Pirate attack – 5NM West of Jazair Az Zubayr island

At 1512UTC on 03 June 2018 an MV in position: 14 57.1N 042 05.8E was attacked by a skiff with 6 POB. The skiff fired upon the vessel and AST returned fire before the skiff retreated. Vessel is SAFE.

Source: UKMTO

FacebookTwitterGoogle+

Government outlaws private security guards onboard vessels

Notwithstanding the spate of pirate attacks on its territorial waters, the Federal Government has declared that the Nigerian Constitution forbids the use of armed private guards on board vessels.

The Minister of Justice and Attorney-General of the Federation, Abubakar Malami, who made this known at the 3th edition of Lagos International Maritime Week in Lagos, called on maritime stakeholders to develop a strategy to deal with the challenges within the permissible scope of security agencies to improve maritime security.

Malami, in a presentation entitled: “Armed Guards Aboard Merchant Vessels in Nigeria – Legal or Illegal,” said maritime security has become an important requirement for merchants’ vessels over the last decade. This, he said, is due to the increasing threats from pirates across the world, adding that the issue of maritime security in the Nigerian territorial waters should be taken seriously.

The Minister, who was represented by the Special Assistant to the President on Financial Crimes, Abiodun Aikomo, said: “Even though Nigerian-flagged vessels cannot make use of armed private guards as the law stands today. The reality is that there must be a dynamic strategy of dealing with security challenges facing merchant vessels in Nigerian waters.”

He added that: “Human beings have the responsible for self-preservation of their life and limbs and by extension, private properties and investments.

“As to the legality and illegality of armed guards on merchant vessels in Nigeria, the debate should no longer be focused on whether armed guards should be employed. Rather, how they can effectively, legally and safely be engaged with emphasis on accreditation and accountability.

“In this regard, the United Kingdom, and Norway have provided regulations on the use of private guards onboard. The International Chamber of Shipping (ICS), has also announced its change of stance on armed guards.”

According to him, it could be necessary to amend the relevant laws in the long term, adding that there was a need for stakeholders to develop a strategy within the scope of power of the Nigerian Maritime Administration and Safety Agency (NIMASA), in collaboration with other sister agencies.

The Lagos State Commissioner for Transportation, Ladi Lawanson, sued for massive financing in the sector, especially in the face of emerging innovations and advances in technology.

Lawanson, who was represented by his Technical Assistant, Mrs Olufadeke Immanuel, said shortage of maritime infrastructure in Nigeria has largely reduced the nation’s ability to harness the full potential inherent in the industry.

“In order to leverage the inherent wealth of the maritime sector, it behoves on us as government and people, to commit our resources towards the development of requisite supporting infrastructure for the sector.

The Consul-General of France, Laurent Polonceaux, noted that Nigeria was surrounded by French-speaking neighbours as well as being the largest trading partner of France in West Africa.Polonceaux said the business interest of both countries pervaded all segments of economy value chain ranging from oil and gas, food and nutrition, pharmaceuticals, security, transportation, to logistics and Africa food production.

The Founder, Lagos International Maritime Week, Mrs Oritsematosan Edodo-Emore, said this year’s conference, themed “Developing Maritime Infrastructure in Africa,” argued that Africa’s development should define the vision for the industry by seeking international cooperation to actualise it.

According to her, Nigeria should take advantage of the global shortage of skilled maritime manpower by developing maritime education and training institutions, to produce skilled manpower for continental and global markets.

Source: The Guardian

FacebookTwitterGoogle+

Human Rights and Wrongs

Dr. Sofia Galani, Lecturer in Law at the University of Bristol and a Non-Executive Board of Advisors member of Human Rights at Sea gave a short interview on piracy to the Navigate Response, a global crisis communications network specializing in the international shipping, port and offshore industries:

How have attitudes to human rights at sea changed over time regarding piracy?

Piracy and counter-piracy responses have had a tremendous impact on human rights both for those suspected of piracy and for seafarers. Maritime enforcement operations and the subsequent prosecutions and trials alerted the international community to the human rights abuses suspects of piracy might face.

