Cyber Security In Shipping & Offshore Ops

By Henrik Segercrantz
Monday, February 01, 2016
Sources: DNV The amount of communication options is growing for shipping and offshore installations. Communication broker solutions from Maritime Communication Partner (MCP) is shown at left and Inmarsat Plc at right. GL, MCP, Inmarsat Plc

Global shipping and offshore oil and gas operations are increasingly dependent on integrated networks, based on various software and data transfer solutions. Systems and equipment onboard are interconnected, monitored and controlled through an onboard automation network. Onboard systems are increasingly also connected ashore to the owners’ or technology providers’ control centers. Equipment manufacturers want to remotely upgrade the software of their systems and monitor their use to be able to optimize operations and to scheduled needed maintenance service. Shipowners and oil companies develop their integrated energy management systems. The risks for data security violations are increasing, requiring focused countermeasures including actions by all parties. Potential cyber security threats for shipping and offshore oil and gas installations follow to a large extent those of onshore industries and companies, including also the element of satellite communications.

Major Developments in SatCom
With the increasing sea-shore traffic the future availability of satellite communication capacity was discussed at a conference on future unmanned vessel operations arranged by NorShipping, in Oslo, Norway, June 2015. In that context, security was also touched on by Ronald Spithout, President, Inmarsat Maritime. Inmarsat plc is a leading provider of global maritime satellite communications, and Spithout said that a cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority when it comes to designing the new network.” The new network was scheduled for launch towards the end of 2015, after Inmarsat having achieved global coverage by adding a third satellite providing a completely new way of dealing with traffic signals increasing security. “In the future there will be more than one satellite connection link with the vessel providing reliability and redundancy.”

He described how, together with Cisco Systems Inc., a software layer is being developed around the Inmarsat satellite network.

“It is an enormous project which will see the light in 2016. The ownership of the terminal will be separated from the ownership of the traffic, where the ownership of traffic can be defined based on the type of application or the type of sensors or the destination of the traffic and then the application providers will deal with the traffic and the costs of it so that they can provide flat fees of their applications towards the vessel.”

He said there might be hundreds (of applications) which will see the light in a year or two. Inmarsat reported in November that the I-5 F3 (the third satellite mentioned above) had been successfully launched, in August, ‘putting Global Xpress (GX) on track for the introduction of global commercial service by the end of the year.’ Inmarsat will also launch Fleet Xpress, its maritime service based on Global Xpress which will be the world’s first hybrid Ka/L-band mobile satellite system.

‘Class’ Intensifies its Work

The maritime and offshore Oil and Gas industry has seen cyber events such as manipulation of AIS, ECDIS and GPS data and as hacks on port IT systems and breaches in the bunkering community, such as the cyber attack that was reported to cost World Fuel Services an estimated $18 million.

According to DNV GL just in year 2014 more than 50 cyber security incidents were detected in the Norwegian energy and oil and gas sector. The maritime industry with related authorities, such as the USCG in the United States and ENISA in Europe, as well as classification societies have their full focus on cyber security matters.
Classification societies such as ABS Group and DNV GL provide advice, consultation, services and updated regulations aiming at minimizing the threat of malicious attacks.

ABS provides a range of cyber security services including the identification of a company’s Security Baseline and level of potential risk to an attack, examining and assessing the physical and logical security of the industrial control systems against well-known standards and best practices. Using a combination of software failure mode knowledge and offshore industrial control system experience solutions required to reduce the risk of downtime or safety incident are assessed, for complex, high consequence vessels such as semi-submersibles, drillships and FPSOs. Reference standards mentioned by ABS include ISO-IEC 62443, NIST 800-53&82, WIB, and other Industrial Control System specific cybersecurity standards.

At DNV GL, Tor E. Svensen, CEO of the Maritime sector, said that high-speed ship to shore data communication will offer the opportunity for malicious attacks, and attempts to actually control or damage ships or property. The area of cyber security will see a lot more attention in the years to come, addressed in the rules and procedures. Earlier in the year he summarized that “in theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”

He recommends self-assessments and also third party audits, such as those offered by DNV GL’s own Marine Cybernetics unit. Through combining so called Hardware In-the-Loop (HIL) testing with cybersecurity testing, typical threats such as network storms and penetrations, password attacks, disconnections and communication failures can be addressed. The Integrated Software Dependent Systems (ISDS) standard, originally developed for the offshore industry look aim at ensuring reliable and safe operation of the vessel’s integrated and stand-alone control-systems. “If you have already taken care of software integrity, installed data protection and assessed the risks e.g. with HIL testing or ISDS, you are in a good position to take the next step in improving cybersecurity,” Svensen said.

Classification companies have much to contribute when defining cyber security requirements and in establishing rules, class notations, recommended practices and guidelines, and also in supporting companies with industry protocols such as ICCP, UCA and DNP. Also the U.S. Coast Guard works with DNV GL on building a regulatory framework and providing comments to the USCG “Guidance on Maritime Cybersecurity Standards.”

