Cyber Security In Shipping & Offshore Ops

By Henrik Segercrantz
Monday, February 01, 2016
Sources: DNV The amount of communication options is growing for shipping and offshore installations. Communication broker solutions from Maritime Communication Partner (MCP) is shown at left and Inmarsat Plc at right. GL, MCP, Inmarsat Plc

Global shipping and offshore oil and gas operations are increasingly dependent on integrated networks, based on various software and data transfer solutions. Systems and equipment onboard are interconnected, monitored and controlled through an onboard automation network. Onboard systems are increasingly also connected ashore to the owners’ or technology providers’ control centers. Equipment manufacturers want to remotely upgrade the software of their systems and monitor their use to be able to optimize operations and to scheduled needed maintenance service. Shipowners and oil companies develop their integrated energy management systems. The risks for data security violations are increasing, requiring focused countermeasures including actions by all parties. Potential cyber security threats for shipping and offshore oil and gas installations follow to a large extent those of onshore industries and companies, including also the element of satellite communications.

Major Developments in SatCom
With the increasing sea-shore traffic the future availability of satellite communication capacity was discussed at a conference on future unmanned vessel operations arranged by NorShipping, in Oslo, Norway, June 2015. In that context, security was also touched on by Ronald Spithout, President, Inmarsat Maritime. Inmarsat plc is a leading provider of global maritime satellite communications, and Spithout said that a cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority when it comes to designing the new network.” The new network was scheduled for launch towards the end of 2015, after Inmarsat having achieved global coverage by adding a third satellite providing a completely new way of dealing with traffic signals increasing security. “In the future there will be more than one satellite connection link with the vessel providing reliability and redundancy.”

He described how, together with Cisco Systems Inc., a software layer is being developed around the Inmarsat satellite network.

“It is an enormous project which will see the light in 2016. The ownership of the terminal will be separated from the ownership of the traffic, where the ownership of traffic can be defined based on the type of application or the type of sensors or the destination of the traffic and then the application providers will deal with the traffic and the costs of it so that they can provide flat fees of their applications towards the vessel.”

He said there might be hundreds (of applications) which will see the light in a year or two. Inmarsat reported in November that the I-5 F3 (the third satellite mentioned above) had been successfully launched, in August, ‘putting Global Xpress (GX) on track for the introduction of global commercial service by the end of the year.’ Inmarsat will also launch Fleet Xpress, its maritime service based on Global Xpress which will be the world’s first hybrid Ka/L-band mobile satellite system.

‘Class’ Intensifies its Work

The maritime and offshore Oil and Gas industry has seen cyber events such as manipulation of AIS, ECDIS and GPS data and as hacks on port IT systems and breaches in the bunkering community, such as the cyber attack that was reported to cost World Fuel Services an estimated $18 million.

According to DNV GL just in year 2014 more than 50 cyber security incidents were detected in the Norwegian energy and oil and gas sector. The maritime industry with related authorities, such as the USCG in the United States and ENISA in Europe, as well as classification societies have their full focus on cyber security matters.
Classification societies such as ABS Group and DNV GL provide advice, consultation, services and updated regulations aiming at minimizing the threat of malicious attacks.

ABS provides a range of cyber security services including the identification of a company’s Security Baseline and level of potential risk to an attack, examining and assessing the physical and logical security of the industrial control systems against well-known standards and best practices. Using a combination of software failure mode knowledge and offshore industrial control system experience solutions required to reduce the risk of downtime or safety incident are assessed, for complex, high consequence vessels such as semi-submersibles, drillships and FPSOs. Reference standards mentioned by ABS include ISO-IEC 62443, NIST 800-53&82, WIB, and other Industrial Control System specific cybersecurity standards.

At DNV GL, Tor E. Svensen, CEO of the Maritime sector, said that high-speed ship to shore data communication will offer the opportunity for malicious attacks, and attempts to actually control or damage ships or property. The area of cyber security will see a lot more attention in the years to come, addressed in the rules and procedures. Earlier in the year he summarized that “in theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”

He recommends self-assessments and also third party audits, such as those offered by DNV GL’s own Marine Cybernetics unit. Through combining so called Hardware In-the-Loop (HIL) testing with cybersecurity testing, typical threats such as network storms and penetrations, password attacks, disconnections and communication failures can be addressed. The Integrated Software Dependent Systems (ISDS) standard, originally developed for the offshore industry look aim at ensuring reliable and safe operation of the vessel’s integrated and stand-alone control-systems. “If you have already taken care of software integrity, installed data protection and assessed the risks e.g. with HIL testing or ISDS, you are in a good position to take the next step in improving cybersecurity,” Svensen said.

Classification companies have much to contribute when defining cyber security requirements and in establishing rules, class notations, recommended practices and guidelines, and also in supporting companies with industry protocols such as ICCP, UCA and DNP. Also the U.S. Coast Guard works with DNV GL on building a regulatory framework and providing comments to the USCG “Guidance on Maritime Cybersecurity Standards.”