Although it took more time for the human rights of seafarers attacked or kidnapped by pirates to attract attention, the human cost of piracy is now an important part of the human rights at sea debate. The hundreds of thousands of refugees and migrants fleeing their countries on board unseaworthy boats and the increasing reports of slavery and abuses of seafarers and fishermen have also played a significant role in our current understanding of human rights at sea …It is high time that human rights at sea were effectively recognized and protected.

Regarding piracy, how are human rights affected between regions?

Different piracy models and bespoke counter-piracy mechanisms might affect human rights at sea differently in the various regions. The regional or international character of counter-piracy operations, for example, have a different impact on the human rights of piracy suspects. While the rights to life, liberty, fair trial and freedom from torture of all piracy suspects can be interfered with, Somalis have been at a more disadvantaged position. Somalis are often transferred to third states, where they have no ties, to be tried and prosecuted. They often have no contact with their families or face inconsistent punishments depending on domestic law.

To address these gaps, flag states, coastal states and the shipping industry have to work together towards improving the human and labor standards on board vessels as well as making available reporting mechanisms and remedies for victims of human rights violations at sea.

Source: Navigate Response

FacebookTwitterGoogle+

TT Club Highlights Cyber Activity is the Norm not the Exception

Speaking at the 6th Med Ports Conference in Livorno (Italy) last month, TT Club’s Andrew Huxley highlighted that cyber activity is a daily operational risk which needs to be addressed urgently.

According to freight transport specialist insurer TT Club, supply chain operators are vulnerable to disruptive cyber activity, from criminals or other perpetrators, impacting operations and putting commercially sensitive or confidential data at risk.

Huxley explained, “Many in the marine supply chain business have operations characterised by widespread office networks and a reliance on multiple third party suppliers. Often IT systems are of an in-house, legacy nature, which may be poorly protected by security software.” Specifically, ports and terminals are exposed to threats as they are at the confluence of physical and communications activity. The data interfaces are complex and the drive towards interconnected control systems and efficient processes, exacerbates the opportunities for outside malicious interference. Most of all, at the ship/port interface there is much opportunity to cause loss and damage, far beyond the persistent exposure to criminal activity.

The problem is intensifying. At a global level reports by AV-TEST indicate that on average 4.2 new files of malware code were generated every second last year. From a maritime supply chain perspective an example of serious IT incursion in 2017 was the spoofing attack on over twenty ships in Novorossiysk (Russia). Navigation experts claim the spoofing sent false signals and resulted in ship-board equipment providing false information as to the location of the ships. There is speculation that this incident could have been a state-sponsored attack. A second incident, the NotPetya strike, impacted many in the supply chain, including AP Moller-Maersk, resulting in large scale disruption and substantial costs for those immediately impacted and their partners.

As to the extent of attacks, research that is available reveals a worrying situation. “A BIMCO survey in 2016 suggested that more than 20% of respondents admitted to cyber attacks and last year a SeaIntel Maritime Analysis report estimated that 44% of the top 50 container carriers had weak or inadequate cyber security policies and processes,” stated TT Club’s Huxley.

The US Coast Guard issued a draft Navigation and Vessel Inspection Circular (NAVIC) titled ‘Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities’. The circular currently under review requires incorporation of personnel training, drills and exercises to test capabilities, security measures for access control, handling cargo, delivery of stores, procedures for interfacing with ships and security systems and equipment maintenance.

Additional national and regional initiatives, exemplified in the European Union by the Directive on Security of Network and Information Systems (NIS Directive) and General Data Protection Regulation (GDPR), are indicative of the development of regulatory expectations. While the latter does not directly address it, cyber protection is intrinsically at the core of data protection. Such initiatives, together with known vulnerabilities, highlight that cyber security is ever more pertinent for ports and terminals, as well as the broader supply chain community.

TT Club, jointly with UK P&I Club (also managed by Thomas Miller) and cyber security consultants NYA, has published a paper entitled ‘Risk Focus: Cyber – Considering Threats in the Maritime Supply Chain’.

