{"id":84312,"date":"2017-09-13T14:21:13","date_gmt":"2017-09-13T14:21:13","guid":{"rendered":"http:\/\/mostafa.openonline.co.uk\/?guid=6afd60a899c315e2967a6be835580812"},"modified":"2017-09-13T14:21:13","modified_gmt":"2017-09-13T14:21:13","slug":"speech-protecting-the-maritime-industry-from-cyber-attacks-2","status":"publish","type":"post","link":"https:\/\/mostafa.openonline.co.uk\/?p=84312","title":{"rendered":"Speech: Protecting the maritime industry from cyber attacks"},"content":{"rendered":"<div class=\"govspeak\">\n<p>Good afternoon ladies and gentlemen.<\/p>\n<p>It\u2019s a real pleasure to be here.<\/p>\n<p>This is my first experience of <a rel=\"external\" href=\"https:\/\/londoninternationalshippingweek.com\/\">London International Shipping Week<\/a>.<\/p>\n<p>I\u2019ve heard so many positive things about it.<\/p>\n<p>So I\u2019m delighted to be able to join you today (13 September 2017).<\/p>\n<p>And to talk about an issue which has such profound significance in our modern world.<\/p>\n<p>Cyber security is an increasing concern for many industries across the global economy.<\/p>\n<p>And that certainly includes maritime.<\/p>\n<p>Anything that threatens the reliability and performance of a shipping sector that carries 95% of our trade has to be taken seriously.<\/p>\n<p>In some areas, maritime continues to rely on legacy systems using old software and aging operational technology.<\/p>\n<p>There is also growing dependence on information systems with the development of new technologies \u2014 such as autonomous or partially-autonomous vessels.<\/p>\n<p>This has the potential to make the industry more vulnerable to cyber attacks.<\/p>\n<p>And the implications of such vulnerabilities could be highly damaging.<\/p>\n<p>Poor cyber security undermines customer confidence and industry reputation, and could potentially result in severe financial losses or penalties, and litigation affecting the companies involved.<\/p>\n<p>The disruption caused by a cyber attack \u2013 or a compromised system \u2014 could be significant too.<\/p>\n<p>Just consider what a compromised ship system could trigger:<\/p>\n<ul>\n<li>physical harm to the system or the shipboard personnel or cargo \u2014 potentially endangering lives or the loss of the ship<\/li>\n<li>the loss of sensitive information, including commercially sensitive or personal data<\/li>\n<li>criminal activity, including kidnap, piracy, fraud, theft of cargo, or imposition of ransomware<\/li>\n<\/ul>\n<p>Even if the problem is on a much smaller scale, it could play havoc with an industry that requires order and reliability to operate efficiently.<\/p>\n<p>Cyber security is not just about preventing hackers gaining access to systems and information.<\/p>\n<p>It\u2019s also about protecting digital assets and information, ensuring business continuity, and making sure the maritime industry is resilient to outside threats.<\/p>\n<p>That means not only keeping ship systems safe from physical attack, but also ensuring that supporting systems are robust.<\/p>\n<p>So that in the event of an incident, appropriate practices and technologies are in place to limit any damage.<\/p>\n<p>There is also the need for personnel security \u2014 guarding against the possible threat from insiders, either shore or shipboard-based.<\/p>\n<p>Ship owners and operators need to understand cyber security and promote awareness of the subject to their staff and business partners.<\/p>\n<p>In recent years the government has demonstrated how seriously we take the cyber security threat.<\/p>\n<p>The <a href=\"https:\/\/www.gov.uk\/government\/publications\/national-security-strategy-and-strategic-defence-and-security-review-2015\">2015 National Security Strategy<\/a> reaffirmed cyber as a Tier One risk to <abbr title=\"United Kingdom\">UK<\/abbr> interests.<\/p>\n<p>We have dedicated cyber security teams in a range of departments working with the industry, manufacturers, international partners and academia.<\/p>\n<p>This includes officials within the Department for Transport.<\/p>\n<p>We have a team that works with shipping industry partners, port operators and vessels traffic services (<abbr title=\"vessels traffic services\">VTS<\/abbr>) organisations.<\/p>\n<p>And have cyber security teams working with other transport sectors \u2014 such as aviation, rail, and connected and autonomous vehicles.<\/p>\n<p>Our aims are to:<\/p>\n<ul>\n<li>understand the cyber threat and the vulnerabilities for the transport sector<\/li>\n<li>mitigate cyber risks and take appropriate action to protect key assets<\/li>\n<li>respond to cyber incidents effectively and ensure that lessons are learnt<\/li>\n<\/ul>\n<p>and promote cultural change, raise awareness and build cyber capability.