testata inforMARE
Cerca
12 July 2024 - Year XXVIII
Independent journal on economy and transport policy
13:49 GMT+2
LinnkedInTwitterFacebook


CENTRO INTERNAZIONALE STUDI CONTAINERSANNO XXXVIII - Numero LUGLIO 2020

CYBER SECURITY

TURNING IMO2021 INTO AN OPPORTUNITY INSTEAD OF A BURDEN

Being a shipping IT professional can be frustrating. You recognise the need to invest in further cybersecurity, but your management team still treat it as a "compliance problem". But perhaps this is a result of the way cybersecurity has been presented to leadership. The dialogue needs to change. IMO 2021 could offer a unique opportunity to reposition cybersecurity as an important enabler of the wider business objectives.

At our recent virtual conference - CyberSecure at Sea - we asked ~120 shipping IT professionals what was holding them back from rolling out cyber security controls. ~50% pointed toward the struggle with providing their management teams the confidence that they are spending wisely on cyber security or that investing in additional resources to manage cyber risk is required at all. It is clear there is a misalignment between what IT professionals know is needed and what leadership believes is the risk.

Management teams in shipping believe cyber security is mainly a "compliance problem"

This is frustrating for the IT professional. But it isn't really a surprise.

Management's main concerns are driving up revenue and driving down cost. Maximise chartering at minimal expense. To run a tight ship, any investment that cannot visibly drive either of these twin goals is deprioritised. If the link is not clear, they don't believe it or they don't understand it, investing in it is a luxury. So the responsibility falls on the CIO or IT manager to help leadership understand the need and urgency.

But shipping IT professionals still find themselves stuck in a dialogue with management about how to do the bare minimum in order to comply with IMO 2021, instead of how to take steps to properly cybersecure.

From our discussions with shipping IT professionals, we find only 20% are actively engaging with their management to align cybersecurity strategy. In over 65% of cases, the dialogue is either focused purely on compliance or related to purchasing specific cybersecurity solutions. This means that for every 100 interactions that IT professionals have with their management team, 65 of them are either discussing compliance or a point solution.

Interestingly, none of the shipping IT professionals we speak to have a relationship with management where they agree to an annual budget and make the day to day decisions around cyber-security strategy and tactics. So management are making decisions on what cybersecurity controls to put in place on a case by case basis, rather than the IT professionals.

This is why cyber security in shipping is still commonly treated as a "compliance problem" - it is being presented as one.

This mindset is based on false assumptions

The most dangerous one is that shipping is not a targeted sector. If you still don't believe the threat landscape is shifting, then just look at the data - just within the first 5 months of 2020, there were public announcements of cyber attacks on MSC, Anglo Eastern, OSM and twice on Toll Group. While the amount of losses in revenue or remediation costs remain guarded secrets, they have all admitted to significant interruptions in operations.

Another false assumption is that we can achieve vessel digitalisation and worry about cyber security later. The evidence is clear that this simply isn't the case. Just to cite one example, a common assumption is that you can maintain separation of the business, crew and OT networks. So it should be impossible for an attacker to compromise a crew asset, then use that foothold to attack a critical business workstation or OT system.

In reality, in ~80% of vessels CyberOwl has deployed on, we find assets connected to the business network that the IT manager knows nothing about. They haven't identified them in their inventory, have no idea of their nature, did not sanction a connection, had no way of controlling or disconnecting them remotely. Sometimes it is not just 1 or 2 such assets, but 10s of them. In several cases, these unauthorised connections were later discovered to be OT devices linked to a bridge system, the engine room or auxiliary power system.

The relationship between IT and management needs to change. IMO 2021 is an opportunity to get "air time".

IMO 2021 presents a window of opportunity. Management teams have no choice but to make sure their fleet has a cyber risk management system that complies. Instead of approaching the dialogue as a compliance issue, this is the opportunity to frame cyber security as a business issue - an enabler to deliver overall business priorities. Whether this is business efficiency, vessel performance optimisation, remote control and management or crew welfare.

There are useful examples in recent history of leveraging compliance to strengthen overall cyber risk management. According to analysis by Marsh, companies successfully used GDPR as a catalyst, with 78% investing more in cyber security en route to GDPR compliance. A key finding in a 2019 UK government report was that as a result of GDPR, there was a significant increase in the number of businesses putting in place quarterly updates with senior management on cybersecurity, intensifying cybersecurity training and enhancing cybersecurity policies. Essentially, where the opportunity was taken, GDPR had a positive effect in improving executive attention that prompted the related investments.

This window of opportunity won't last forever. Don't squander it.