Huxley introduced the paper in his Livorno presentation, “As an insurance mutual, TT Club has always been dedicated to minimising risk through its loss prevention efforts. By publishing ‘Risk Focus: Cyber’ we hope to generate more awareness of the risks to help combat the situation. Ultimately, the main threat continues to derive from human error – downloading malicious content, opening an unsecured web browser or falling victim to social engineering attacks and phishing scams.”

Awareness of the nature of potential attacks and the need for protection is clearly a crucial initial step towards thorough risk assessment and mitigation – and this needs to become part of corporate culture.
Source: Hellenic Shipping News

FacebookTwitterGoogle+

Experts urge Indian shipping community to build robust cyber security

Experts in Singapore have urged India to build a strong cyber security system for its shipping sector, saying the country is investing billions of dollars in maritime infrastructure but the enforcement of anti-cyber attack rules is not as per the need of the hour.

Geoff Leeming, partner at Singapore-based cyber security consultancy Pragma, said cyber attack was a mega problem for every industry but the shipping sector has just “woken up in the last couple of years”.

Anti-cyber attack rules and regulations enforcement in countries like India, which is developing multi-billion dollar maritime infrastructure, is lower than the need of the hour, he said.

“Don’t just wait for a cyber attack on your ships and maritime infrastructure, for it may be worse than the 26/11 attack in Mumbai,” Leeming said, referring to the November 2008 terror attack in Mumbai and the September 2001 attack in New York.

“The shipping industry has to wake up to what they can do about these threats from cyber attack planners,” he said.

Indian shipping sector, just like the rest of the world, is low on the use of IT expertise despite a large pool of IT talent in the country, Leeming said.

Indian maritime infrastructure development includes privately-owned ports which again are likely “identified” targets for cyber attack, said Peter Schellenberger, managing director of OSERV Private Limited, a global supply chain and services company here.

“Indian shipping companies have started looking into cyber security but it has never been the focus as it should be. Some 95 per cent of Indian exports are shipped which needs a strong cyber security system fully backed by regulations and operating regimes,” Schellenberger said at a recent presentation on cyber scurity here.

Both experts appreciated India’s massive infrastructure in planning and implementation phases.

Schellenberger also warned that “don’t wait for an attack to happen and then hustle around to re-write your legislative pieces for safety”.

Citing expensive learning from painful losses, Leeming highlighted the case of container shipping company AP Moller Maersk.

Maersk had said that its revenue loss could be as high as USD 300 million following the NotPetya cyberattack.

As India develops a large number of ports, it is time to have all the regulatory checks in place, the two executives said.

“Cyber attack is a dangerously open game. Governments and shipping community should expeditiously work on strong security systems,” Schellenberger added.
Source: Hellenic Shipping News

FacebookTwitterGoogle+

Cyber Security: The Emerging Threat to Passenger Safety

By Ian Richardson and Patrick Carolan 2018-05-03 19:02:08

Not a day goes by where we do not hear of a company breach, cyber-attack or a company facing a virus or ransomware scenario. Although defenses can be put in place to mitigate such issues, every industry is uniquely different. We have seen an evolution in the cruise industry, with the rising levels of passengers resulting in the introduction of new technologies and the internet of things (IOT) in order to make the journey more engaging and personalized. This new technology means that every facet of the ship is digital, from the dinner reservations to locating people on the ship.

With thousands of people’s information available cruise line digitization makes them a target for hackers.

The use of new and emerging technology can be vulnerable to an attacker because of the reliance on internet connections. Email phishing can be used to implant a virus on to a ship just as easily as one of the thousands of passengers on board opening an email, or uploading a USB drive that is infected to provide an attacker access to the internal systems.

Although these should be of concern to any company, in 2017 the biggest threat vector was the internal user. Mistakes made both intentionally or unintentionally were left unreported mainly due to concerns of employee repercussion; this alone has caused many companies than ever having to face this scenario. Whether you are on board a ship, within a port terminal or assisting with bookings at an office, mistakes happen when education and training are not implemented correctly or at all.

