Cyber Security In Shipping & Offshore Ops

By Henrik Segercrantz
Monday, February 01, 2016
Sources: DNV The amount of communication options is growing for shipping and offshore installations. Communication broker solutions from Maritime Communication Partner (MCP) is shown at left and Inmarsat Plc at right. GL, MCP, Inmarsat Plc

Global shipping and offshore oil and gas operations are increasingly dependent on integrated networks, based on various software and data transfer solutions. Systems and equipment onboard are interconnected, monitored and controlled through an onboard automation network. Onboard systems are increasingly also connected ashore to the owners’ or technology providers’ control centers. Equipment manufacturers want to remotely upgrade the software of their systems and monitor their use to be able to optimize operations and to scheduled needed maintenance service. Shipowners and oil companies develop their integrated energy management systems. The risks for data security violations are increasing, requiring focused countermeasures including actions by all parties. Potential cyber security threats for shipping and offshore oil and gas installations follow to a large extent those of onshore industries and companies, including also the element of satellite communications.

Major Developments in SatCom
With the increasing sea-shore traffic the future availability of satellite communication capacity was discussed at a conference on future unmanned vessel operations arranged by NorShipping, in Oslo, Norway, June 2015. In that context, security was also touched on by Ronald Spithout, President, Inmarsat Maritime. Inmarsat plc is a leading provider of global maritime satellite communications, and Spithout said that a cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority when it comes to designing the new network.” The new network was scheduled for launch towards the end of 2015, after Inmarsat having achieved global coverage by adding a third satellite providing a completely new way of dealing with traffic signals increasing security. “In the future there will be more than one satellite connection link with the vessel providing reliability and redundancy.”

He described how, together with Cisco Systems Inc., a software layer is being developed around the Inmarsat satellite network.

“It is an enormous project which will see the light in 2016. The ownership of the terminal will be separated from the ownership of the traffic, where the ownership of traffic can be defined based on the type of application or the type of sensors or the destination of the traffic and then the application providers will deal with the traffic and the costs of it so that they can provide flat fees of their applications towards the vessel.”

He said there might be hundreds (of applications) which will see the light in a year or two. Inmarsat reported in November that the I-5 F3 (the third satellite mentioned above) had been successfully launched, in August, ‘putting Global Xpress (GX) on track for the introduction of global commercial service by the end of the year.’ Inmarsat will also launch Fleet Xpress, its maritime service based on Global Xpress which will be the world’s first hybrid Ka/L-band mobile satellite system.

‘Class’ Intensifies its Work

The maritime and offshore Oil and Gas industry has seen cyber events such as manipulation of AIS, ECDIS and GPS data and as hacks on port IT systems and breaches in the bunkering community, such as the cyber attack that was reported to cost World Fuel Services an estimated $18 million.

According to DNV GL just in year 2014 more than 50 cyber security incidents were detected in the Norwegian energy and oil and gas sector. The maritime industry with related authorities, such as the USCG in the United States and ENISA in Europe, as well as classification societies have their full focus on cyber security matters.
Classification societies such as ABS Group and DNV GL provide advice, consultation, services and updated regulations aiming at minimizing the threat of malicious attacks.

ABS provides a range of cyber security services including the identification of a company’s Security Baseline and level of potential risk to an attack, examining and assessing the physical and logical security of the industrial control systems against well-known standards and best practices. Using a combination of software failure mode knowledge and offshore industrial control system experience solutions required to reduce the risk of downtime or safety incident are assessed, for complex, high consequence vessels such as semi-submersibles, drillships and FPSOs. Reference standards mentioned by ABS include ISO-IEC 62443, NIST 800-53&82, WIB, and other Industrial Control System specific cybersecurity standards.

At DNV GL, Tor E. Svensen, CEO of the Maritime sector, said that high-speed ship to shore data communication will offer the opportunity for malicious attacks, and attempts to actually control or damage ships or property. The area of cyber security will see a lot more attention in the years to come, addressed in the rules and procedures. Earlier in the year he summarized that “in theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”

He recommends self-assessments and also third party audits, such as those offered by DNV GL’s own Marine Cybernetics unit. Through combining so called Hardware In-the-Loop (HIL) testing with cybersecurity testing, typical threats such as network storms and penetrations, password attacks, disconnections and communication failures can be addressed. The Integrated Software Dependent Systems (ISDS) standard, originally developed for the offshore industry look aim at ensuring reliable and safe operation of the vessel’s integrated and stand-alone control-systems. “If you have already taken care of software integrity, installed data protection and assessed the risks e.g. with HIL testing or ISDS, you are in a good position to take the next step in improving cybersecurity,” Svensen said.

Classification companies have much to contribute when defining cyber security requirements and in establishing rules, class notations, recommended practices and guidelines, and also in supporting companies with industry protocols such as ICCP, UCA and DNP. Also the U.S. Coast Guard works with DNV GL on building a regulatory framework and providing comments to the USCG “Guidance on Maritime Cybersecurity Standards.”

