This is for general releases to the public

USA Rule Making

/in , , , /by

While the USA is currently generating cyber security rules for both ships and ports under a White House Executive Order, there are more than a few things to monitor. This post will look at some of the main issues.

First, with the USCG generating the rules, the USA has a significant opportunity to ensure that the rules for ships and ports are well aligned. While these two aspects of maritime security have often been treated separately, they function as part of a more extensive system of systems.  Consider that ports not only act as a point to service ships (maintenance, etc) but also as a transition point between modes of transportation (ship to rail, ship to truck). While there has been a tendency for IT Security doctrine to focus on the mode of transportation, there is a need to understand that the maritime sector, while important, falls into the context of supply chains and transportation networks that are multi-modal by nature.

The other challenge is that these rules may only apply to specific operations or ships, such as those on international travel. This does not reflect the cybersecurity threat landscape. Connected ships of any type, including traditionally excluded or exempted vessels, once connected to the internet can face threats. This may force a decision to either have all shipping (including recreational boats intending to connect to ports) fall under the same regime or force the need for something similar to zones where certain kinds of ships would be allowed to connect but others would not. This would have to align with the context of network zoning.

Finally, there are some emerging issues when considering some of the approaches being taken. Ships, particularly those that will need to demonstrate compliance with IACS UR E22, E26, and E27) will essentially be operating certified networks. The challenge here occurs with when those trusted and certified networks have to connect to unknown or uncertified networks (which is likely to occur around the world). The Zero-Trust model is one way of mitigating many of the risks associated with this and is likely an option being explored. The key here, however, will be for shipowners going through their renewals (in terms of classification societies) or reclassification to produce the necessary evidence to the surveyor to demonstrate that their operations and cyber security postures have been maintained.

And this is where we come to another upcoming vulnerability in the overall system. At this point, port state entities have relatively scarce resources to conduct credible inspections and assessments at an industry level. The numbers are adequate to generate standards, but the temptation will be there within administrations to produce standards and then fall back on regimes that rely on the presentation of certifications. These certificates will likely be problematic and become attractive to counterfeiters, who will likely offer certificates for a fee without the actual activities like audits and assessments to back them up. Before we roll into this, it may be prudent for the Maritime Safety Committee or other body within the IMO to produce a template for Contracting Governments to use that incorporates the necessary integrity controls to prevent (or more easily detect) this. This would require both the controls and the means of verifying the controls.

A number of publicly available reports that have not been well circulated outline the importance of this step. One such report, the Shen Attack, provides some context around this challenge. While different strings of ports would likely result in different impacts, the general concept of the report is sound and worth reading by those with responsibilities for local facilities/ports and areas or regions.

 

Website Evolution

/in , /by

The International Association of Maritime Security Professionals (the Association) will be taking steps to improve its website over the 2024 year. With over a decade supporting its members and those interested in maritime security, the Association is taking this step to remain in step with, and slightly ahead of, some of the major changes coming over the next five years. You can expect to see changes in content, structure, and capabilities within the website over the next few months.

These changes will not affect the learning platform, which is being managed as a separate project. However, for those pursuing courses, we recommend that you bookmark the eLearning portal’s address “just in case.” 

Project Support

/in , /by

The International Association of Maritime Security Professionals (the Association) is pleased to announce that it will support the “Helping Coastal Communities Prepare” project currently underway in central Nova Scotia, Canada. This project, initiated by an Association member, focuses on improving the resources available to residents who have faced significant challenges over the past two years due to climate-related issues ranging from severe snowfalls to significant storms and wildfires.

By using this project as one of its directed research projects, the Association demonstrates its commitment to building capacity within the maritime security space. Coastal communities and their infrastructure have been at increased risk due to the increasing frequency and intensity of storms. Residents of Nova Scotia and the broader Maritimes need no further explanation of what these challenges have involved. By offering this support, this project will be able to broaden its scope and depth of analysis.

The developmental site can be reached through https://evolutionarysecurity.net.

 

Newsletter Launch

/in , , , /by

The International Association of Maritime Security Professionals (the Association) is pleased to announce the launch of its bi-monthly newsletter focusing on association news and evolving maritime security issues. This newsletter will look at emerging trends in technology, changes in naval conflict, and the impacts of climate change on the overall maritime security environment. The newsletter is available to all members in good standing at no cost and may be made available to external members after its initial first year.

Members in good standing that have an interest in participating in this newsletter should contact the Chief Learning Officer for information.

The Professional Certificate in Maritime Security

/in , , , , , /by

The International Association of Maritime Security Professionals (the Association) is pleased to announce that it has passed the critical gateway for the Professional Certificate in Maritime Security, a joint offering with Acadia University in Nova Scotia, Canada. This online university-level certificate offers candidates a unique opportunity to blend advanced-level education and more practical instruction.

The Association’s offerings consist of three eight-week courses, each offered online using a hybrid model (i.e., both online but with interaction with the instructor). Candidates begin with the Maritime Infrastructure and Operations course that introduces them to various aspects of ports and commercial shipping. The second course, Security Design, focuses on ensuring that the systems being designed and the environment in which it is being designed are protected appropriately. This process can be used in physical and logical environments using a structure derived from Systems Engineering processes (and intended to link into those same processes). This course also sets the stage for Monitoring and Compliance. Building on the Security Design course, this guides candidates on how to use the design process to build rational, quantitative systems to measure and evaluate performance.

Acadia University’s offerings consist of a series of eight week courses that cover a range of maritime security topics. These courses, led by academics and capable industry members help build the context from geopolitical, economic, socio-cultural, and environmental perspectives. Linking these perspectives through operational considerations allows those people completing the program to have a broader grasp of maritime security.

You can learn more about this program at https://maritimesecurity.acadiau.ca