In recent years, cruise liners have become reliant on the interconnectivity of IT systems and operational technology to create a digital environment to manage the successful delivery of a holiday to every passenger. Whilst ships become smarter the dangers increase tenfold in raising the risk of cyber-attacks, where the effects can be devastating. The Transport Department in the U.K. Government issued a warning in in the “Cyber Security for Ships” code of practice in 2017 about the vulnerability of the maritime industry, stating that if the computer systems are hacked, then at worst there could be a danger to life. If the hack were a terrorist move, then this could certainly be the case.

However, the cruise industry is far more likely to have the data of its passengers taken advantage of. For example, if a passenger’s data such as a bank card or personal information has been uploaded onto the online systems, (which would be used to make their stay more personalised and automated) then their details can be infiltrated and they could become the victim of fraud.

As IT becomes increasingly involved in every aspect of our lives it’s easy to see clear advantages, this also brings vulnerabilities, challenges and safety to the forefront. Researchers have demonstrated that it is possible to remotely take control of a vessel by spoofing its GPS positioning, gaining the ability to manipulate operational control panels that manage the ships propulsion and through this  ransomware disable the ship until the hackers have been sated. This of course would be devastating to a cruise ship causing chaos on board, putting passengers in peril and ruining the company’s reputation.

The cruise industry has a proven ability to compete with other holiday destinations. However, this will quickly diminish if passengers feel unsafe. It is apparent that the time to define a clear and secure strategy relating to cyber security is paramount to maintaining confidence in the cruise industry from its customers.

The maritime industry has previously failed to recognize the risks of cyber attacks. However with the developments of cruise ships becoming floating digital worlds of their own, it is crucial for the safety and integrity of the industry and it passengers that cruise lines start recognizing and understanding the increasing threats and what the outcomes could be.

So where are the particular areas of concern that need to be raised within shipping?

Cyber-attacks in the maritime industry are left unreported compared to onshore attacks. In today’s industry, more and more ships are internet connected resulting in a cyber-attack at sea risk being more dangerous than onshore.

The lack of any inbuilt encryption or authentication codes for navigation systems is an issue where attackers can and do see shipping as a soft option for attack, be it for enjoyment, state sponsored or for ransom.

Everyone has heard of the day to day breaches occurring with these within the leisure industry. However, let us not forget many ships have multiple point-of-sale (POS) terminals in place. If left unsecured, with no antivirus, accessible to the internet and on a primary infrastructure network this is a popular chosen attack vector following attempted WIFI hacking or a phishing campaign.

Cyber security training is a requirement for all employees, from the owner of the shipping company to the junior deck hand. In 2015 only 12 percent of crew received cyber security training. In subsequent years this figure slightly improved but well below the size of growing threat. In 2017 reports indicate only 47 percent of crew were aware of cyber-safe policies or cyber hygiene guidelines which is better but still not even close to making the industry cyber secure.

The main problem with cyber security is the belief that cyber security preventative measures are expensive, there is no understanding of the value and many believe it won’t happen to them. As the general perception of being hit by an attack is very unlikely hence expenditure to apply safeguards is not a priority concern. A common response you will hear is that cyber-attacks are largely an onshore issue. The reality is that where there is technology and people the exploitation of technology for nefarious means will always take place in some form, be it at sea on onshore.

Remember cyber-attacks not only cost money to correct but affect the reputation of the company. A reputation that the maritime industry has built over years of service yet can be easily destroyed because the lack of funding of an appropriate cyber security investment.

Understand the risk, then the value and then check the price of not taking action.

Ian Richardson is CEO and Co-Founder of TheICEway and Patrick Carolan is Technical Director for CRIBB Cyber Security.