So how do shipping IT professionals make the most out of IMO 2021?

Shifting the emphasis of the discussion with management is an important start. Turn the conversation from "what we need to do to comply" to "how does cybersecurity support the way we want to work going forward." For example, the need for better remote access control becomes less about the fact it is an IACS recommendation, but more because it reduces the need to get an engineer onboard the vessel.
  • Use IMO 2021 as a catalyst for working more closely with your colleagues in technical, operations and quality. Get a good understanding of their ambitions for improving performance and reducing costs. Use this knowledge to demonstrate how cybersecurity could help them achieve that securely. Link your cybersecurity initiatives with their cost-savings or revenue-gain figures.
  • Quantify the risk within the context of these wider business objectives. Help management visualise the potential loss due to a cyber attack. But make this real to your own organisation and its digitalisation ambitions, rather than using high-level industry report figures. There are various well-recognised methods for quantifying the cyber risk to an organisation. One approach we like using at CyberOwl is the FAIR methodology.
  • Define some key cybersecurity metrics to start collecting and tracking. Begin with a pragmatic, small number that won't drown your resources. At minimum, these should measure the volume of system outages, volume of cyber incidents and some aspect of usage policy abuse, misconfigurations or suspicious behaviour. Gather benchmarks on these metrics from a friendly cybersecurity advisor or a collaborative network of other shipping IT professionals. Present the trends and benchmarks to your management, clearly explaining their implications.
  • Lean on your vendors to help you inform your cybersecurity strategy. It is part of the value and service they bring to you. When you perform trials, treat it as a learning exercise, not just a procurement exercise. Clearly set out what you are trying to learn about your current cybersecurity posture, where the risks are and how you are currently managing them. Share this "list of learning points" with your vendor. They should be helping you learn, rather than just proving to you their cybersecurity product is better than the competition.
Finally, it doesn't need to be a huge transformation programme. Start small and simple. Make some changes. Measure the improvement. Share any good news and small wins. Repeat.

How are you engaging with your management on IMO 2021? Get in touch with us here if you would like help or a free consultation on how to reposition the dialogue.

