digitalization & cybersecurity€¦ · 1. organize. form a cyber risk management working group...

Digitalization & CybersecurityShipping InsightOctober 17, 2018

1

Who We Are

HudsonAnalytix, Inc. offers integrated risk management and technical advisory services to the global maritime industry. Clients include:

• Port Authorities & Terminal Operators• National and regional port systems • Integrated oil/gas companies• National oil companies• Global maritime transportation companies• Insurance Companies • Governments

Operating Divisions:• HudsonCyber ‐Maritime Cybersecurity & Risk Mgmt.• HudsonSystems ‐ Software Solutions• HudsonTrident ‐ Security (Physical & Operational)• HudsonMarine ‐ Operational Marine Management• HudsonTactix ‐ Consequence Management

Key Facts:

• Established in 1986• Worldwide Presence:

• Philadelphia (Global HQ)• Washington, DC• San Diego, CA• Santo Domingo, Dominican Rep.• Copenhagen, Denmark• London, UK• Naples, Italy• Piraeus, Greece• Jakarta, Indonesia (JV)• Manila, Philippines

© 2018 HudsonAnalytix, Inc. 2

New digitization solutions, such as big data, blockchain, automation, drones,and robotics, are enabling the maritime freight industry to introduce game‐changing approaches that will significantly reduce or eliminate non‐value‐added activities, according to new report from ABI Research.

‐‐ Safety4Sea, July 4, 2018

Digitalization Is Re-Shaping the Maritime Industry

Operational, regulatory, financial and environmental pressures are allcreating a thirst for insight and information, which is driving the maritimeindustry to take digitalization seriously, and there is no application that canenjoy the benefit of continuous data more than ship management.

‐‐ Stephen Macfarlane, June 14, 2018; The Maritime Executive


Perspective: IoT Growth by 2020


Source: Statistica

Perspective: IoT Growth Projections for 2025


Perspective: Estimated IoT Cybersecurity Market (2015 – 2020)


7 Digital Trends Transforming Shipping

Source: BCG Analysis


• Strategic Partnering. Maritime companies are adapting by increasingly working with strategic commercial partners. Recent examples include Wärtsilä’ s acquisition of Transas to support an intelligent maritime ecosystem and Artificial Intelligence (AI), as well as Orange Business Service's deal with Cargotec for smart cargo handling. Examples include: IBM and Maersk on blockchain; Cisco on smart connected ports; Microsoft and OOCL on AI.

• Revenue Growth & Technology Adoption. Revenues and profits will be driven by technologies such as big data and predictive analytics, blockchain, electrification, assisted and automated operations, drones and robotics, Augmented Reality, and Virtual Reality.

• Maritime Cybersecurity Market. Maritime cyber security, also necessary to address current and emerging threats, will have a global spend expected to rise to US$1.7 billion in 2023.

*Source: ABI Research’s the Digital Transformation of Maritime Freight report finds:

Other Digitalization Trends*


Benefits of Digitalization in Shipping

• Increased transparency and connectivity across supply chains• Efficiencies Gained for shipowners:

• More accurate GPS Navigation• Better real‐time weather feeds• Improved planning regarding cargo loading/unloading and ballast

water management• Improved system/machinery performance monitoring• Condition monitoring• Key system operations and remote maintenance support• Trip optimization

• Insurers will also be able to more efficiently gather data to inform actuarial models regarding specific and aggregated risks


Maritime Digitization Risks

• Greater integration, larger data sets and faster, more persistent connectivity will increase the volume of digital vulnerabilities and the likelihood of subsequent data leakage.

• More cyber vulnerabilities will translate into more data being illicitly accessed, manipulated and exploited by cyber threat actors.

• Increased possibility of navigational system data corruption and/or manipulation.• Heightened exposures to business interruption and/or extortion due to chronic

challenge of Ransomware.• Marine liability issues will likely become more complex, resulting in potential

increased risks to first and third‐party liability exposures.• Incidents of targeted piracy will increase as threat actors collaborate to effect targeted

attacks on shipping companies to access specific vessels and cargoes.• Increased likelihood of third‐party risk exposure


The Cyber Risk Landscape in the Digitalized World


Digitalization is Already Happening

Image: Global Maritime Technology Trends 2030, QinetiQ, U. of Southampton & Lloyd’s Register; ©2015

“Smart” ships are a manifestation and exploitation of integrated, networked technologies (Sensors, robotics, big data, predictive analytics, advanced materials, and communications)

• Assume your organization has already been attacked, infiltrated and compromised.• Understand that there is no “magic bullet”• To achieve a cyber resilient state start planning at the top. Assess. Allocate.