Source: Maritime Executive

 

 

FacebookTwitterGoogle+

NIMASA, IMO move to enforce maritime security legislations

By Godwin Oritse
IN a bid to further strengthen the nation’s maritime security, the Nigerian Maritime Administration and Safety Agency, NIMASA, in collaboration with International Maritime Organization, IMO, has commenced moves to develop capacity to implement and enforce maritime safety and security legislations.Director General NIMASA, Dr. Dakuku Peterside, disclosed this at the commencement of a three-day Table Top exercise on security in West and Central Africa. He said that cooperation amongst relevant government departments and agencies will enhance the fight against piracy and armed robbery on ships.
Peterside explained that the cooperation will not only enhance security in the nation’s coastal and territorial waters and Exclusive Economic Zone, but its impact will cascade towards the West and Central African States.
He stated: “The International Ship and Port Security, ISPS, Code implementation Committee commenced the process of inter-agency coordination in the event of an emergency. This Table Top exercise will further buttress the ongoing effort to determine the respective roles, responsibilities, processes and procedures we are all to play in the event of an accident.
“This exercise by IMO will be done using a range of global evolving scenarios. The essence of the ISPS Code is bordered on the need to respond to the signs of times by putting in place holistic strategies to protect our ports and the ships calling upon them from across the world through adequate security of our maritime domain.”
Similarly, NIMASA’s Executive Director, Operations, Engr Rotimi Fashakin, said the exercise is designed to test the flexibility of response mechanism in the event of a breach of maritime security.
IMO consultant, Mr. Brian Crammer, told Vanguard that the exercise is aimed at supporting the implementation of the code of conduct concerning piracy and armed robbery against ships, as well as illicit maritime activities in West and Central Africa.
FacebookTwitterGoogle+

Nigeria suffered 41 piracy attacks in 2017 – NIMASA

NIGERIA recorded 41 piracy attacks on vessels calling at her ports in the whole of 2017, the Nigerian Maritime Administration and Safety Agency (NIMASA) stated in its ‘Nigeria’s Maritime Industry Forecast 2018-2019. This is even as the agency said the nation suffered 135 piracy attacks between 2015 and 2017.

According to data sourced from the agency’s industry forecast document, the highest number of attacks occurred in the last quarter of 2017, with 16 attacks occurring within the nation’s waters.

“In the first quarter of 2017, nine reported attacks occurred within Nigerian waters. Out of the nine reported attacks, three were successful while the remaining six attacks were not successful. In the second quarter of 2017, eight vessels were attacked within Nigerian waters. Out of the eight vessels attacked, four were successful and the other four attacks were unsuccessful.

“Also in the third quarter of 2017, eight vessels were attacked and four were successful while another four were unsuccessful. In the last quarter of 2017, 16 vessels suffered piracy attacks within Nigerian waters and six of those attacks were successful, while the remaining 10 attacks were unsuccessful.

“For vessel movement in 2016, the nation recorded the highest number of piracy attacks within her waters as 77 attacks were recorded on vessels in the year under review. In the first quarter of 2016, 27 vessels were attacked by pirates and 14 of those attacks were successful, while the remaining 13 attacks were unsuccessful.

‘In the second quarter of 2016, another 27 vessels were attacked, and this time, 17 of those attacks were successful while the remaining 10 attacks were not successful. In the third quarter of 2016, there was a reduction of piracy attacks within the nation’s waterways as only eight vessels were attacked, and only four of those attacks were successful.

“In the last quarter of 2016, piracy on waters within Nigerian waters rose again as 15 vessels suffered attacks at different locations within the nation’s waterways. Out of the 15 attacks in the last quarter of 2016, five were successful while 10 were not successful.

“For 2015, eight vessels were attacked in the first quarter of the year under review and five of those attacks were successful, and the remaining three attacks were not successful. In the second quarter of 2015, five piracy attacks occurred within Nigerian waters, and one out of the five was successful, while the remaining four attacks were not successful.

“There was no recorded piracy attack for the third quarter of 2015. However, piracy activities resumed in the last quarter of the year under review with four different attacks on vessels within the nation’s waters. Two out of the four attacks were successful while the remaining two were unsuccessful, thereby bringing to a total of 135 piracy attacks on vessels within Nigerian waters between 2015 and 2017,” information from Nigeria’s Maritime Industry Forecast 2018-2019 revealed.

