Cyber Security IMO Regulations

Ignorance is bliss? Not when it comes to Cyber Security.

Technology plays a critical role in our daily lives. Technological advancements are blisteringly fast compared to previous years, which is why it has become an urgent topic of discussion. In this digital era of ubiquitous computing, organizations without Cyber Security are at risk. Land, air, water and cyber; it’s recognised as the fourth ground for nation-states.

As the drive towards digital transformation continues to ceaselessly gather momentum, industries need to reassess their security strategies. By not properly protecting the attack surface, private and public sectors leave themselves exposed to possible breaches.

What is Cyber Security Management and why is it so important?

In short, all connected digital systems are prone to cyber-attacks. Expanding networking capabilities to all corners of our lives can make us more efficient, but more susceptible. 2020 catapulted industries online, with cyber security becoming a top priority for businesses. The pandemic has effectively become a catalyst for cyber security threats to rise exponentially, with all sectors being vulnerable. Connecting to the internet also means connecting to potential cyber threats. Attackers are always on the prowl to compromise systems. Generally, hackers are motivated by financial gain via corporate espionage or by acquiring personal data. Not having “top secret type government information” or “lifestyles of the rich and famous” does not make one untouchable.

Maritime Cyber Security Risk

While the threat is very real, the yachting industry has been quite lackadaisical until recently. Reality is – the fancier the yacht, the greater the risk. Adding complexities to ensure an immersive, bespoke experience, has resulted in modern superyachts closely resembling an enterprise-grade network. Vessels are more connected than ever before. Despite the cutting-edge technologies to allow for reliability, efficiency, and safety, cyber security seems to have fallen by the wayside. A breach is troubling in any business; however, consequences could be far more serious in the maritime environment. Don’t assume to know what hackers want. Money may not be the only motive, terrorism is a scary reality. “A successful breach of a vessel’s control systems can potential grant the assailant the ability to take control of bridge systems and control the vessel’s operational functions from anywhere in the world, in real time”, Super Yacht News

IMO Cyber Security Regulations

“When we talk about cyber security, it is not a matter of if you will be attacked but when. In order to deal with that, you should have a risk management approach on it and this what the IMO is introducing.” Mr. Chronis Kapalidis, Cyber Expert, HudsonAnalytix

Because of the ever-rising threat of an inevitable attack, the IMO has put cyber security regulations in place for compliance by 2021. The MSC-FAL.1/Circ.3 guidelines enforce a mechanism for dealing with risk rather than listing controls that should be implemented. Not reinventing the wheel, the IMO decided to build off established international frameworks for cyber risk management, adopting five functions that represent a holistic approach to cyber risk management: Identify, Protect, Detect, Respond, Recover. By taking this functional approach, captains and security officials have the flexibility to use their discretion to tailor a program that effectively meets the requirements of their vessel without becoming excessively onerous.

NIST Cyber Security Framework

Not industry or size specific, the NIST Cybersecurity Framework (“CSF”) is a useful benchmark which the maritime industry can refer to when developing internal regulations and standards.

The CSF features five core functions,

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.
Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

Is your vessel ready for IMO’s Cyber Security compliance?

“It’s been decided that no later than the annual verification of each company’s Document of Compliance, the 1st of January 2021, all shipping companies will be mandated to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code)”, Pelion Consulting

With a strong background in the yachting sector, Virtual Pursers recommend Pelion Consulting to ensure Safety Management Systems are updated and ready for audit after the deadline date.

Virtual Pursers are not a yacht management company; we are an extension of your crew and act as a landbased bridge to your shoreside counterparts. As trusted yachting professionals with 20 years combined industry experience, we are here to help as well as to keep you informed on relevant industry related news and updates! For more information contact info@virtualpursers.com or call +44 203 514 0413.

Cyber Security in the Super Yachting World

High-profile owner and guest information is top priority and needs to be completely protected. Cyber Security attacks are generally aimed at accessing/destroying sensitive information, or extorting and stealing money. This is the last thing guests want to deal with whilst trying to enjoy a relaxing holiday. Many yachts lack the most basic security measures and yet, they need them the most. Crew also need to be educated on simple measures to protect their personal devices which may contain sensitive information pertaining to the vessel and guests.

Virtual Pursers understand the risks associated with Cyber Security in the Super Yachting World and have taken all the preventative action necessary. Our services have considered the top 5 cyber security threats.