USCG Guidance on Cybersecurity
After a year-long development process the U.S. Coast Guard launched its cybersecurity guidance initiative on January 15 this year, through hosting an interagency public meeting on the subject ‘Guidance on Maritime Cybersecurity Standards.’ It has its original background in the Maritime Transportation Security Act law enacted after September 11, 2001, and in more recent set governmental requirements which also base on the Cybersecurity Framework of the National Institute of Standards and Technology. Through the initiative the Coast Guard looks for the industry and public to participate to help develop policy and the most effective cybersecurity regulations for the maritime industry. In this process, the Coast Guard asked for feedback or questions on various cybersecurity issues through a dedicated website, to be considered when developing their relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure. In the process USCG stressed the importance of full transparency and cooperation with its interagency partners and the maritime community.
 

(As published in the January 2016 edition of Maritime Reporter & Engineering News - http://magazines.marinelink.com/Magazines/MaritimeReporter)

 

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)

    “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.” Tor E. Svensen, CEO, Maritime, DNV GL (Photo: Nina Rangøy)

  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars

    A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.” Ronald Spithout President, Inmars

  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.

    The Av-Test IT Security Institute in Germany registers more than 390,000 new malicious programs every day.

  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

    AV-TEST’s Android Malware Repository (Collection) Statistics. Copyright © 2015 AV-TEST GmbH

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)
  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars
  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.
  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

Maritime Today


The Maritime Industry's original and most viewed E-News Service

Maritime Reporter May 2016 Digital Edition
FREE Maritime Reporter Subscription
Latest Maritime News    rss feeds

Technology

Royal Caribbean Selects Quintiq Software

Quintiq, a Dassault Systèmes company, announced that Royal Caribbean Cruises Ltd. has selected its software solution to optimize the assignment of more than 80,

ABB Software to Monitor Cosco Heavy Transport Fleet

ABB, a power and automation technology group, will supply its onboard motion monitoring and forecasting system to the Xiang Rui Kou heavy lift vessel, meaning the

P&I Club warns on Enclosed Space Entry & Testing

The London P&I Club says it continues to see cases of injuries and fatalities associated with entry into enclosed onboard spaces, including cargo holds on bulk

Maritime Security

EU Ships in Libyan Waters Would Undermine Tripoli Govt

The U.N.-backed government in Libya has not invited European ships into its territorial waters to help stop people smuggling because this could harm efforts to

China to "Pressure" U.S. on Maritime Issues

China will "pressure" the United States on maritime issues at talks in Beijing next week because of Chinese concern about an increased U.S. military presence in the disputed South China Sea,

CBP, AMO Unveils New Interceptor Vessel

U.S. Customs and Border Protection (CBP) Air and Marine Operations (AMO) and SAFE Boat International celebrated the unveiling of AMO’s newest coastal interceptor vessel (CIV) Thursday.

Coast Guard

Roger Blough Salvage Underway

Salvage divers from DonJon-Smit plan to begin an underwater survey of the hull of 833-foot U.S. cargo vessel Roger Blough, which ran aground Friday afternoon on

Coast Guard to Remove Some Navigation Aids in Virginia

The U.S. Coast Guard is scheduled to discontinue 166 navigational aids within the Virginia Inside Passage (VIP) due to shoaling and other navigational safety concerns throughout the area.

Freighter Runs Aground in Lake Superior

The U.S. Coast Guard informs it is continuing to monitor and respond to the 833-foot U.S. cargo vessel Roger Blough, which ran aground Friday afternoon on Gros

Software Solutions

Royal Caribbean Selects Quintiq Software

Quintiq, a Dassault Systèmes company, announced that Royal Caribbean Cruises Ltd. has selected its software solution to optimize the assignment of more than 80,

ABB Software to Monitor Cosco Heavy Transport Fleet

ABB, a power and automation technology group, will supply its onboard motion monitoring and forecasting system to the Xiang Rui Kou heavy lift vessel, meaning the

APM Terminals Bahrain Push for Safety, IT systems

Hidd, Khalifa Bin Salman Port, Bahrain - APM Terminals Bahrain, operators of Khalifa bin Salman Port (KBSP), has recently made significant advances in Safety performance

Offshore Energy

Mothballed Vessels SE Asia Reflect Oil Slump Pain

Around 1,300 offshore support vessels lying idle worldwide. Not everyone in shipping is bemoaning the industry's worst crisis in living memory: a cluster of

Bulgaria, Greece to Consider Greek LNG terminal

Bulgarian state energy holding company BEH and Greek natural gas company Gastrade have set up a joint task force to prepare a proposal to build an off-shore liquefied

Trim Optimization – Saving Fuel on Offshore Supply Vessels

A joint development project (JDP) between DNV GL, Statoil and Farstad Shipping has demonstrated that offshore supply vessels (OSV) can save up to 21,000 Euros on their annual fuel bill,

 
 
Maritime Careers / Shipboard Positions Maritime Contracts Maritime Security Naval Architecture Offshore Oil Pipelines Salvage Ship Simulators Sonar Winch
rss | archive | history | articles | privacy | contributors | top maritime news | about us | copyright | maritime magazines
maritime security news | shipbuilding news | maritime industry | shipping news | maritime reporting | workboats news | ship design | maritime business

Time taken: 0.3860 sec (3 req/sec)