USCG Guidance on Cybersecurity
After a year-long development process the U.S. Coast Guard launched its cybersecurity guidance initiative on January 15 this year, through hosting an interagency public meeting on the subject ‘Guidance on Maritime Cybersecurity Standards.’ It has its original background in the Maritime Transportation Security Act law enacted after September 11, 2001, and in more recent set governmental requirements which also base on the Cybersecurity Framework of the National Institute of Standards and Technology. Through the initiative the Coast Guard looks for the industry and public to participate to help develop policy and the most effective cybersecurity regulations for the maritime industry. In this process, the Coast Guard asked for feedback or questions on various cybersecurity issues through a dedicated website, to be considered when developing their relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure. In the process USCG stressed the importance of full transparency and cooperation with its interagency partners and the maritime community.
 

(As published in the January 2016 edition of Maritime Reporter & Engineering News - http://magazines.marinelink.com/Magazines/MaritimeReporter)

 

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)

    “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.” Tor E. Svensen, CEO, Maritime, DNV GL (Photo: Nina Rangøy)

  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars

    A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.” Ronald Spithout President, Inmars

  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.

    The Av-Test IT Security Institute in Germany registers more than 390,000 new malicious programs every day.

  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

    AV-TEST’s Android Malware Repository (Collection) Statistics. Copyright © 2015 AV-TEST GmbH

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)
  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars
  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.
  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

Maritime Today


The Maritime Industry's original and most viewed E-News Service

Maritime Reporter June 2016 Digital Edition
FREE Maritime Reporter Subscription
Latest Maritime News    rss feeds

Technology

Construction Begins on Johan Sverdrup Riser platform

The riser platform construction start was marked today at the Samsung Heavy Industries yard in South Korea. Project director for Johan Sverdrup Kjetel Digre (from right),

SPS Used for Pipe-Layer Upgrade

The 127,500dwt Solitaire has completed some of the most challenging projects in which heavy pipe has been laid in very deep waters.   Originally built in Japan as a mini-Capesize bulk carrier,

Another Fugro Vessels Joins Largest SEEP-Hunting Survey

Fugro has deployed multi-purpose offshore survey vessel Fugro Gauss to join the Fugro Brasilis offshore Mexico, to help complete the world’s largest seep-hunting

Maritime Security

Russian Sub 'Stary Oskol' Enters Black Sea

Russia’s Stary Oskol submarine, the third boat in Project 636.3 series for the Black Sea Fleet, on a voyage to its permanent base has passed the Bosporus and Dardanelles straits,

Russia, US Blame Each Other for Maritime Incident

Russia and the United States gave contradictory accounts on Tuesday of an incident involving the two countries' navies in the Mediterranean Sea on June 17, each

Red River Closed after Barge Grounding

The Red River was closed Sunday from mile marker 40 to mile marker 42, after a barge reportedly ran aground and was protruding into the channel near mile marker 41, according to the U.

Coast Guard

BSM Acquires USCG Qualship 21 Program Approval

Bernhard Schulte Shipmanagement is proud to announce that it has received US Coast Guard (USCG) Qualship 21 Program approval for the BSM India-managed, Algoma-owned

AWO Authorizes ClassNK to Perform RCP Audits

The American Waterways Operators (AWO) and ClassNK have signed an agreement under which ClassNK will be authorized to conduct audits of AWO's Responsible Carrier Program,

Waterway Reopened after Barge Grounding

The U.S. Coast Guard has opened the Red River from mile marker 40 to mile marker 42 for vessel traffic, Monday.   The Red River had been closed due to a barge that had run aground at mile marker 41,

Software Solutions

SENER 9th FORUM Users Meet a Success

The SENER engineering and technology group has finished its ninth FORUM (the FORAN Users Meeting) designed so that FORAN users from all over the world can share their experiences and concerns,

Another Fugro Vessels Joins Largest SEEP-Hunting Survey

Fugro has deployed multi-purpose offshore survey vessel Fugro Gauss to join the Fugro Brasilis offshore Mexico, to help complete the world’s largest seep-hunting

JIP Validates DNV GL's Helica Software

A joint industry project run by DNV GL has replicated stresses measured in an umbilical subjected to tension and bending in full-scale tests, further validating

Offshore Energy

Construction Begins on Johan Sverdrup Riser platform

The riser platform construction start was marked today at the Samsung Heavy Industries yard in South Korea. Project director for Johan Sverdrup Kjetel Digre (from right),

Boon, Non-executive Director of ST Engineering Resigns

Singapore Technologies Engineering Ltd (ST Engineering) today announced the resignation of Mr Quek Tong Boon as non-executive Director with effect from 1 July 2016.

Offshore Oil Oscillations In West Africa

Global excess oil supply still looks likely to average 0.5m bpd in 2016 – sufficient, it would seem, to stop oil prices rising much above $50/bbl and therefore

 
 
Maritime Careers / Shipboard Positions Maritime Contracts Maritime Security Maritime Standards Navigation Offshore Oil Pipelines Pod Propulsion Port Authority Ship Electronics
rss | archive | history | articles | privacy | contributors | top maritime news | about us | copyright | maritime magazines
maritime security news | shipbuilding news | maritime industry | shipping news | maritime reporting | workboats news | ship design | maritime business

Time taken: 0.1493 sec (7 req/sec)