognise the value of making their operations more digitalised, some have been reluctant to connect OT given the potential negative consequences if compromised. Others have experienced how connecting OT can open possibilities for more proactive maintenance, prolonged maintenance cycles and reduced costs; as well as more measure points and quality assured data for analysis to operate smarter and safer. Regardless of the approach, most manufacturers of core OT components onboard (such as engine maintenance, propulsion, electrical supply, etc.) do offer services where data can be extracted from the OT devices to shore. But most of these systems are proprietary meaning the entire sphere of onboard OT components is very fragmented. Marlink works with both ship operators and OT manufacturers to define and unify the procedures to control and manage access in a consolidated and secure way. For Marlink the focus is on enabling flexible and secure access control to onboard devices, to converge different security policies from different clients. Sources: 1. Naval Dome, 2020 2. Ovum, 2017
The Process In a very simplified way, one can say that implementing the suggested measures described in IMO2021 related to cyber security means taking actions across three different verticals: Awareness Who? Everyone All staff onshore All crew onboard Who? IT Team How? How? How? Senior Management IT Team Consultants Review & document Provide IMO 2021 outline Cyber risk reminders Assess stability of onboard networks Identify cyber risks Create a cyber risk management process Update and implement functional safeguards Update all software applications Implement ongoing cyber detection Adopt tools for IT monitoring Procedures Technology Training & resources Who? Everyone All staff onshore All crew onboard What? What? What? Cyber risk training
How? The technology vertical represents the functional safeguardsavailabletoidentifyvulnerabilities,protect against known threats, detect an attack, respond to/ mitigate the cyber risk, and also assist in recovering from an attack. How to conveniently implement vulnerability mitigating initiatives and facilitate measures taken is where Marlink solutions and services become relevant. Marlink Technology can support clients in achieving compliance with IMO2021.  We offer key suites of solutions, including ITLink and Cyber Guard which can all be used to mitigate risk, augment security measures and improve procedures to comply with guidelines. The Technology CYBERGUARD ITLINK Effectively secure your vessel and remote assets from cyber risk Simplify and automate your vessel IT environment to ensure effective operations and compliance Cyber Security IT Automation
How is compliance achieved? Compliance is achieved by the vessel operator demonstrating to the flag state that its safety management system “takes into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code”. This can be achieved by the operator’s in-house HQSE department, use of an advisor or class notation, but will require demonstration that sufficient awareness, procedures and technology are in place.  To understand this, it is easiest to start by laying out all the stakeholders involved and how they are relevant to be in compliance with IMO2021 regulation regarding cyber security. Ship Operators Cyber security system by January 2021 Flag state regulation Cyber Risk Insurance Port State Control Safety inspections from January 2021 Flag States Enforce & confirm IMO 2021 compliance Class Societies Optional cyber security class notifications Onboard flag state inspections Industry Guidelines issued by BIMCO, INTERTANKO, CLIA, ICS etc. Industry vetting
Discussion Points Procedures & Technology Do you know your responsibility and role with regards to a cyber-attack? Is cyber security implemented into your ISM Code Safety Management System (SMS) and Document of Compliance? Is cyber risk assessment and cyber security established as a high priority task with senior management in your organisation? And is this communicated and implemented throughout the entire organisation?  Is cyber security considered an IT deptartment responsibility within your organisation?  Do you have a Cyber Risk Management (CRM) programinplaceandhaveyoucompletedyour assessment for IMO2021 cyber compliance?  Do you know what to do to protect your systems against cyber attacks? Is there a process or plan in place torecoverdataafteracyberattack, meaning, is there a recovery system and implementation plan? If not, has the cost and consequence of such data loss been identified? Has your company identified all shipboard technology (IT and OT) and its vulnerability towards cyber-attacks?  Have all systems at potential risk against a cyber attack been properly identified? Are you able to identify a cyber attack? What tools are available to identify an attack? And do you know what the defined response actions are in case of a cyber attack? 
IMO2021 : How can we help? Our solutions support the functional elements (technology vertical) of the IMO2021 regulation regarding cyber security. Contact us for a free consultation on Marlink’s IT and Cyber Security solutions: info@marlink.com CYBERGUARD Cyber Security ITLINK IT Automation IDENTIFY PROTECT Onboard MAC & DNS Blocking Software & OS Configuration Management SecureRemoteAccess &Remediation Incident Management Consulting Threat&Intrusion Detection Cyber Dashboard SOCExpertSurveillance Incident Investigation Onshore Firewall & IPS Encrypted Satcom link & DDoS Protection Softw are Inventory & M anagem ent LANSegregation UserAccessManagement Automatedsystem backup& restoration Mitigation actions coordination & tracking Web, Content & App Filtering Onboard Firewall & Network Security End-Point Anti Virus & Anti Ramsomeware THE 5-STEP APPROACH DETECT RESPOND RECOVER marlink.com