USCG Guidance on Cybersecurity
After a year-long development process the U.S. Coast Guard launched its cybersecurity guidance initiative on January 15 this year, through hosting an interagency public meeting on the subject ‘Guidance on Maritime Cybersecurity Standards.’ It has its original background in the Maritime Transportation Security Act law enacted after September 11, 2001, and in more recent set governmental requirements which also base on the Cybersecurity Framework of the National Institute of Standards and Technology. Through the initiative the Coast Guard looks for the industry and public to participate to help develop policy and the most effective cybersecurity regulations for the maritime industry. In this process, the Coast Guard asked for feedback or questions on various cybersecurity issues through a dedicated website, to be considered when developing their relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure. In the process USCG stressed the importance of full transparency and cooperation with its interagency partners and the maritime community.
 

(As published in the January 2016 edition of Maritime Reporter & Engineering News - http://magazines.marinelink.com/Magazines/MaritimeReporter)

 

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)

    “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.” Tor E. Svensen, CEO, Maritime, DNV GL (Photo: Nina Rangøy)

  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars

    A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.” Ronald Spithout President, Inmars

  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.

    The Av-Test IT Security Institute in Germany registers more than 390,000 new malicious programs every day.

  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

    AV-TEST’s Android Malware Repository (Collection) Statistics. Copyright © 2015 AV-TEST GmbH

  • “In theory, all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems.”   Tor E. Svensen,  CEO, Maritime, DNV GL (Photo: Nina Rangøy)
  • A cluster of satellite cells for communications is currently being built around the world, providing security and redundancy, based on beams and cells, “where each beam will have up to 89 little cells which are all in relation to each other so you get a truly global coverage and also, at each given time the satellite disk is looking at the next cell as well. The connection gets more secure, it gets more back-up, and the security itself is of highest priority.”   Ronald Spithout President, Inmars
  • The Av-Test IT Security Institute in Germany registers  more than 390,000 new malicious programs every day.
  • AV-TEST’s Android Malware Repository  (Collection) Statistics.  Copyright © 2015 AV-TEST GmbH

Technology

WSS Marketing Turner Design’s Ballast Water Compliance Tool

Wilhelmsen Ships Service (WSS), provider of products and services to the shipping industry, said it has signed a partnership with Turner Designs USA to market its

Wärtsilä to Launch Sea-Master at SMM

Set to launch at SMM 2016 in Hamburg September 6-9, 2016, the new Wärtsilä Sea-Master system uses digital technology to monitor shaft bearings and seals to help

Japanese Yards Mull Shipbuilding Alliance

Four major Japanese shipbuilders are in discussions to form an alliance in hopes of riding out the industry slump.   Mitsubishi Heavy Industries, Ltd. (MHI) announced

Maritime Security

Indian Warships Visit Port Victoria

In a demonstration of India’s commitment to its ties with Seychelles and maritime security in the Indian Ocean Region, Indian Naval Ships Kolkata, Trikand and

White House: Iranian Ships' Actions in Gulf Increase Risk of Miscalculation

Actions by Iranian vessels in several encounters with U.S. warships in the Gulf this week are cause for concern and increase risks of miscalculation, the White House said on Friday.

Australia Warns DCNS after Security Breach

Australian defence officials warned French naval contractor DCNS to beef up security in Australia, where it is preparing to build a A$50 billion ($38.13 billion) fleet of submarines,

Coast Guard

Wounded Lobsterman Medevaced near Cape Cope

An injured lobsterman was medically evacuated by U.S. Coast Guard helicopter crew Tuesday roughly 130 nautical miles east of Cape Cod.   At about 10:15 a.m.,

Caribbean Fantasy Fire Extinguished

A fire that broke out aboard the passenger vessel Caribbean Fantasy at 7:42 a.m. on August 17 has been extinguished, and the vessel has been moored safely in port.

Coast Guard Foundation Awarded 128 Scholarships

The Coast Guard Foundation, a non-profit organization committed to the education and welfare of all Coast Guard members and their families, announced today that

Software Solutions

ABB Launches Torque Monitoring System

ABB has launched a new torque monitoring system called Torductor Marine, which is aimed at optimizing engine and fuel efficiency in the maritime sector. The new

MN100: Krill Systems, Inc.

The Company: Krill Systems Inc. was founded as a software development company focusing on accurate vessel fuel consumption measurement and efficient data transmission.

MobileOps Pursuing Maritime Business

Redmond, Wash. based MobileOps, Inc., a software company specializing in the design and development of maritime software applications (dispatch, safety, compliance,

Offshore Energy

OSV firm Farstad Continues Restructuring Talks

Supply firm Farstad Shipping's CEO Karl Johan Bakken repeats is in stand-still agreement with lenders until Oct. 1   Notable disclosures: * CEO says is talking

DNV GL Launches New Approach to Manage Uncertainty in Risk Assessment

There is increasing emphasis from regulators on addressing uncertainty in risk assessments to improve safety. DNV GL’s new paper, ‘Enabling confidence – addressing uncertainty in risk assessments’,

Esvagt Makes Vestdavit MissionEase First Choice for Mission Bay

Norway-based boat system and davit-handling specialist Vestdavit has secured a breakthrough order for its unique MissionEase multi-boat handling solution for mission bays,

 
 
Maritime Contracts Maritime Security Naval Architecture Offshore Oil Pipelines Port Authority Salvage Shipbuilding / Vessel Construction Sonar Winch
rss | archive | history | articles | privacy | contributors | top maritime news | about us | copyright | maritime magazines
maritime security news | shipbuilding news | maritime industry | shipping news | maritime reporting | workboats news | ship design | maritime business

Time taken: 0.1743 sec (6 req/sec)