hellenicshippingnews.com



Approved the 2023 budget of Interporto Campano
Nola
Confirmed Alfredo Gaetani (President) and Claudio Ricci (Managing Director)
The Danish group SGL buys Brazilian Blu Logistics Brasil
Hvidovre
Agreement to acquire the entire share capital
Saipem, commits for offshore activities in Azerbaijan
Milan
In programme activity in the Azerbaijani waters of the Caspian Sea
99.2% million of Fincantieri's 400 million capital increase subscribed to
Rome
Majority shareholder CDP Equity has subscribed to new shares worth 285.8 million euros.
On July 17, the public assembly in Assiterminal will be held in Rome.
Rome
Messina (Assshipowners) : with the renewal of the Ccnl of the shipowner industry valid responses to the needs of workers
At The Spice Container Terminal start the scallops of the 21,000-teu container ships of OOCL
The Spezia
Inaugurated the Onshore Power Supply plant of the port of Valletta
Floriana / Geneva
Every Wednesday "MSC World Europa" will connect to the electric grid of the stopover
PSA, measures to mitigate congestion in the port of Singapore are having success
Singapore
In recent months, it has increased, among other things, the need to handle containers several times.
Presented the XII National Report on the Economy of the Sea
Rome
The sector generates a direct added value of 64.6 billion euros.
Set up in the construction site of Ancona the construction of the extra-aluminum cruise ship Four Seasons I
Trieste
Fincantieri will deliver it by the end of 2025
Hapag-Lloyd announces preliminary results of first semester
Hamburg
The company believes that the second half of 2024 will be better than previous expectations.
In May the traffic of goods in the port of Ravenna decreased by -3.0%
Ravenna
The month of June is expected to decline by -3.3% percent.
The economic-financial analysis of Fedespedi of containerized shipping companies
Milan
Laying of the keel of the new ultra-luxury megayacht destined for Aman at Sea
Genoa
Ceremony in the construction site of St. George of Nogaro of T. Mariotti
Danaos confirms order in China for five new container ships
Athens
Four will have a capacity of 9,200 teu and one of 8,258 teu
In Barcelona the first container terminal in the Mediterranean with electrified quay
Barcelona
On Friday the inauguration of the Onshore Power Supply plant in Hutchison Ports BEST
The revenue growth of Taiwanese Evergreen and Yang Ming continues
Taipei / Keelung
YML orders 9,100 new containers
Inaugurated in Gioia Tauro the quay that will host the pole of naval reparations
Joy Tauro
Agostinelli : This year the container traffic in port will challenge the four million teu
Chinese group Hengli will build a shipyard on the island of Changxing
Dalian
Investment of the value of 1.3 billion
SFL Corporation renews with Maersk the rental of four container ships
Hamilton
The capacity of ships will be high from 8,700 to 9,500 teu
Prysmian, record of installation of a cable in ultra-deep waters
Milan
Test for installation at -2,150 meters
Germany's Rhenus has acquired 15% percent of France's C Chez Vous
Holzwickede
Is specialized in the delivery of goods weighing more than 30 kilograms
Astilleros Armon delivered the dual-fuel ferry Margarita Salas to Baleària
Dénia
Can be powered to liquefied natural gas
Brothers Cosulich orders two new chemical bunkering tankers
Genoa
They will be taken in delivery in the first semester of 2026
Lineage buys the abruzzese supplier of Eurofrigor refrigerated warehouses
Amsterdam
Manages a refrigerated cell structure of more than 24,000 square meters in Controwar
Fincantieri vara to Ancona the cruise ship Viking Vesta
Los Angeles
In mid-2025 it will be delivered to American Viking
At the end the constructive phase of the port of Porto Torres
Cagliari
Entrusted to a Technical Advisory Panel on the issue of the greatest costs of opera
In China, the keel of the new ro-pax has been laid down. GNV Virgo
Genoa
It will be the first ship of GNV's fleet to be powered by liquefied natural gas
SAILING LIST
Visual Sailing List
Departure ports
Arrival ports by:
- alphabetical order
- country
- geographical areas
In Genoa, the World Day of Ausile Navigation
Genoa
On August 22, IALA will assume the legal status of intergovernmental organisation
SFL Corporation orders the construction of five container ships from 16,800 teu
Hamilton
Commits the value of a billion dollars to New Times Shipbuilding
In 2023, Fratelli Cosulich recorded financial performance second only to those records of 2022
Genoa
OMT (Accelleron) acquires the OMC2
Reflights
The Company manufactures high precision fuel injectors for marine, stationary and rail engines
Last year, freight traffic in Dutch ports fell by -7.6% percent.
The Hague
Reduction of volumes in all major merceological compartments
Chantier Naval de Marseille will retrofit two other cruise ships of AIDA Cruises
Rostock
They are part of the class "Sphinx"
Genovese De Wave has acquired Inoxking
Genoa
The Company manufactures steel furniture and refrigeration systems for the maritime industry
The downturn of container traffic in the port of Piraeus continues
Hong Kong
Overall, the volumes handled by the COSCO Shipping Ports network have been increased.
MSC gets 97.71% of the capital of Gram Car Carriers
Oslo
In the coming days the acquisition of the remaining shares
Hapag-Lloyd reiterates its own terminalist division
Hamburg
A Hanseatic Global Terminals make 20 container terminals in 11 nations
ADNOC Logistics & Services orders in Korea 8-10 new liquefied natural gas vessels
Abu Dhabi
They will be built by Samsung Heavy Industries and Hanwha Ocean
Kombiverkehr is alarmed at the reduction of DB Cargo services for intermodal transport
Frankfurt am Main
The company is looking for alternative partners
MSC ready to acquire 15% of ADR in Genoa Airport
Genoa
The shipowner group has submitted a binding proposal to buy