Recommandé

The state of cyber resilience in the UK
The state of cyber resilience in the UKThe state of cyber resilience in the UK
The state of cyber resilience in the UK
Ipsos UK
 
Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East
Accenture Middle East
 
Bridging the gap: cyber security skills
Bridging the gap: cyber security skillsBridging the gap: cyber security skills
Bridging the gap: cyber security skills
Ipsos UK
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
 
Solving the Cyber Security Skills Gap with DCMS
Solving the Cyber Security Skills Gap with DCMSSolving the Cyber Security Skills Gap with DCMS
Solving the Cyber Security Skills Gap with DCMS
Ipsos UK
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
accenture
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
accenture
 

Recommandé

The state of cyber resilience in the UK
The state of cyber resilience in the UKThe state of cyber resilience in the UK
The state of cyber resilience in the UK
Ipsos UK
 
Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East
Accenture Middle East
 
Bridging the gap: cyber security skills
Bridging the gap: cyber security skillsBridging the gap: cyber security skills
Bridging the gap: cyber security skills
Ipsos UK
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
 
Solving the Cyber Security Skills Gap with DCMS
Solving the Cyber Security Skills Gap with DCMSSolving the Cyber Security Skills Gap with DCMS
Solving the Cyber Security Skills Gap with DCMS
Ipsos UK
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
accenture
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
accenture
 
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
Deloitte United States
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
accenture
 
Innovate for Cyber Resilience UKI
Innovate for Cyber Resilience UKIInnovate for Cyber Resilience UKI
Innovate for Cyber Resilience UKI
accenture
 
Tieto Future Perspectives Report
Tieto Future Perspectives Report Tieto Future Perspectives Report
Tieto Future Perspectives Report
Tieto Corporation
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's Playground
John ILIADIS
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
 
Accelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesAccelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securities
McKinsey & Company
 
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
Capgemini
 
Foresight 2020 - Industry trends and scenarios
Foresight 2020 - Industry trends and scenariosForesight 2020 - Industry trends and scenarios
Foresight 2020 - Industry trends and scenarios
Tieto Corporation
 
Interconnection 101
Interconnection 101Interconnection 101
Interconnection 101
Equinix
 
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital MarketsHold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
accenture
 
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
Connected Futures
 
2016 IT Industry Outlook
2016 IT Industry Outlook2016 IT Industry Outlook
2016 IT Industry Outlook
CompTIA
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in Cybersecurity
CompTIA
 
SNG Minnesota - Motivating Broadband Utilization
SNG Minnesota - Motivating Broadband UtilizationSNG Minnesota - Motivating Broadband Utilization
SNG Minnesota - Motivating Broadband Utilization
Ann Treacy
 
What matters in security - A highlighter
What matters in security - A highlighterWhat matters in security - A highlighter
What matters in security - A highlighter
Andre Muscat
 
SNG Minnesota White Paper
SNG Minnesota White PaperSNG Minnesota White Paper
SNG Minnesota White Paper
Ann Treacy
 
