maritime security

Ace your homework & exams now with Quizwiz!

Recall UK govt experiment involving jamming; what systems were compromised

As the vessel entered the jamming zone a range of services failed DGPS receivers AIS transponders Dynamic positioning system Gyro system Digital selective calling system

8. Overall of Maritime security Costs: (Shoreside Perspective ppt)

B. Stolt - ~15-25% of corporate revenue

ISPS & MTSA development & results/impacts A. Applicability

The ISPS Code applies to ships International voyages Passenger ships Cargo ships > 500 GT Mobile offshore drilling units Port facilities serving such

ISPS & MTSA development & results/C. Where found i. International: which IMO convention ii. National: which Code of Federal Regulation (CFR) title / chapter

The ISPS Code is Part (Chapter XI-2) of SOLAS. Special measures to enhance maritime safety The Maritime Transportation Security Act (MTSA) is the U.S. National adoption of ISPS: 33CFR (Title 33 of Code of Federal Regulations) "Navigation and Navigable Waters" Subchapter H "Maritime Security" Parts 104 & 105

Motivations of Cyber criminals, per "CyberKeel" consultative group

Stealing money ^^^^^^^^^^^^ Deceitful direct transfer Ransomware Manipulation of market data Moving cargo - theft of goods Stealing data ^^^^^^^^^^^ industrial espionage Identification of high value cargo for theft or piracy Market insight Causing disruption ^^^^^^^^^^^^^ Financial motivation National interest Terrorism / Philosophical motivation

who was lead agency for USA at IMO ISPS convention

USCG

navigator recommendations

Take Initiative wrt VSP, SMS, everyday routine Virus Protection - "IT Hygiene" Data protection: Who can access data, spaces containing key technical equipment? Susceptible to Attack: Ship systems (navigation, cargo, control, communication) Personal devices (smart phones, laptops, USB sticks) Connecting personal devices to ship systems for exchanging data or for charging is risky Vulnerable systems include cargo, bridge, propulsion, and all external communication systems

Drills & exercises can be combined to

help ensure crew proficiency/ meet deadlines

AIS practices in high risk areas

it is recommended that AIS is left on throughout the High Risk Area

Definition of Security Exercise

means a comprehensive training event that involves several of the functional elements of the vessel security plan and tests communications, coordination, resource availability, and response. Annually.

Definition of Security Drill

means a training event that tests at least one component of the vessel security plan and is used to maintain a high level of security readiness. Every three months. (and after major crew change, vessel alteration, etc)

DoS (Declaration of Security)

means an agreement reached between a ship and either a port facility or another ship with which it interfaces, specifying the security measures each will implement.

Ship-to-ship activity

means any activity not related to a port facility that involves the transfer of goods or persons from one ship to another.

Security Incident

means any suspicious act or circumstance threatening the security of a ship, including a mobile offshore drilling unit and a high-speed craft, or of a port facility or of any ship/port interface or any ship-to-ship activity

Know the importance of the human element in cyber vulnerability

most vulnerable attack point

Ship/port interface

movement of persons Goods Provisions of port services to or from the ship.

Recall "legal implications of action / non-action...";

no known serious negative implications to date

Standing Guidance / Recommendations:

A. Vessel Security Plan B. Best Management Practices (BMP4) C. MSC Circulars (1334, 1405, 1408) D. BIMCO guidance; GUARDCON E. Nautical Institute

Pre-9/11 International measures focused on Hijacking & Terrorism (especially Achille Lauro hijacking); 1980's

ACTIONS TAKEN AS A RESULT OF ACHILLE LAURO INCIDENT: 1985 - "Measures to Prevent Unlawful Acts which Threaten Safety of Ships and Security of Passengers" 1986 - "Measure to Prevent Unlawful Acts against Passengers and Crew aboard Ships 1988 - Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (SUA Treaties)

Be familiar with the exhaustive training requirements for VSOs (20 items - familiarity only!)

