testata inforMARE
Cerca
02 May 2024 - Year XXVIII
Independent journal on economy and transport policy
03:03 GMT+2
LinnkedInTwitterFacebook


CENTRO INTERNAZIONALE STUDI CONTAINERSANNO XXXVIII - Numero LUGLIO 2020
CYBER SECURITY

TURNING IMO2021 INTO AN OPPORTUNITY INSTEAD OF A BURDEN

Being a shipping IT professional can be frustrating. You recognise the need to invest in further cybersecurity, but your management team still treat it as a "compliance problem". But perhaps this is a result of the way cybersecurity has been presented to leadership. The dialogue needs to change. IMO 2021 could offer a unique opportunity to reposition cybersecurity as an important enabler of the wider business objectives.

At our recent virtual conference - CyberSecure at Sea - we asked ~120 shipping IT professionals what was holding them back from rolling out cyber security controls. ~50% pointed toward the struggle with providing their management teams the confidence that they are spending wisely on cyber security or that investing in additional resources to manage cyber risk is required at all. It is clear there is a misalignment between what IT professionals know is needed and what leadership believes is the risk.

Management teams in shipping believe cyber security is mainly a "compliance problem"

This is frustrating for the IT professional. But it isn't really a surprise.

Management's main concerns are driving up revenue and driving down cost. Maximise chartering at minimal expense. To run a tight ship, any investment that cannot visibly drive either of these twin goals is deprioritised. If the link is not clear, they don't believe it or they don't understand it, investing in it is a luxury. So the responsibility falls on the CIO or IT manager to help leadership understand the need and urgency.

But shipping IT professionals still find themselves stuck in a dialogue with management about how to do the bare minimum in order to comply with IMO 2021, instead of how to take steps to properly cybersecure.

From our discussions with shipping IT professionals, we find only 20% are actively engaging with their management to align cybersecurity strategy. In over 65% of cases, the dialogue is either focused purely on compliance or related to purchasing specific cybersecurity solutions. This means that for every 100 interactions that IT professionals have with their management team, 65 of them are either discussing compliance or a point solution.

Interestingly, none of the shipping IT professionals we speak to have a relationship with management where they agree to an annual budget and make the day to day decisions around cyber-security strategy and tactics. So management are making decisions on what cybersecurity controls to put in place on a case by case basis, rather than the IT professionals.

This is why cyber security in shipping is still commonly treated as a "compliance problem" - it is being presented as one.

This mindset is based on false assumptions

The most dangerous one is that shipping is not a targeted sector. If you still don't believe the threat landscape is shifting, then just look at the data - just within the first 5 months of 2020, there were public announcements of cyber attacks on MSC, Anglo Eastern, OSM and twice on Toll Group. While the amount of losses in revenue or remediation costs remain guarded secrets, they have all admitted to significant interruptions in operations.

Another false assumption is that we can achieve vessel digitalisation and worry about cyber security later. The evidence is clear that this simply isn't the case. Just to cite one example, a common assumption is that you can maintain separation of the business, crew and OT networks. So it should be impossible for an attacker to compromise a crew asset, then use that foothold to attack a critical business workstation or OT system.

In reality, in ~80% of vessels CyberOwl has deployed on, we find assets connected to the business network that the IT manager knows nothing about. They haven't identified them in their inventory, have no idea of their nature, did not sanction a connection, had no way of controlling or disconnecting them remotely. Sometimes it is not just 1 or 2 such assets, but 10s of them. In several cases, these unauthorised connections were later discovered to be OT devices linked to a bridge system, the engine room or auxiliary power system.

The relationship between IT and management needs to change. IMO 2021 is an opportunity to get "air time".

IMO 2021 presents a window of opportunity. Management teams have no choice but to make sure their fleet has a cyber risk management system that complies. Instead of approaching the dialogue as a compliance issue, this is the opportunity to frame cyber security as a business issue - an enabler to deliver overall business priorities. Whether this is business efficiency, vessel performance optimisation, remote control and management or crew welfare.

There are useful examples in recent history of leveraging compliance to strengthen overall cyber risk management. According to analysis by Marsh, companies successfully used GDPR as a catalyst, with 78% investing more in cyber security en route to GDPR compliance. A key finding in a 2019 UK government report was that as a result of GDPR, there was a significant increase in the number of businesses putting in place quarterly updates with senior management on cybersecurity, intensifying cybersecurity training and enhancing cybersecurity policies. Essentially, where the opportunity was taken, GDPR had a positive effect in improving executive attention that prompted the related investments.