Third Annual State of Cyber Resilience | Portugal
Third Annual State of Cyber Resilience | PortugalThird Annual State of Cyber Resilience | Portugal
Third Annual State of Cyber Resilience | Portugal
accenture
 
Tieto Company Presentation
Tieto Company PresentationTieto Company Presentation
Tieto Company Presentation
Tieto Corporation
 
Cloud computing and business landscape 2019
Cloud computing and business landscape 2019Cloud computing and business landscape 2019
Cloud computing and business landscape 2019
Spire Research and Consulting
 
Cybersecurity and the Shipping Industry
Cybersecurity and the Shipping IndustryCybersecurity and the Shipping Industry
Cybersecurity and the Shipping Industry
The TNS Group
 
ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
AdamAdler10
 

Contenu connexe

Tendances

Tieto Future Perspectives Report
Tieto Future Perspectives Report Tieto Future Perspectives Report
Tieto Future Perspectives Report
Tieto Corporation
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
 
SNG Minnesota White Paper
SNG Minnesota White PaperSNG Minnesota White Paper
SNG Minnesota White Paper
Ann Treacy
 

Tendances (20)

The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
 
Innovate for Cyber Resilience UKI
Innovate for Cyber Resilience UKIInnovate for Cyber Resilience UKI
Innovate for Cyber Resilience UKI
 
Tieto Future Perspectives Report
Tieto Future Perspectives Report Tieto Future Perspectives Report
Tieto Future Perspectives Report
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's Playground
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
Accelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securitiesAccelerating hybrid-cloud adoption in banking and securities
Accelerating hybrid-cloud adoption in banking and securities
 
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
Capgemini & EMC Transform Brazilian Businesses with Next-Generation Cloud Sol...
 
Foresight 2020 - Industry trends and scenarios
Foresight 2020 - Industry trends and scenariosForesight 2020 - Industry trends and scenarios
Foresight 2020 - Industry trends and scenarios
 
Interconnection 101
Interconnection 101Interconnection 101
Interconnection 101
 
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital MarketsHold Firm: The State of Cyber Resilience in Banking and Capital Markets
Hold Firm: The State of Cyber Resilience in Banking and Capital Markets
 
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and B...
 
2016 IT Industry Outlook
2016 IT Industry Outlook2016 IT Industry Outlook
2016 IT Industry Outlook
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in Cybersecurity
 
SNG Minnesota - Motivating Broadband Utilization
SNG Minnesota - Motivating Broadband UtilizationSNG Minnesota - Motivating Broadband Utilization
SNG Minnesota - Motivating Broadband Utilization
 
What matters in security - A highlighter
What matters in security - A highlighterWhat matters in security - A highlighter
What matters in security - A highlighter
 
SNG Minnesota White Paper
SNG Minnesota White PaperSNG Minnesota White Paper
SNG Minnesota White Paper
 
Third Annual State of Cyber Resilience | Portugal
Third Annual State of Cyber Resilience | PortugalThird Annual State of Cyber Resilience | Portugal
Third Annual State of Cyber Resilience | Portugal
 
Tieto Company Presentation
Tieto Company PresentationTieto Company Presentation
Tieto Company Presentation
 
Cloud computing and business landscape 2019
Cloud computing and business landscape 2019Cloud computing and business landscape 2019
Cloud computing and business landscape 2019
 

Similaire à Marlink IMO 2021 Guide to Cyber Risk Management

ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
AdamAdler10
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
shed59
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
Chris Young
 

Similaire à Marlink IMO 2021 Guide to Cyber Risk Management (20)

Cybersecurity and the Shipping Industry
Cybersecurity and the Shipping IndustryCybersecurity and the Shipping Industry
Cybersecurity and the Shipping Industry
 
ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber Strategy
 
Unleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdfUnleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdf
 
Strengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGenStrengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGen
 