.1 security administration .2 relevant international conventions, codes and recommendations; .3 relevant Government legislation and regulations; .4 responsibilities and functions of other security organizations; .5 methodology of ship security assessment; .6 methods of ship security surveys and inspections; .7 ship and port operations and conditions; .8 ship and port facility security measures; .9 emergency preparedness and response and contingency planning; .10 instruction techniques for security training and education, including security measures and procedures; 11 handling sensitive security-related information and security- related communications (SSI); .12 knowledge of current security threats and patterns; .13 recognition and detection of weapons, dangerous substances and devices; .14 recognition, on a non-discriminatory basis, of characteristics and behavioral patterns of persons who are likely to threaten security; .15 techniques used to circumvent security measures; 16 security equipment and systems and their operational limitations; .17 methods of conducting audits, inspection, control and monitoring; .18 methods of physical searches and non-intrusive inspections; .19 security drills and exercises, including drills and exercises with port facilities; and .20 assessment of security drills and exercises.

9. BMP4 Best Management Practices

A. Best Management Practices B. Recommendations & guidelines C. Promulgated by international commercial consortium D. Recommends just send basic AIS message in high risk areas; per Thomas Brown "Notes from the Fields(s), ships often include "armed guards on board" in their AIS message. E. Remember the Master can turn off the AIS at his discretion.

Costs associated with Anti-piracy measures include

A. Cost of PMSC if utilized (~$4K-$8K) B. Cost of Fuel while diverting C. Insurance Premiums D. Cost of Security equipment E. Cost of maintaining security equipment F. Labor associated with deployment of equipment & G. Loss of man-hours to routine functions H. Total cost for one company: ~20% (15%-25%) I. INTERTANKO industry estimate (2014) - $2.2 - $2.3 Billion

8. Overall of Maritime security Costs: (Shoreside Perspective ppt)

A. INTERTANKO: $2.2 - $2.3 B in one year

Costs associated with a piracy incident:

A. Injury / death of personnel - certainty of legal and human costs B. Damage to or loss of vessel C. Time off-hire D. Damage to corporate reputation E. Time / expense of overall crisis management process

5. Current Intel sources

A. Office of Naval Intelligence (ONI): WWTS, PAWW B. International Maritime Bureau (IMB) C. USCG Port Security Advisories D. Marine Security Review E. CMF - Combined Maritime Forces F. (CTF 150, 151, 152) G. Oceans Beyond Piracy H. ReCAAP I. USCG Port Security Advisories J. Marad MSCI portal

7. PMSC's: (Shoreside Perspective ppt)

A. Political sensitivities B. $4K-$8K/day; substantial; decision-making point C. Topic of arms aboard merchant ships ongoing debate D. "No ship with armed guards has been taken"

PMSC's private maritime security companies

A. Political sensitivities B. $4K-$8K/day; substantial; decision-making point C. Topic of arms aboard merchant ships ongoing debate D. "No ship with armed guards has been taken"

Be familiar with A.B.S. class notations for Cyber Security

CS1 Informed Cybersecurity Implementation CS2 Rigorous Cybersecurity Implementation CS3 Adaptive Cybersecurity Implementation (Highest level of Readiness)

Who sets MARSEC level in ports?

Captain of port

Goals / Objectives of ISPS / MTSA - remember goals are NOT commercial enhancement of industry

Detect security threats and implement security measures Establish roles and responsibilities concerning maritime security Collate and promulgate security-related information Provide a methodology For security assessments Plans Procedures to react to changing security levels

Event(s) that hastened the adoption & implementation of ISPS / MTSA

Development and implementation were sped up September 11, 2001 attacks Bombing of the French oil tanker Limburg

Dangers associated with weak passwords, unsecured computers, use of charging ports, data transfers via USB, email attachments, web links, etc

Don't open unfamiliar email attachments Control Access to USB ports!!!

DOES IMO promulgate security levels?

IMO DOES NOT promulgate security levels

ISPS & MTSA development & results/ B. Know difference between Part A&B of ISPS (mandatory / recommendatory)

ISPS is a two-part document describing minimum requirements for security of ships and ports Part A provides mandatory requirements Part B provides guidance for implementation

The VSA is undertaken before VSP; then VSA becomes part of the VSP. Once these are in place the ship can apply for a ?

ISSC (International Ship Security Certif

Validity: 5 years?

International Ship security certificate

MFIC's

Maritime Intelligence Fusion Centers

MIFC's

Maritime Intelligence Fusion Centers

MOTR process

Maritime Operational Threat Response process

MSST

Maritime Safety & Security Teams

Be familiar with main points & recommendations in "The Navigator" June 2016 issue posted on eCampus

Minimizing risk is central to navigation Hacking and spoofing contribute to risk GNSS does not always give a continuous and accurate position; Assuming that it does so is dangerous Compare and integrate all the data sources Maintain proficiency in traditional Navigational methods Celestial: Sextant, tables, accurate timepiece Terrestrial: Magnetic compass, alidade, bearing circle

Initially, no direct mention of ?