This window of opportunity won't last forever. Don't squander it.

So how do shipping IT professionals make the most out of IMO 2021?

Shifting the emphasis of the discussion with management is an important start. Turn the conversation from "what we need to do to comply" to "how does cybersecurity support the way we want to work going forward." For example, the need for better remote access control becomes less about the fact it is an IACS recommendation, but more because it reduces the need to get an engineer onboard the vessel.
  • Use IMO 2021 as a catalyst for working more closely with your colleagues in technical, operations and quality. Get a good understanding of their ambitions for improving performance and reducing costs. Use this knowledge to demonstrate how cybersecurity could help them achieve that securely. Link your cybersecurity initiatives with their cost-savings or revenue-gain figures.
  • Quantify the risk within the context of these wider business objectives. Help management visualise the potential loss due to a cyber attack. But make this real to your own organisation and its digitalisation ambitions, rather than using high-level industry report figures. There are various well-recognised methods for quantifying the cyber risk to an organisation. One approach we like using at CyberOwl is the FAIR methodology.
  • Define some key cybersecurity metrics to start collecting and tracking. Begin with a pragmatic, small number that won't drown your resources. At minimum, these should measure the volume of system outages, volume of cyber incidents and some aspect of usage policy abuse, misconfigurations or suspicious behaviour. Gather benchmarks on these metrics from a friendly cybersecurity advisor or a collaborative network of other shipping IT professionals. Present the trends and benchmarks to your management, clearly explaining their implications.
  • Lean on your vendors to help you inform your cybersecurity strategy. It is part of the value and service they bring to you. When you perform trials, treat it as a learning exercise, not just a procurement exercise. Clearly set out what you are trying to learn about your current cybersecurity posture, where the risks are and how you are currently managing them. Share this "list of learning points" with your vendor. They should be helping you learn, rather than just proving to you their cybersecurity product is better than the competition.
Finally, it doesn't need to be a huge transformation programme. Start small and simple. Make some changes. Measure the improvement. Share any good news and small wins. Repeat.

How are you engaging with your management on IMO 2021? Get in touch with us here if you would like help or a free consultation on how to reposition the dialogue.