FacebookTwitterGoogle+

Cyber Security at Sea: The Real Threats

By David Rider 2018-03-10 22:05:14

The maritime cyber security landscape is a confusing place. On the one hand, you have commercial providers suggesting the risks of everything from a hostile attack on ship’s systems which allows the vessel to be remotely controlled by pirates and direct it to a port of their choice, or causing a catastrophic navigation errors, a phishing attack or ransomware on the Master’s PC. While on the other, you have sensible people who point out that this notion is nonsense due to the number of fail safes and manual overrides and controls in place.

Then there are calmer voices still, who point out that the most likely threat is actually to the servers inside your head office, or a man in the middle attack on your company’s bank accounts.

Recognizing the threats

So what are the real, documented, current threats to the shipping industry from cyber criminals? Here, we hope to offer some genuine guidance without scaremongering. We’re not trying to sell you anything. We’re just trying to make sure you know what the risk of simply doing nothing is.

Much has been made of the threat to vessels on the water from hackers. However, there is only limited available credible evidence to support claims of hacks at sea. Rather, the real threats on the water come from a lack of crew training and awareness and a culture which turns a blind eye to crew using their own devices at work (Bring Your Own Device, or BYOD) and plugging them into ship systems to charge them, thereby possibly releasing a malware they may have been inadvertently carrying onto the vessel.

Maritime cyber security survey results

In 2017, I.H.S. Fairplay conducted a maritime cyber security survey, to which 284 people responded. 34 percent of them said that their company had experienced a cyber attack in the previous 12 months. Of those attacks, the majority were ransomware and phishing incidents; exactly the same sort of incidents affecting companies everywhere, and not at all specific to the maritime world.

The good news is that only 30 percent of those responding to the survey had no appointed information security manager or department, meaning that the majority of companies have a resource able to respond and mitigate any attack.

However, the survey did reveal that there are still a lot of employees who have not received cyber awareness training of any kind, which means the shipping industry must try harder, for its own security.

Additionally, only 66 percent of those questioned said that their company had an IT security policy, which is a serious cause for concern; IT security cannot be approached on an ad hoc, incident by incident basis. It’s the security equivalent of plugging holes in a hull with cardboard.

To underline that, 47 percent of those questioned believed that their organization’s biggest cyber vulnerability was the staff. Hardly a glowing endorsement but, if you don’t train your staff to be aware of threats, it’s not surprising.

Mitigating the risk – train your staff

Imagine you’re in charge of a company. You trust your staff to do everything. Except, it seems, ensure your bank accounts aren’t handed over to cyber criminals or that your network is exposed to ransomware or malicious attack.

It would seem to be a rather curious way to run a company.

The key to mitigating cyber crime is training. Yes, you can put posters up; send company memoranda out; promote industry guidelines. But how many of your staff take those in? A robust workplace IT security policy is the first step, but that can only work when also supported by a training course where employees can see the risks through demonstrations, simulations and good teaching.

There are very simple changes that any company can make to ensure better security in the workplace. From enforcing a zero tolerance on BYOD, which is often disliked by the crew, to separating crew and administrative or operational networks, blanking unused USB ports and requiring monitors be turned away from public view to prevent “shoulder surfing” and a rule that all computers go into secure sleep mode when left unattended.

For staff dealing with accounts, additional rules may be required to ensure the risks of phishing and social engineering (whale attack) are reduced.

You don’t think your company is at risk? In November 2016, Europe’s largest manufacturer or wires and electrical cables, Leoni AG, lost £34 million in a whale attack, when cyber criminals tricked finance staff into transferring money to the wrong bank account.

£34 million. Lost… That should be read out to every board of directors.

And similar attacks take place every week.

In the last six months, the shipping industry has seen several incidents in the sector, ranging from a data breach at Clarksons through to the damage done to Maersk by the WannaCry NotPetya variant sabotage/ransomware incident, which the company believes cost it as much as $300 million.