Piracy or Cyber Threats

Significant results of ISPS / MTSA At the ship / mariner level

SSAS Ship Security Alert System ("Panic Button"; bank teller alarm) AIS - Accelerated TWIC - Not required by ISPS

Measures taken by IMO & US govt prior to 9/11; establishment of COTP construct

Safety of Life at Sea Convention - 1974 1983 - "Measures to Prevent Acts of Piracy and Armed Robbery Against Ships" 1985 - "Measures to Prevent Unlawful Acts which Threaten Safety of Ships and Security of Passengers" 1986 - "Measure to Prevent Unlawful Acts against Passengers and Crew aboard Ships 1988 - Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (SUA Treaties)

Three basic security levels

Security level 1, normal Security level 2, heightened Security level 3, exceptional

SSAS

Ship Security Alert System ("Panic Button"; bank teller alarm)

VSA & VSP

Ship/Vessel Security Assessment (SSA / VSA) is an essential and integral part of the process of developing and updating the ship security plan

Objective of Drills & Exercises

The objective of drills and exercises is to ensure that shipboard personnel are proficient in all assigned security duties at all security levels and the identification of any security-related deficiencies which need to be addressed.

no action

The only thing necessary for the triumph of evil is for good men [and women] to do nothing

Who is (are) primarily responsible for carrying out the VSA?

The vessel owner or operator must ensure that a written VSA report is prepared and included as part of the VSP.

i. VSO / CSO / PFSO construct

VSO/CSO/FSO requirements (VSO = SSO) Training of VPDSDs Drills/exercises Security Incident recognition / reporting Knowledge of MARSEC level (USCG COTP) Establishment / Adjustment of Vessel Security Level Declaration of Security Security Equipment Handling Security Sensitive Information (SSI) Introduction of the International Ship Security Certificate

C. Examples: (SENSITIVE SECURITY INFORMATION ppt, slide 17)

Vessel Security Assessment Vessel Security Plan All Security Records Security Directives, incl MARSEC Threat Reporting SOME NVICs internal and external

Can a vessel operate above security level?

Vessel can operate ABOVE promulgated security level; never below

Early rudimentary "spoofing" - shipwreckers of 1700's; recognize definition of spoofing

WRECKING": A traditional legend Rudimentary "Spoofing" Deliberately misleading ships with false lights Ships run ashore and can be plundered

Pre-9/11 National measures focused on Open Hostilities and Internal Threats; dating back to WWI.

WWI Espionage Act of 1917 - Broad Legislation; some maritime applicability U. S. Coast Guard first designated officers as Captains of the Port WWII Safety of Naval Vessels Act of 1941 authorized COTP control of anchorage and movement of any vessel in the navigable waters of the United States COTP charged with the security of U.S. ports "from subversive or clandestine attacks"

VSP

annual audit; also if ownership changes or substantial structural modifications to vessel

VSP vessel security plan

annual audit; also if ownership changes or substantial structural modifications to vessel

MARSEC level requirement if ship vs port level differs

vessel must operate at or above security level of port

TWIC required by ISPS

required by MTSA but not ISPS

Additional drill ?

required if 25% of crew change out. a drill should be conducted within one week of the change

AIS accelerated implementation because of what

result of ISPS / MTSA

Required periodicity of drills & exercises

should be conducted at least once every three months.

Shipboard automation systems were largely developed prior advent of internet

thus protections against cyber-attacks not required at the time

B. Know definition of SSI; understand relationship to nationally classified information

unwarranted invasion of personal privacy reveal trade secrets privileged or confidential information Commercial financial information


Related study sets

Saylor Academy: Intro to Financial Accounting

View Set

MEGGS History of Graphic Design chapter 9

View Set

Dialogue 1 - English French Anglais Français - Hi What's your name? - Bonjour Comment t'appelles-tu?

View Set

Physics - Chapter 1 :Physical Quantities, Units and Measurement

View Set

Corporal's Course Administration

View Set

Personal Finance Planning Quiz 3 Chapters 5-6

View Set