Maritime Cybersecurity Takes A Big Step Forward

The international shipowners’ association, BIMCO will introduce a cyber security clause into its charter party agreements and other contracts to include the need to protect both IT and OT-based systems onboard ship.

The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons. It is anticipated that the cyber clause will be included in BIMCO contracts from May 2019.

Asaf Shefi, CTO of Naval Dome, the Israel-based developer of the award-winning Endpoint cyber security platform welcomed this imprtant step. 

“That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cyber security measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”

“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of Operation Technologies means that shipowner realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” said Shefi.

With the market proliferation of maritime cyber solutions, however, Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.

“Most cyber security systems just protect IT. Naval Dome Endpoint is the only cyber security system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system onboard needs its own protection.”

It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singles out for particular praise.

“The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause.”

BIMCO has said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.

“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Sela.

“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat.”

You Might Also Read:

The Maritime Industry's Slow Boat To Cybersecurity:

Cybersecurity At Sea:

 

« Russian Hackers Have New Phishing Tricks
Cathay Pacific Admits Cyber-Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

National Initiative for Cybersecurity Education (NICE)

National Initiative for Cybersecurity Education (NICE)

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.