Invest.


Autonomous Ships Are Coming!


Is Shipping Prepared?


Common questions from many of our shipowners include:• Where do we invest in first? • How much do we need to budget?• Where do we make our initial

investments?• What are our priorities?• What do we purchase?• How can we measure the effectiveness of

our investments?• Are our investments sustainable?

What do you think?

Cyber Loss Estimates

Torsten Jeworrek, Member of Munich Re’s Board of Management

“The economic costs of large‐scale cyber attacks already exceed lossescaused by natural disasters. Where small and medium‐sized enterprisesare affected, such attacks can soon threaten their very existence. Thebiggest cyber‐related economic losses to date have been those caused byRansomware and malware, especially WannaCry and NotPetya – attacksthat affected the marine sector.”


Ten Key Recommendations

1. Organize. Form a cyber risk management working group or committee that includes stakeholders from all areas of the organizations.

2. Assess. Perform an enterprise level cybersecurity capability assessment.3. Govern. Implement an enterprise cybersecurity strategy and governance framework.4. Manage, Identify & Detect. Develop and implement a cybersecurity program tailored to

both shore‐based and ship operations. Support identification and detection capabilities.5. Fund to Sustain. Develop a recurring budget to support resource allocation and

investment planning.6. Train. Design and implement a training program for all staff and crew.7. Address Indirect Risk. Integrate elements of cyber, physical security and safety

management to protect people, processes and digital assets and systems. Update ISM and ISPS Code plans.

8. Manage 3rd Party Risk. Secure your supply chain. Review and update contracts, establish breach notification requirements.

9. Insure. Assess existing insurance policies to identify critical gaps. Align with breach response.

10. Respond and Recover. Formalize a cyber incident response plan to support business continuity and return to normal operations.


HudsonCyber: What We’re Doing


Integrated Cyber Risk Management

• Trusted Best‐in‐Class partners

• Technology agnostic

• Unique capabilities tailored to theglobal maritime and energy markets

• Blended, standards‐based, maturity‐model assessment approach ‐ theHACyberLogix platform

• Tailored cyber threat intelligence ‐informed by “attack side”

• Facilitation of cyber risk transfer

• Global reach Ship‐owners& Operators Offshore

Ports &Terminal Operators

WatersideFacilities


North of England’s Position Delivering Value Added Benefits to its Members



HACyberLogix – Available via DNVGL’s Veracity Marketplace (September 2018)

The HudsonCyber Risk Action Framework

Cyber Loss Scenario &Exposure Quantification

Insurance Analysis and Stress Test

Cyber Program Evaluation

Sustain Resources

Identify most valuable assets and establish what the exposure value is for each. Prioritize.

Review all insurance policies for gaps and/or exclusions in coverage due to cyber events.

Perform an enterprise‐level cybersecurity capability assessment. Use outputs to update plan (or establish new one). Apply the HACyberLogix solution.

Strive to maintain an appropriate balance of resources to support continuous improvement and incident response capabilities.


What is HACyberLogix?Easy‐to‐use, cloud‐based tool designed for shipping

companies to support assessing and managing cyber risk.

Who is HACyberLogix for?Shipowners and operators with Balance Sheet responsibilities.

What does HACyberLogix do?Assess enterprise cybersecurity capabilities and

Deliver tailored decision‐support guidance

Why use HACyberLogix?Supports continuous improvement in cybersecurity capabilities

and informs investments and resource allocation.

What is HACyberLogix

Key Outputs

Maritime Transportation Cybersecurity Capability Assessment* cover page (date & time stamped)

Executive Summary includes dynamic visualization of

assessment activity(heat map represents aggregated results)

Scoring is aggregated, normalized and

dynamically visualized by for the overall assessment

and by DMIL Survey.

Recommendations are generated and prioritized based on assessment

inputs. Related document management supports

audit efforts.


Thank You!

Ferry Terminal BuildingSuite 3002 Aquarium DriveCamden, NJ 08103

Office: +1.856.342.7500Mobile: +1.609.505.6878Email: [email protected]

Cynthia HudsonCEO & Founder


digitalization & cybersecurity€¦ · 1. organize. form a cyber risk management working group...

Documents