Fincantieri will build a fourth NFS submarine for the Italian Navy Navy
Trieste
Commits of the value of 500 million euros
Four major critical areas in view of the entry into force of the FuelEU Maritime Regulation
Rome
Workshop on the theme of the Young Group of Confitweapon
Technical Varo of the second of the four GNV ro-pax ships under construction in China
Genoa
The "GNV Orion", of 52,000 tons tsl, will be taken over in the summer of 2025
Assshipowners have strengthened their structure
Rome
Insertion into the organic of Simone Parizzi, Mattia Canevari and Cesare Crocini
Japan's MOL acquires 25% of the logistics company Tanzaniana Alistair Group
Tokyo
Port of Ravenna, over four million euros destined for new mediums of less environmental impact
Ravenna
A ban on the replacement of the means currently operating in the quay
Rosetti Marino, new committed for offshore EPC activities worth more than 400 million euros
Ravenna
It envisages the realization of the topside of the gas production platform that will be installed off the coast of Libya
They return to grow the revenues of the FedEx express courier
Memphis
In the coming months, a continuation of the current positive trend is expected.
Assagents analyzes the impact on maritime traffic of the geopolitical crises in place
Genoa
On July 9 Adria Ferries will inaugurate a new ferry line between Italy and Montenegro
Ancona
Biweekly service between the ports of Ancona and Bar
State Railways and Eni continue cooperation in the field of alternative fuels
Rome
Mitsui O.S.K. Lines will have 72% of the capital of Gearbulk
Tokyo
You will acquire an additional 23% held by Halberton Holding (Jebsen family)
The Young Shipowners Group of Confitarma launches the website ItalianSeafarers
Rome
Presented the training opportunities offered by the companies and the ITS foundations
In 2023, passengers on MSC Crusere ships nearly doubled.
Geneva
The Explora Journeys business also started in August.
EQT Infrastructure VI fund buys Constellation Cold Logistics
Stockholm / London
Owns and operates 26 refrigerated warehouses in Western Europe and Scandinavia
UPS sells logistics company Coyote Logistics to RXO for more than a billion dollars
Charlotte / Atlanta
In 2023 the asset ceded generated a turnover of 3.2 billion
CMA CGM restructure services in the Mediterranean
Marseille
Changes to the Euronaf and TMX 2 lines scaling several Italian ports
The only retroport of the port of La Spezia is that of Santo Stefano Magra
The Spezia
Shipping agents and shipping agents and customs officers who say no to the hypothesis of other corridors said.
Warriors (AdSP Livorno) : The TDT terminal must maintain its own merceological vocation
Livorno
We expect Grimaldi to develop plans to promote a real growth of containerized traffickers.
PORTS
Italian Ports:
Ancona Genoa Ravenna
Augusta Gioia Tauro Salerno
Bari La Spezia Savona
Brindisi Leghorn Taranto
Cagliari Naples Trapani
Carrara Palermo Trieste
Civitavecchia Piombino Venice
Italian Interports: list World Ports: map
DATABASE
ShipownersShipbuilding and Shiprepairing Yards
ForwardersShip Suppliers
Shipping AgentsTruckers
MEETINGS
On July 17, the public assembly in Assiterminal will be held in Rome.
Rome
Messina (Assshipowners) : with the renewal of the Ccnl of the shipowner industry valid responses to the needs of workers
The assembly of Assagents will be held in Genoa on June 25.
Genoa
Event entitled " Mari inquieti. Routes and conflicts : the incognition of traffickers "
››› Meetings File
PRESS REVIEW
Samsung, HMM clash in US over shipping rates
(The Korea Times)
Houthis Mount Biggest Month of Attacks on Ships This Year
(Bloomberg)
››› Press Review File
FORUM of Shipping
and Logistics
Relazione del presidente Stefano Messina
Roma, 2 luglio 2024
››› File
Emanuele Grimaldi has been re-elected as president of the International Chamber of Shipping
Emanuele Grimaldi has been re-elected as president of the International Chamber of Shipping
Montreal
Confirmed for another two-year term
Lorenzo Giacobbe is the new president of the Young People's Group of Assagents
Genoa
It will be joined by Vice Presidents Pietro Abbona and Andrea Pompei
The ports of Trieste and Monfalcone are allied with those of Cartagena, Riga and North Sea Port
Trieste
Report on work in liguri ports
Genoa
It was carried out by the Italian Academy of Mercantile Academy
Intermodal transport of prefabricated in concrete from Tuscany to Sardinia
Arezzo
Collaboration between the Baraclit Group, the Logistic Pole of the FS Group and the GMake Group
It continues the growth of containerized transhipment traffic in the ports of Algeciras and Valencia
Algeciras / Valencia
In May in the two shelves the transshipment containers increased by 8.4% and 12.0%
Kombiverkehr, in 2025, will double in Germany the costs of using rail lines for the transport of goods
Frankfurt am Main
Krebs : in the worst case we will stop transport
They rise to 88 the companies associated with Assiterminal
Genoa
Membership of seven new companies
Brothers Cosulich acquired the genovese Slavetti Enzo
Genoa
It operates in the field of production and sales of hardware products for the shipbuilding and nautical industry
Likely sinking of the renaissance Tutor attacked by the Houthis
Portsmouth
Signaled the sighting at sea of debris and hydrocarbon chiaths
EU Council agrees to its position on new regulation on the European Maritime Safety Agency
Brussels
Also adopted the general approach on the regulation on the use of the capacity of the railway infrastructure
- Via Raffaele Paolucci 17r/19r - 16129 Genoa - ITALY
phone: +39.010.2462122, fax: +39.010.2516768, e-mail
VAT number: 03532950106
Press Reg.: nr 33/96 Genoa Court
Editor in chief: Bruno Bellio
No part may be reproduced without the express permission of the publisher
Search on inforMARE Presentation
Feed RSS Advertising spaces

inforMARE in Pdf
Mobile