Don’t worry if you missed us! Watch our recent hybrid conference, in your own time.
The shipping sector has made some progress on cybersecurity. We are no longer asking ourselves “why” we should invest in cyber resilience. The discussion has moved on to “how” to invest effectively. Cybersecure at Sea 2022 looked at how to make smarter progress in maritime cyber security – smarter readiness, smarter compliance, smarter supply chains and a smarter balance between risk management and risk transfer.
This year’s conference also included a simulated cyber incident exercise, powered by Triton, Navigate Response’s media simulator platform.
Catch up on-demand
Session 1: Working smarter with the ecosystem
The maritime cyber risk landscape has developed significantly since IMO 2021 came into effect on 1 January 2021. On the one hand, the threat landscape is evolving, driven both by geopolitical events and heightened visibility of the implications that disruption in the sector has on the world. More positively, our understanding of cyber risk management has improved, there has been further clarity on regulation and further development of cyber insurance products. This session explores how the shipowner can work smarter with this developing ecosystem.
Vessel cyber risk and compliance: looking back and looking forward (10 mins)
with Vincent Lagny, Head of Bureau Veritas Maritime & Offshore Cyber Security & Chairman of the IACS Cyber Panel
- Trends and lessons from inspections, notations and audits a year from launch of IMO 2021.
- The key vulnerabilities and risks that keep being uncovered.
- The direction of travel on cybersecurity compliance in the next 1-2 years.
- Updates on any collaborative and harmonisation efforts across the IACS Group.
Marine cyber insurance cover: what is working and what isn’t (10 mins)
with Nick Dimokidis, Claims Director, Standard Club
- Coverage of cyber risk across the typical marine insurance products.
- Implications of the Russia-Ukraine conflict on any cyber risk coverage.
- Typical gaps and exclusions for ship owners to consider.
- Considerations for crafting an effective and useful marine cyber insurance package.
- How IT Managers can support the marine cyber insurance process.
Panel discussion and Q&A (40 mins):
- Vincent Lagny, Head of Bureau Veritas Maritime & Offshore Cyber Security & Chairman of the IACS Cyber Panel
- Manos Lorentzos, Managing Director Seascope Hellas & Vice Chairman Hellenic Committee of Lloyds Brokers Associates
- Nick Dimokidis, Claims Director, Standard Club
- Russell Kempley, Chief Cybersecurity Officer, CyberOwl
Session 2: Setting up a smarter cyber security “directorate” for vessel operations
In March 2022, CyberOwl launched “The Great Disconnect”, a report on maritime cyber risk in collaboration with HFW and Thetius, taking into account the view of more than 200 shipping industry professionals. [link] The top recommendation was to set up a dedicated cyber security directorate within fleet operations that covers both IT and OT security. This session explores how shipping organisations can build an effective cyber security directorate and the shape it should take.
Growing stronger after a cyber attack (10 mins)
with Torbjorn Dimblad, CIO, Anglo-Eastern Ship Management
- Retracing the ransomware cyber incident at Anglo Eastern in 2020.
- Experience at the coalface of surviving such a cyber incident.
- Key lessons learnt and investments made since to make Anglo Eastern stronger.
- Changes in attitude of leadership.
The ‘one-person SOC’ – security operations that works for shipping (10 mins)
with Michalis Michaloliakos, Head of ICT & Cyber Security Services, TMS Cardiff Gas
- Architecting a cyber security operations solution that works for shipping.
- People, process and technologies that are needed.
- Lessons learnt so far on priorities vs luxuries.
- Making your cyber security budget work harder.
“Assuring the cyber resilience of the maritime supply chain” (10 mins)
with Xiang Zheng Teo, Head of Advisory at Ensign InfoSecurity
- Best practices relating to supply chain management for cyber risk.
- Lessons on supply chain risk from exercises within the maritime sector and beyond.
- Considerations for maritime digitisation and digitalisation.
- Managing remote access, credentials and remote maintenance, particularly of OT systems.
Panel discussion and Q&A (30 mins)
- Torbjorn Dimblad, CIO, Anglo-Eastern Ship Management
- Michalis Michaloliakos, Head of ICT & Cyber Security Services, TMS Cardiff Gas
- Xiang Zheng, Head of Advisory, Ensign Infosecurity
- Spyros Goumalatsos, Head of Electrical / Navigation Support & Vessel IT, TORM A/S
- Russell Kempley, Chief Cybersecurity Officer, CyberOwl
Session 3: Maritime cyber exercise
Most shipping organisations have never experienced a maritime cyber incident. These can be complex, rapidly changing incidents, where decisive actions need to be taken despite the lack of complete or perfect information. In this session, we simulate a rapidly evolving maritime cyber incident. Through a tabletop exercise and group discussion, participants will get a taster of what it is like to digest developing information, make decisions, deliver clear instructions and ultimately minimise the impact of a cyber incident under pressure.
To maximise experience of this exercise, please attend the conference in person.
The exercise will be powered by Triton, Navigate Response’s media and social media simulator. [link]
In the upcoming weeks, we will produce a deeper analysis of what the speakers presented and discussed during the conference. Register below to stay updated with these post-event materials.
Global industry report: The great disconnect
The state of cyber risk management in the maritime industry
In the last few years, the maritime industry has made great progress in improving its approach to cyber risk management, but significant gaps remain.
This report explores the gaps that exist between the industry’s perceptions of cyber security and reality, taking into account the views of more than 200 stakeholders from across the industry, including cyber security experts, seafarers, shoreside managers, industry suppliers, and C-suite leaders.
The research has uncovered three great disconnects that exist across the industry where expectations and reality don’t match up, cyber risk management efforts are lacking, or risks that are unique to maritime exist. These industry disconnects exist not just internally within maritime organisations, but across the maritime supply chain, and in how the industry approaches investment and risk.