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity VigilanceTelecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Security Testing Trends for 2020
Security Testing Trends for 2020Security Testing Trends for 2020
Security Testing Trends for 2020
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
ISA.pdf
ISA.pdfISA.pdf
ISA.pdf
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Marlink IMO 2021 Guide to Cyber Risk Management

  • 1. A Mini Guide to IMO2021 Cyber Risk Management August 2020
  • 2. What is IMO2021? What? Applicable to commercial ships with over 500 gross tonnage, the IMO resolution (MSC 428, 98) confirmed all shipping companies need to have cyber security in their safety management system. Flag states are encouraged to ensure these requirements are met by vessel operators in the first annual audit after January 2021. Non-compliance may lead to vessel detainment. This means maritime companies need to be identifying and safeguarding against maritime cyber risks now to be ready for the first annual verification of the Company’s Document of Compliance. The IMO has indicated that maritime companies must be able to demonstrate that they follow a cyber security framework of: IDENTIFY PROTECT THE 5-STEP APPROACH DETECT RESPOND RECOVER
  • 3. Recognising that no two organisations in the shipping industry are the same, the IMO is not prescriptive in their guidelines of how these recommendations should be implemented, to ensure a widespread application. The main challenge that this presents for owners, is how to interpret a framework written in very broad terms. Various industry bodies and shipping associations have provided guidance on which concrete measures to implement. The IMO resolution cites the following: • “The Guidelines on Cyber Security Onboard Ships” produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI. - ISO/IEC 27001 Standard on Information technology • Security techniques – Information security management systems • United States National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cyber Security (the NIST Framework). When? Cyber security risks need to be appropriately addressed in Safety Management Systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. 01 January 2021 IMO2021 Compliance
  • 4. Why? An increase in cyber attacks has demonstrated that shipping companies have become a growing target for cyber attacks. A recent maritime study1 found there to have been a 400% increase in attempted hacks since February 2020, coinciding with greater use of technology and working from home due to the Coronavirus pandemic. IMO member states – in particular the US Coast Guard – encouraged the adoption of a resolution that supports ship operators to implement stricter IT security policies and practice in order to protect the safety of mariners, and continuity of global business.  Ships transport valuable goods all over the world ensuring essential global trade but are also closely connected to the supply chain so the potential impact of a successful attack could have a wide ripple effect. The maritime industry has proven to adopt new technologies at a slower pace than many other industries2 . Over time, this has meant complying with baseline requirements against the impact of possible negative incentives rather than being proactive and embracing newer technology. Given the possible negative impact of cyber attacks, (damage to reputation, increased insurance premiums, failing annual audit, potential prohibition to operate) the IMO has acknowledged that this is a risk that needs to be more closely regulated and monitored. 
  • 5. Although IMO2021 dictates measures to mitigate cyber risk should apply to both IT and OT, so far the focus and tools available have been mostly focusing on IT, with established tools like anti-virus, firewalls, contentfiltering,andsoon.Asshipoperatorsrecognise the value of making their operations more digitalised, some have been reluctant to connect OT given the potential negative consequences if compromised. Others have experienced how connecting OT can open possibilities for more proactive maintenance, prolonged maintenance cycles and reduced costs; as well as more measure points and quality assured data for analysis to operate smarter and safer. Regardless of the approach, most manufacturers of core OT components onboard (such as engine maintenance, propulsion, electrical supply, etc.) do offer services where data can be extracted from the OT devices to shore. But most of these systems are proprietary meaning the entire sphere of onboard OT components is very fragmented. Marlink works with both ship operators and OT manufacturers to define and unify the procedures to control and manage access in a consolidated and secure way. For Marlink the focus is on enabling flexible and secure access control to onboard devices, to converge different security policies from different clients. Sources: 1. Naval Dome, 2020 2. Ovum, 2017
