NAVGEOEXPERT LTD

CEO

Ph.D. Associate Professor

Dmitry Gagarsky

Cybersecurity.

Requirements for ship systems of ships under construction and operating fleet

The main goal

Organizational and practical cybersecurity measures in the merchant fleet,

international and national requirements for adjusting the security management system

D. Gagarsky 2

The rights of "NAVGEOEXPERT" LTD to check cybersecurity www.navgeoexpert.info

D. Gagarsky 3

Specialized software developed by NAVGEOEXPERT LTD

for certification checks

1. Resolution MSC.428(98) (adopted on 16 June 2017).

«Maritime cyber risk management in safety management systems» (p.1)

2. MSC-FAL.1/Circ.3. 5 July 2017.

«Guidelines on maritime cyber risk management» (p.4)

3. MSC.1/Circ.1575. 16 June 2017.

«Guidelines for shipborne position, navigation and timing (PNT) data processing» (p.43)

4. CIRM Guideline GL-002. 2020.

«Implementing the CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic

Equipment and Services» (р.19).

5. IACS Rec. 2020 No. 166 Apr 2020.

«Recommendation on Cyber Resilience» (р.57)

D. Gagarsky 4

Basic international documents

1. Take control of corporate IT (Information Technology) - systems for data theft.

2. Take control of the operating networks and systems of the ships - OT (Emergency

Technology) systems.

3. Manage a vessel using access to the control networks and operating systems of ships for

commercial (other) purposes.

4. Use the vessel as a threat to port communications and facilities.

The purpose of cyberattacks in shipping

D. Gagarsky 5

1. Ship planning and documentation were approved

prior to the adoption of major international

documents on cybersecurity requirements.

2. The need to assess the risk of ship systems and

the recommended measures to reduce them in the

light of the fact of the design work performed.

3. Possible adjustments at the final stage of

construction to meet international cybersecurity

requirements.

In total, there can be up to 59 ship’s OT systems

Problems for customers - shipowners in the final stage of ship construction

D. Gagarsky 6

From the presentation

DetNorskeVeritas

Cybersecurity. Requirements of Major International and National Documents

D. Gagarsky 7

The basic standard of IEC 61162-460 includes methods of cybersecurity connection to navigation

devices on both one vessel and to onshore Internet services

Basic Theses

Functional for Cyber Threat Management:

1. Identification - the responsibility of personnel to determine the cause of cyber threats.

2. Protection - planned activities to protect against ship cyberattacks.

3. Detection - activities to detect cyberthreats.

4. Response - measures to repair damaged systems in a cyberattack.

5. Recovery - activities for system and process recovery processes including the backup option.

Cybersecurity. Requirements of Major International and National Documents

D. Gagarsky 8

Basic Theses

Systems categories

Category I. Systems whose failure will not lead to dangerous situations.

Category II. Systems whose failure can eventually lead to dangerous situations.

Category III. Systems whose failure can immediately lead to dangerous situations.

Safety Management System (SMS)

1. The process of protecting shipping from current and emerging cyber threats and vulnerabilities needs to be accelerated.

2. The SMS should take into account the management of cyberrisics in accordance with the goals and functional requirements of the ISM Code.

3. The process of preparing the SMS documents should be carried out no later than the first annual inspection after 1 January 2021.

4. The inventory of elements of computerized systems of category II and III. Applies to ships contracted for construction on or after 01.01.2021, and existing vessels after 01.01.2022.

5. The resolution should be made public by all concerned.

Recommendations of "NAVGEOEXPERT" LTD to improve the level of cybersecurity.

Specialized inspection and monitoring of ship’s equipment

D. Gagarsky 9

Threats to GNSS

Spoofing, Jamming

Constant control of the ship's place by astronomical observation. Changing the way astronomical observations are

trained and processed. Sea astronomy simulator. Creating an electronic sextant.

Ship systems risk

assessment

Develop a risk assessment methodology. Creating a ship's cybersecurity passport. The development of the Safety

Management System (SMS) documentation.

Control of ship systems

Automation of the process of monitoring the operation of ship systems based on the use of cloud technologies

Updating

Monitor

SENC

Computer

ENC

ENC

Updating

Radar

Add

Information

Log

Compass

GNSS

Sounder

Navtex

Track Control

AIS

VDR

???

Cybersecurity. Engagement Organizations in developing cybersecurity requirements and

assessing the risk of IT and OT ship’s systems

D. Gagarsky 10

Organizations

BIMCO - Baltic and International Maritime Council

Cobham SATCOM

Columbia Shipmanagement Cyprus

CIRM - Committee International Radio-Maritime

Cyberowl

CSA - Chamber of Shipping of America

DCSA - Digital Container Shipping Association

ICS - International Chamber of Shipping

IMCA - International Marine Contractors Association

INTERCARGO - International Association of Dry Cargo Shipowners

INTERTANKO - International Association of Independent Tanker Owners

IUMI - International Union of Marine Insurance

Maersk

OCIMF - Oil Companies International Marine Forum

IACS – International Association of Classification Societies

SYBAss - Superyacht Builders Association

WSC - World Shipping Council

We invite you to cooperate www.navgeoexpert.info

Dmitry Gagarsky Email d.gagarsky@rambler.ru

Thank you for your attention!

11 D. Gagarsky