NAVGEOEXPERT LTD
CEO
Ph.D. Associate Professor
Dmitry Gagarsky
Cybersecurity.
Requirements for ship systems of ships under construction and operating fleet
The main goal
Organizational and practical cybersecurity measures in the merchant fleet,
international and national requirements for adjusting the security management system
D. Gagarsky 2
The rights of "NAVGEOEXPERT" LTD to check cybersecurity www.navgeoexpert.info
D. Gagarsky 3
Specialized software developed by NAVGEOEXPERT LTD
for certification checks
1. Resolution MSC.428(98) (adopted on 16 June 2017).
«Maritime cyber risk management in safety management systems» (p.1)
2. MSC-FAL.1/Circ.3. 5 July 2017.
«Guidelines on maritime cyber risk management» (p.4)
3. MSC.1/Circ.1575. 16 June 2017.
«Guidelines for shipborne position, navigation and timing (PNT) data processing» (p.43)
4. CIRM Guideline GL-002. 2020.
«Implementing the CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic
Equipment and Services» (р.19).
5. IACS Rec. 2020 No. 166 Apr 2020.
«Recommendation on Cyber Resilience» (р.57)
D. Gagarsky 4
Basic international documents
1. Take control of corporate IT (Information Technology) - systems for data theft.
2. Take control of the operating networks and systems of the ships - OT (Emergency
Technology) systems.
3. Manage a vessel using access to the control networks and operating systems of ships for
commercial (other) purposes.
4. Use the vessel as a threat to port communications and facilities.
The purpose of cyberattacks in shipping
D. Gagarsky 5
1. Ship planning and documentation were approved
prior to the adoption of major international
documents on cybersecurity requirements.
2. The need to assess the risk of ship systems and
the recommended measures to reduce them in the
light of the fact of the design work performed.
3. Possible adjustments at the final stage of
construction to meet international cybersecurity
requirements.
In total, there can be up to 59 ship’s OT systems
Problems for customers - shipowners in the final stage of ship construction
D. Gagarsky 6
From the presentation
DetNorskeVeritas
Cybersecurity. Requirements of Major International and National Documents
D. Gagarsky 7
The basic standard of IEC 61162-460 includes methods of cybersecurity connection to navigation
devices on both one vessel and to onshore Internet services
Basic Theses
Functional for Cyber Threat Management:
1. Identification - the responsibility of personnel to determine the cause of cyber threats.
2. Protection - planned activities to protect against ship cyberattacks.
3. Detection - activities to detect cyberthreats.
4. Response - measures to repair damaged systems in a cyberattack.
5. Recovery - activities for system and process recovery processes including the backup option.
Cybersecurity. Requirements of Major International and National Documents
D. Gagarsky 8
Basic Theses
Systems categories
Category I. Systems whose failure will not lead to dangerous situations.
Category II. Systems whose failure can eventually lead to dangerous situations.
Category III. Systems whose failure can immediately lead to dangerous situations.
Safety Management System (SMS)
1. The process of protecting shipping from current and emerging cyber threats and vulnerabilities needs to be accelerated.
2. The SMS should take into account the management of cyberrisics in accordance with the goals and functional requirements of the ISM Code.
3. The process of preparing the SMS documents should be carried out no later than the first annual inspection after 1 January 2021.
4. The inventory of elements of computerized systems of category II and III. Applies to ships contracted for construction on or after 01.01.2021, and existing vessels after 01.01.2022.
5. The resolution should be made public by all concerned.
Recommendations of "NAVGEOEXPERT" LTD to improve the level of cybersecurity.
Specialized inspection and monitoring of ship’s equipment
D. Gagarsky 9
Threats to GNSS
Spoofing, Jamming
Constant control of the ship's place by astronomical observation. Changing the way astronomical observations are
trained and processed. Sea astronomy simulator. Creating an electronic sextant.
Ship systems risk
assessment
Develop a risk assessment methodology. Creating a ship's cybersecurity passport. The development of the Safety
Management System (SMS) documentation.
Control of ship systems
Automation of the process of monitoring the operation of ship systems based on the use of cloud technologies
Updating
Monitor
SENC
Computer
ENC
ENC
Updating
Radar
Add
Information
Log
Compass
GNSS
Sounder
Navtex
Track Control
AIS
VDR
???
Cybersecurity. Engagement Organizations in developing cybersecurity requirements and
assessing the risk of IT and OT ship’s systems
D. Gagarsky 10
Organizations
BIMCO - Baltic and International Maritime Council
Cobham SATCOM
Columbia Shipmanagement Cyprus
CIRM - Committee International Radio-Maritime
Cyberowl
CSA - Chamber of Shipping of America
DCSA - Digital Container Shipping Association
ICS - International Chamber of Shipping
IMCA - International Marine Contractors Association
INTERCARGO - International Association of Dry Cargo Shipowners
INTERTANKO - International Association of Independent Tanker Owners
IUMI - International Union of Marine Insurance
Maersk
OCIMF - Oil Companies International Marine Forum
IACS – International Association of Classification Societies
SYBAss - Superyacht Builders Association
WSC - World Shipping Council
We invite you to cooperate www.navgeoexpert.info
Dmitry Gagarsky Email [email protected]
Thank you for your attention!
11 D. Gagarsky
Top Related