  • 6. The Process In a very simplified way, one can say that implementing the suggested measures described in IMO2021 related to cyber security means taking actions across three different verticals: Awareness Who? Everyone All staff onshore All crew onboard Who? IT Team How? How? How? Senior Management IT Team Consultants Review & document Provide IMO 2021 outline Cyber risk reminders Assess stability of onboard networks Identify cyber risks Create a cyber risk management process Update and implement functional safeguards Update all software applications Implement ongoing cyber detection Adopt tools for IT monitoring Procedures Technology Training & resources Who? Everyone All staff onshore All crew onboard What? What? What? Cyber risk training
  • 7. How? The technology vertical represents the functional safeguardsavailabletoidentifyvulnerabilities,protect against known threats, detect an attack, respond to/ mitigate the cyber risk, and also assist in recovering from an attack. How to conveniently implement vulnerability mitigating initiatives and facilitate measures taken is where Marlink solutions and services become relevant. Marlink Technology can support clients in achieving compliance with IMO2021.  We offer key suites of solutions, including ITLink and Cyber Guard which can all be used to mitigate risk, augment security measures and improve procedures to comply with guidelines. The Technology CYBERGUARD ITLINK Effectively secure your vessel and remote assets from cyber risk Simplify and automate your vessel IT environment to ensure effective operations and compliance Cyber Security IT Automation
  • 8. How is compliance achieved? Compliance is achieved by the vessel operator demonstrating to the flag state that its safety management system “takes into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code”. This can be achieved by the operator’s in-house HQSE department, use of an advisor or class notation, but will require demonstration that sufficient awareness, procedures and technology are in place.  To understand this, it is easiest to start by laying out all the stakeholders involved and how they are relevant to be in compliance with IMO2021 regulation regarding cyber security. Ship Operators Cyber security system by January 2021 Flag state regulation Cyber Risk Insurance Port State Control Safety inspections from January 2021 Flag States Enforce & confirm IMO 2021 compliance Class Societies Optional cyber security class notifications Onboard flag state inspections Industry Guidelines issued by BIMCO, INTERTANKO, CLIA, ICS etc. Industry vetting
  • 9. Discussion Points Procedures & Technology Do you know your responsibility and role with regards to a cyber-attack? Is cyber security implemented into your ISM Code Safety Management System (SMS) and Document of Compliance? Is cyber risk assessment and cyber security established as a high priority task with senior management in your organisation? And is this communicated and implemented throughout the entire organisation?  Is cyber security considered an IT deptartment responsibility within your organisation?  Do you have a Cyber Risk Management (CRM) programinplaceandhaveyoucompletedyour assessment for IMO2021 cyber compliance?  Do you know what to do to protect your systems against cyber attacks? Is there a process or plan in place torecoverdataafteracyberattack, meaning, is there a recovery system and implementation plan? If not, has the cost and consequence of such data loss been identified? Has your company identified all shipboard technology (IT and OT) and its vulnerability towards cyber-attacks?  Have all systems at potential risk against a cyber attack been properly identified? Are you able to identify a cyber attack? What tools are available to identify an attack? And do you know what the defined response actions are in case of a cyber attack? 
  • 10. IMO2021 : How can we help? Our solutions support the functional elements (technology vertical) of the IMO2021 regulation regarding cyber security. Contact us for a free consultation on Marlink’s IT and Cyber Security solutions: info@marlink.com CYBERGUARD Cyber Security ITLINK IT Automation IDENTIFY PROTECT Onboard MAC & DNS Blocking Software & OS Configuration Management SecureRemoteAccess &Remediation Incident Management Consulting Threat&Intrusion Detection Cyber Dashboard SOCExpertSurveillance Incident Investigation Onshore Firewall & IPS Encrypted Satcom link & DDoS Protection Softw are Inventory & M anagem ent LANSegregation UserAccessManagement Automatedsystem backup& restoration Mitigation actions coordination & tracking Web, Content & App Filtering Onboard Firewall & Network Security End-Point Anti Virus & Anti Ramsomeware THE 5-STEP APPROACH DETECT RESPOND RECOVER marlink.com