These are some of the reasons for the creation of the Maritime Cyber Alliance, a project created by CSO Alliance in partnership with Airbus Defence & Space. The aim is simple: connect maritime and oil and gas chief information security officers via a secure, private platform, allow verified cyber intrusions to be reported anonymously and provide members with threat alerts and tools to analyze malware and prevent attacks as well as offering workshops to promote best practice in the industry and listen to concerns.

February saw the Alliance participate in four workshops across the U.K., in Aberdeen for the offshore industry; Edinburgh for the ports community and Glasgow for ship management. Guest speakers included Kewal Rai, Policy Adviser for Cyber Security with the Department of Transport, Sergeant David Sanderson from Hampshire Police, Vic Start, Thomas de Menthiere and Jean Baptsiste Lopez of Airbus, among others.

Among the concerns raised by attendees were questions on mitigation of attacks, the impact of E.U.’s General Data Protection Regulation  (GDPR) on the U.K. and how Airbus was delivering its solutions to users of the site.

The Alliance is already gathering detailed cyber crime incident reports from industry. We’ve seen an examples from shipowners who lost two days’ hire due to malware contamination via a USB stick, invoice fraud in the port, superyacht and ship broker sectors. The latter saw a ship broker’s systems compromised by criminals who altered payment details to steal £500,000.

Luckily, in that case, the company’s quick reaction, a court order and a rapid forensic investigation ensured they recovered the missing funds. We are starting to see multiple attempts of invoice fraud using privileged information, which means a vendor’s company accounts have been compromised. The timely sharing and analysis of information will grow with the increased cyber crime report data flow via the Cyber Alliance’s crime reporting servers, based in Iceland in order to ensure anonymity. The solution, of course, is to ensure your company requires multiple sign-offs for any payments over a certain amount and pick up the phone to verify and vendor bank account changes. The risk of getting it wrong could bankrupt you.

There’s clearly a need for industry to take the lead on protection and, hopefully, the Maritime Cyber Alliance will enable that. Further workshops, which are all free to attend, are planned for the coming months.

Regulatory compliance

The next major hurdle facing companies around the globe comes in the shape of the GDPR, which comes in to force in May 2018. It will affect companies in every sector, but the maritime industry in particular, given its global reach.

In essence, the GDPR is the first data protection measure to affect the entire world. If your company holds or processes the personal data of E.U. citizens, people working for E.U. entities or trading with the E.U., then you’re affected and will need to ensure that you’re compliant with the new regulations. Failure to do so will result in huge fines. GDPR’s definition of “personal data” is far broader than previous regulations, meaning that any information which can be used to identify an individual falls under it.

The new regulation introduces Privacy Impact Assessments (PIAs), which means that companies will be required to conducts PIAs wherever privacy breach risks are high in order to minimize risk to data subjects. Many companies may have to hire data protection officers in order to ensure compliance, while those companies dealing with EU crews will also want to take note of their liabilities in this regard.

The good news is that GDPR will also bring in common data breach protection notification requirements, so companies will be forced to report any breach of their systems within 72 hours, thus ensuring industry awareness and a better response time to potential vulnerabilities. This, in itself, may require staff training and is yet another aspect of GDPR companies need to be aware of.

For companies doing business in the E.U., which covers a vast swathe of the maritime industry, the NIS Directive covering network and information security also comes in to force in May 2018. In the U.K., the government has announced that organizations working in critical services like energy, transport, water and health can be fined up to £17 million as a “last resort” if they fail to demonstrate that their cyber security systems are equipped against attacks.

The NIS Directive requires organizations to have the right staff in place and the proper software to mitigate cyber attack and intrusion. Private and public companies in each sector will be evaluated by regulators who will vet everything from infrastructure and issue fines for firms who fail.

“Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible,” said Ciaran Martin, U.K. National Cyber Security Centre CEO, in a statement.

Ultimately, the new regulations will be of benefit to everyone, but ensuring your company meets the right standards will be crucial. The days where maritime cyber security amounted to just making sure you turned the office PC off are long gone. Today, cyber security demands board room level attention as well as vigilance from all employees, be they in head office or out on the water.