<\/p>\n<p>The government also established the <a rel=\"external\" href=\"https:\/\/www.ncsc.gov.uk\/about-us\">National Cyber Security Centre in 2016<\/a> \u2014 again to work with the industry on this increasingly complex subject.<\/p>\n<p>You will be hearing from the security centre in just a few moments.<\/p>\n<p>All this preparation is time \u2014 and money \u2014 well spent.<\/p>\n<p>Because in recent months, we have seen some high profile cyber attacks hit various part of the economy.<\/p>\n<p>Including maritime.<\/p>\n<p>The NotPetya cyber attack in June (2017) hit many different organisations across the globe including some in the shipping sector.<\/p>\n<p>It showed that the industry is vulnerable to these type of attacks.<\/p>\n<p>And we may encounter many more in the years to come.<\/p>\n<p>So we want to support the maritime sector to help you manage your cyber security risks.<\/p>\n<p>That\u2019s why I want to tell you about the Department for Transport\u2019s new <a href=\"https:\/\/www.gov.uk\/government\/publications\/ship-security-cyber-security-code-of-practice\">Cyber Security code of practice for ships<\/a>.<\/p>\n<p>You should have some hard copies with you, but it is also available on gov.uk from today.<\/p>\n<p>This guidance is aimed at ship operators, ship owners and crew members.<\/p>\n<p>Businesses of all sizes.<\/p>\n<p>And it will help you:<\/p>\n<ul>\n<li>develop a cyber security assessment and plan<\/li>\n<li>devise the most appropriate mitigation measures<\/li>\n<li>ensure you have the correct structures, roles, responsibilities and processes in place<\/li>\n<\/ul>\n<p>and manage security breaches and incidents.<\/p>\n<p>It also highlights the key national and international standards and regulations that should be reviewed and followed.<\/p>\n<p>The Department for Transport commissioned the <a rel=\"external\" href=\"http:\/\/www.theiet.org\/\">Institution of Engineering and Technology (<abbr title=\"Institution of Engineering and Technology\">IET<\/abbr>)<\/a> to produce the code of practice.<\/p>\n<p>It has also received input from experts at the Maritime Coastguard Agency, Maritime Accident and Investigation Branch, the <a href=\"https:\/\/www.gov.uk\/government\/organisations\/defence-science-and-technology-laboratory\"><abbr title=\"Ministry of Defence\">MoD<\/abbr>\u2019s Defence Science and Technology Laboratory<\/a>, and the <a rel=\"external\" href=\"https:\/\/www.ncsc.gov.uk\/\">National Cyber Security Centre<\/a>.<\/p>\n<p>The guidance will complement the work being done by the <a rel=\"external\" href=\"http:\/\/www.imo.org\/en\/Pages\/Default.aspx\">International Maritime Organisation (<abbr title=\"International Maritime Organization\">IMO<\/abbr>)<\/a> to raise awareness of cyber threats and vulnerabilities.<\/p>\n<p>This code of practice explains why it is essential that cyber security be considered as part of a holistic approach throughout a ship\u2019s lifecycle.<\/p>\n<p>As well as setting out the potential impact if threats are ignored.<\/p>\n<p>The code of practice is intended to be used as an integral part of a risk management system to ensure that cyber security is delivered cost effectively as part of mainstream business.<\/p>\n<p>This latest code of practice follows on from last year\u2019s publication of the well-received <a href=\"https:\/\/www.gov.uk\/government\/publications\/ports-and-port-systems-cyber-security-code-of-practice\">Cyber security code of practice for ports and port systems, which is also available on GOV.<abbr title=\"United Kingdom\">UK<\/abbr><\/a>.<\/p>\n<p>The ports code of practice was also written by <abbr title=\"Institution of Engineering and Technology\">IET<\/abbr>, so both guidance documents are consistent in their approach.<\/p>\n<p>We hope you find it of value, and encourage you to consider all the advice.<\/p>\n<p>We will continue to work with you all and seek to ensure that the <abbr title=\"United Kingdom\">UK<\/abbr>\u2019s transport sector remains safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world.<\/p>\n<p>Thank you.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Transport Minister Lord Callanan launches new guidance on how shipping organisations can deal with cyber threats.<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/84312"}],"collection":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=84312"}],"version-history":[{"count":0,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/84312\/revisions"}],"wp:attachment":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=84312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=84312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=84312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}