hellenicshippingnews.com
INDUSTRY
Sensitive increase in the production and sale of CIMC dry boxes
Hong Kong
Chinese firm responds to growth in demand
PORTS
Approved the consuntive budget 2023 of the AdSP of the South Tyrrhenic and Ionian
Joy Tauro
May 6 meeting at MIT on the future of the Gioia Tauro Port Agency
PORTS
The 2023 budget of the East Ligure Sea AdSP shows a primary surplus of six million
The Spezia
In the year new investments of around 17 million euros
INDUSTRY
Cargotec's quarterly net profit to 81.2 million (+ 11.8%)
Helsinki
In the first three months of 2024, revenues fell by -1.7% percent.
The negative trend of the economic performance of the ONE continues, less marked.
SHIPPING
The negative trend of the economic performance of the ONE continues, less marked.
Singapore
In the first three months of 2024 the goods in containers carried by the fleet increased by 15.6%
SHIPPING
The Genovese Messina has taken delivery of the largest ship in its fleet
Genoa
The "Jolly Verde" is a 6,300-teu container ship
PORTS
The inclusion of the Civitavecchia port in the Core network of the TEN-T network is final.
Cyvitavecchia
On Wednesday the OK of the European Parliament
RAILWAY TRANSPORT
In 2023 the goods transported by Rail Cargo Group decreased by -11%
Vienna
Revenue in decline of -1.8%
INDUSTRY
Sustained quarterly growth of new orders acquired by Wärtsilä
Helsinki
In the first three months of this year, the group's revenues fell by -9.8% percent.
SHIPPING
DIS orders two more new tankers LR1
Luxamburgo
New commits at the Jiangsu New Yangzi Shipbuilding Co.
ACCIDENTS
An MSC container ship targeted with missiles and drones in the Gulf of Aden
San'a ' /Portsmouth
No damage to the ship and crew
PORTS
Approved the consuntive budget 2023 of the Central Adriatic AdSP
Ancona
INDUSTRY
In the first quarter of 2024 the orders of port means produced by Konecranes fell by -51.6%
Hyvinkää
SHIPPING
Grimaldi has taken delivery of the multipurpose ro-ro Great Abidjan
Naples
It is the fourth of six class ships "G5"
SAILING LIST
Visual Sailing List
Departure ports
Arrival ports by:
- alphabetical order
- country
- geographical areas
ACCIDENTS
Baltimore attributes to owner and operator of the ship Dali the blame for the collapse of the Key Bridge
Baltimore
They would have been established dysfunction to the power supply on board that would cause a blackout
EDUCATION
Grimaldi and IMAT have renewed the five-year agreement for the training of crews
Castel Volturno
Focus on new technologies installed on board ships
LOGISTICS
The quarterly economic performance of DSV is still declining
Hedehusene
In the first quarter of this year, the value of net profit decreased by -27.2%
PORTS
Approved the consuntive budget 2023 of the AdSP of the Sardinia Sea
Cagliari
An administration surplus of 530 million euros, of which more than 475 tied for works in progress
TRADE
US imports of dangerous goods have been penalized during the pandemic.
Washington
Survey by the Government Accountability Office
FREIGHT TERMINALS
In 2023 CEPIM-Parma's Interport recorded a growth of 6.8% of the value of production
Bianconese of Fontevivo
Net profit di788mila euro (+ 223.2%)
LOGISTICS
In the first quarter of 2024, UPS Group revenues fell by -5.3%
Atlanta
Net profit down -41.3%
SHIPPING
Grendi has perfected the purchase of the ship Wedellsborg
Milan
It will be renamed with the name of "Grenching Futura"
COMPANIES
Grimaldi consolidates its presence in China with new headquarters in Shanghai
Naples / Shanghai
Inaugurates the offices of the Grimaldi Shipping Agency Shanghai
PORTS
Approved the 2023 consuntive budget of the Western Ligure Sea AdSP
Genoa
The new endowment of the institution's organic plant provides for 50 hires, including three managerial positions
PORTS
First plant for the distribution of LNG and GNC to vehicles in the port of La Spezia
The Spezia
It has been installed in Stagnoni locations
CHARITY
Agreement between MSC, MSC Foundation and Mercy Ships for the construction of a new hospital ship
Geneva / Lindale
MEETINGS
Tomorrow in Livorno a conference on the history of the city port
Livorno
It will be talked about architecture, trade and politics between the XVI and the twentieth century
EDUCATION
Agreement Assshipowners-ITS Academy G. Caboto for training in the maritime, port and logistics sectors
Rome
PORTS
In the first quarter of 2024, the port of Algeciras handled 1.2 million containers (+ 8.1%)
Algeciras
The traffic in overall goods increased by 3.3%
PORTS
In the first three months of this year in Valencia, container port traffic grew by 12.1% percent.
Valencia
In March, the increase was 15.7% percent.
PORTS
The Spezia and Carrara try to break down the bell towers and solicit cooperation at the ports of Genoa and Savona
The Spezia
TRADE
Switzerland and Switzerland cut trade between Italy and Switzerland.
Bern
In the first three months of the 2024 decline in Swiss exports. Stable imports
ACCIDENTS
Port of Naples, striking of the fast ferry Island of Procida against a quay
Naples
About thirty minor injuries among passengers