Ransomware is a form of malicious software that attempts to scramble your data

An obvious but often overlooked form of protection against this type of malware is to back everything up. By merely backing up, you can, in large part, mitigate this risk. It’s also a good idea for business continuity for apparent reasons. Doing this with a cloud-based storage provider that automatically backs up your entire file system is best, as distributing your data as widely as possible makes it inherently more resilient to any loss. There are several providers such as iDrive and Backblaze, but it’s a good idea to shop around.

Phising is an attempt to gain sensitive information by posing as a trustworthy contact

This often comes in the form of a fake email in order to gain an urgent payment or personal information. At Virtual Pursers, we use G-suite and an anti-virus to mitigate these kinds of emails. Here are some points to remember when it comes emails:

Remember that email, on the whole, is completely insecure. Being the digital equivalent of a postcard, it’s easy for anyone to intercept and read. Never send anything commercially or financially sensitive via email, especially bank details, credit card numbers, etc.
Never, ever, click on any link in an email from an unknown source. Just one click can open you up to a considerable number of attacks, even if nothing seems to have changed/happened.
Do not open any attachments from anyone unless you are expecting them. Word docs and Excel sheets are especially risky, but viruses and other malicious code can be hidden in nearly any type of file, even images.
Be mindful of the email source, especially if a known contact suddenly says that they’re using another email account (personal, etc.) out of the blue. Always call to confirm.
Anyone’s email addresses can be spoofed (faked), so if a known contact suddenly sounds somehow different, then don’t be shy about checking that everything is ok and that it is them!

Data Leakage and hacking are two major problems in the modern-day working environment

There are a few simple ways to counteract these one of which is to use decent antivirus/security software. Whereas both Windows 10 and macOS are relatively secure, they’re both susceptible to spyware, viruses, etc. Even Macs, who people think are generally “virus-proof” out of the box, really aren’t. Installing good antivirus/firewall software is an absolute must for any laptop or desktop used in a professional capacity. Virtual Pursers prefer Norton, however there are alternatives such as Bitdefender, Kaspersky. Avast is the only trusted free software option.

Use two-factor authentication whenever you can

This ensures that even if somebody gets hold of your credentials or passwords, they cannot log in to anything with additional security. There are various ways to do this and there are a few built in systems on some programs that send a code to your cell-phone, for instance. Virtual Pursers use Yubikey’s, a physical USB key for both hardware and software access.

Be careful how you connect to WiFi networks and use a VPN where possible

Never, ever, connect to an insecure public WiFi network that does not require a password. If you have to connect to any network outside of your own trusted office or home network, then it’s vital that you use a VPN or “Virtual Private Network.” VPN services create a secure data “tunnel” from your device, directly through to another secure server elsewhere in the world. This makes you a whole lot more secure and prevents anyone from intercepting your data. There are several options out there, but ExpressVPN is a recommended one as they’re fast, reliable, and they offer apps for all major platforms that make it very, very easy to setup.

Always stay updated to the latest version or the operating system

The moment a new version comes out, an army of both good and bad hackers try breaking into it. As soon as they find vulnerabilities, believe it or not, the good guys tell either Apple or Microsoft before the bad guys can exploit them, and patches and updates are released straight away.

G-Suite, the ideal Cloud-based ecosystem for Cyber Security in the Super Yachting World

Not only highly recommended, but Virtual Pursers prefer this robust cloud computing platform because of the archiving and collaborative abilities. G-Suite makes it extremely easy for both in-house and external clients to share and contribute. It’s also a reliable environment to keep all your documents, files, email attachments, etc. With G Suite data is kept away from local devices and potential cyber security threats.

Cyber Security Regulations to be in place by 1 January 2021

With the assistance of International Maritime Organization, vessels can mitigate threats by adhering to the Guidelines on Maritime Cyber Risk Management. The recommendations are complementary and can be easily incorporated into existing risk management processes. By 1 January 2021, The Maritime Safety Committee require all administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code).

We understand the risk of Cyber Security in the Super Yachting World so you can rest assured knowing that your safety is our top priority. Virtual Pursers – The future of seamlessly, effortlessly, and efficiently navigating yacht administration. For more information contact info@virtualpursers.com or call +44 203 514 0413.