David Rider is Spokesman for CSO Alliance.

Source: Maritime Executive

FacebookTwitterGoogle+

Gun boats for Nigeria

Port Harcourt — The Federal Republic of Germany yesterday presented five gunboats to the Nigerian Navy for counter-insurgency operations at Lake Chad.

But the excursion organised by the Navy for the Consul General of the German Embassy, Mr. Ingo Herbert, and his team to the Navy Security Station 023 positioned along the Cawthorn Channel after the inauguration turned eventful as the team chased and arrested five suspected oil thieves in three separate incidents.

Handing over the boats to the Chief of Naval Staff, Vice Admiral Ibok Ete Ibas, at Onne, Rivers State, the Consul General of Germany in Nigeria, Mr. Ingo Herbert, said the donation was part of his country’s contribution to the fight against insurgency in the North-east of Nigeria.

He also said it was directed at deepening Germany’s partnership with Nigeria and to help build peace and development in the country.

“The five boats are part of the Greater Initiatives of Germany in enhancing the peace and security of partner governments. The focus is to support partner countries in the fight against terrorism,” he said.

He noted that Nigeria is a complex country and that it is difficult to cover the whole area in terms of security. He however said the flat-bottom boats would assist in checking crime in the maritime sector,

“The maritime space sensitively accommodates a lot of activities and movements and therefore prone to security breaches. These boats will not only primarily contribute in your fight in the North-east, but also to fight illegal fishing, oil theft and other maritime crimes,” he said.

He added, “A very important aspect of this donation is that the boats are built in Nigeria. So it is actually a co-operation and has full local content.”

He recalled that he had recently inaugurated a vocational training centre in Port Harcourt equipped with German technology, adding that more German firms were coming to Nigeria to contribute to the development of the country.

Receiving the boats, Ibas said by the donation, the maritime landscape of the nation, especially the Lake Chad area, was gradually being accorded much needed security for the stability and prosperity of the country.

Ibas, who was represented by Chief of Logistics, Naval Headquarters, Rear Admiral James Oluwole, lamented: “Today, our nation is at crossroad, challenged by multi-faceted threats with grave manifestations, especially in the North-eastern Region and the maritime environment where the Nigerian Navy is the lead security agency. These challenges require enormous resources to surmount.”

He however said in line with the strategic partnership between both nations, Germany has assisted the Nigerian Navy with the five riverine patrol boats to fight the insurgency and criminality in the North-east.

He disclosed that the five boats were built locally by Epenal Boat Yard and fitted with 2 x 8.2m HP Yamaha Outboard Engines, mounting for 12.7mm and Automatic Grenade Launchers (AGL).

Ibas also noted that Germany had earlier supported the Nigerian Navy in provision of Motorised Turbine Unit (MTU) series training engines as well as training of 23 naval personnel on MTU engines in Germany.

“It is satisfying that Germany, in its strategic partnership with Nigeria, continue to remain true and committed to navy’s dream. By your effort, the maritime landscape of our nation, especially the Lake Chad area, is gradually being accorded much needed security, stability and prosperity.”

After the inauguration of the boats, the German officials were taken on sail to the Cawthorn Channel through some creeks of the Niger Delta.

In the course of the boat ride, the team in three different incidents chased and arrested five suspected oil thieves with speed boats laden with locally refined petroleum products popularly called in local parlancekpo-fire.

The suspects were brought back to Onne where the naval personnel said they would be interrogated and later handed over to the police for necessary action.

Commenting on the incidents, the German Consul General, Herbert, said the trip opened his eyes to the enormity of the challenges faced by the Nigerian Navy and the Government in combating crime in the creeks.

“I am glad that the German Government through the donation we made today to the Nigerian Navy could assist the Nigerian Government to deal with this kind of situations. I saw the vast area, the challenges with regard to the ecological system, to the people and the challenge to restore the Rule of Law and security. I appreciate the efforts of the Nigerian Navy,” Herbert said.

Source: This Day

FacebookTwitterGoogle+
Language »