JOBS
Summoned for April 23 a meeting at MIT on former TCT port workers
Taranto
The unions had requested clarification on the future of the 330 members of the Taranto Port Workers Agency.
PORTS
The outer Levant dock of the Arbatax port has returned fully operational
Cagliari
In August 2020 he had been shouted by the ferry "Bithia"
PORTS
The Port of Los Angeles closed the first quarter with a 29.6% percent growth in container traffic
Los Angeles
Expected a continuation of the positive trend
INDUSTRY
Stable the value of ABB's revenues in the first quarter
Zurich
The new orders are down -5.0% percent. At the end of July Rosengren will leave the CEO position in Wierod
PORTS
Italian Ports:
Ancona Genoa Ravenna
Augusta Gioia Tauro Salerno
Bari La Spezia Savona
Brindisi Leghorn Taranto
Cagliari Naples Trapani
Carrara Palermo Trieste
Civitavecchia Piombino Venice
Italian Interports: list World Ports: map
DATABASE
ShipownersShipbuilding and Shiprepairing Yards
ForwardersShip Suppliers
Shipping AgentsTruckers
MEETINGS
MEETINGS
Tomorrow in Livorno a conference on the history of the city port
Livorno
It will be talked about architecture, trade and politics between the XVI and the twentieth century
PORTS
On April 11, the sixth edition of the "Italian Port Days" will begin.
Rome
Also this year the project has been divided into two sessions : the first in the spring and the second from September 20 to October 20
››› Meetings File
PRESS REVIEW
Iran says MSC Aries vessel seized for 'violating maritime laws'
(Reuters)
Le transport maritime national navigue à vue
(Aujourd'hui Le Maroc)
››› Press Review File
FORUM of Shipping
and Logistics
CONFITARMA
Relazione del presidente Mario Mattioli
Roma, 27 ottobre 2023
››› File
JOBS
The crisis of the Cooperative Sole Workers of Porto Flavio Gioia officialized at institutions and trade unions
Salerno
USB Mare and Porti, what's going on in the port of Salerno is the result of pressure from shipowners
MARITIME SERVICES
Euronav sells its own ship management company to Anglo-Eastern
Antwerp / Hong Kong
Manages the fleet of tanker ships of the Antwerp company
MARITIME SERVICES
Genoa Shipbuilding Industries has acquired a submersible barge of the cargo capacity of 14,000 tonnes
Genoa
It can also be employed as a floating basin for the varo of artifacts up to 9,800 tons
LOGISTICS
Venice Cold Stores & Logistics obtains the qualification of tax warehouse for wines and sparkling
Venice
Extension of the services offered to companies in the wine sector
FREIGHT TERMINALS
Gasparate urges to exempt property of interports from payment of the Imu
Nola
President of the Union Interports Reunited warned that with the PNRR construction sites the railway intermodality is at risk
SHIPPING
Hapag-Lloyd plans future investments to expand business in the terminal and intermode sectors
Hamburg
Among the markets, the company focuses attention on Africa, India, Southeast Asia and the Pacific
ENVIRONMENT
Set up a consortium to decarbonize transport on the northern Pacific route
Vancouver
It is formed by nine companies and entities and is open to other partners
PORTS
In the first quarter of this year, container traffic in the port of Long Beach increased by 16.4%
Long Beach
In March, the increase was 8.3% percent.
PORTS
Delivery of the work of consolidation of the foranea dam of the port of Catania
Catania
Procurement of the value of 75 million euros
INFRASTRUCTURE
Plan to improve in Genoa and Savona the rail links with cruise terminals and airport
Genoa
It was presented today in the Ligurian capital
MEETINGS
From 10 to May 12 at Spezia will be held "DePortibus-The festival of ports that connect the world"
The Spezia
The programme provides for technical events and cultural proposals
PORTS
Three new STS cranes have arrived in the Kenyan port of Lamu.
Mombasa
They will be able to work on container ships of the capacity of over 18mila teu
TRUCKING
One hundred new IVECO trucks powered by HVO in the Smet fleet
Turin
They will be taken over in the course of this year
RAILWAY TRANSPORT
In the first three months of this year, goods transported by rail between China and Europe increased by 10% percent.
Beijing
Operated 4,541 trains (+ 9%)
PORTS
In the first quarter of 2024, container traffic in the port of Hong Kong fell by -2.3%
Hong Kong
In March, the decline was -10.6% percent.
INFRASTRUCTURE
The regasification terminal FSRU Toscana left Livorno direct to Genoa
Livorno
In the Ligurian scalp and then in Marseille maintenance interventions will be carried out
MARITIME SERVICES
Confirmed to Tugchiers Meeting Port of Genoa the granting of trailer services in the port of Genoa
Genoa
Planned investment of 35 million euros to renovate fleet
- Via Raffaele Paolucci 17r/19r - 16129 Genoa - ITALY
phone: +39.010.2462122, fax: +39.010.2516768, e-mail
VAT number: 03532950106
Press Reg.: nr 33/96 Genoa Court
Editor in chief: Bruno Bellio
No part may be reproduced without the express permission of the publisher
Search on inforMARE Presentation
Feed RSS Advertising spaces

inforMARE in Pdf
Mobile