Projects – IAMSP

USA Rule Making

March 30, 2024/in Domain Aware, Public, Technology, Uncategorized /by Al McDougall

While the USA is currently generating cyber security rules for both ships and ports under a White House Executive Order, there are more than a few things to monitor. This post will look at some of the main issues.

First, with the USCG generating the rules, the USA has a significant opportunity to ensure that the rules for ships and ports are well aligned. While these two aspects of maritime security have often been treated separately, they function as part of a more extensive system of systems. Consider that ports not only act as a point to service ships (maintenance, etc) but also as a transition point between modes of transportation (ship to rail, ship to truck). While there has been a tendency for IT Security doctrine to focus on the mode of transportation, there is a need to understand that the maritime sector, while important, falls into the context of supply chains and transportation networks that are multi-modal by nature.

The other challenge is that these rules may only apply to specific operations or ships, such as those on international travel. This does not reflect the cybersecurity threat landscape. Connected ships of any type, including traditionally excluded or exempted vessels, once connected to the internet can face threats. This may force a decision to either have all shipping (including recreational boats intending to connect to ports) fall under the same regime or force the need for something similar to zones where certain kinds of ships would be allowed to connect but others would not. This would have to align with the context of network zoning.

Finally, there are some emerging issues when considering some of the approaches being taken. Ships, particularly those that will need to demonstrate compliance with IACS UR E22, E26, and E27) will essentially be operating certified networks. The challenge here occurs with when those trusted and certified networks have to connect to unknown or uncertified networks (which is likely to occur around the world). The Zero-Trust model is one way of mitigating many of the risks associated with this and is likely an option being explored. The key here, however, will be for shipowners going through their renewals (in terms of classification societies) or reclassification to produce the necessary evidence to the surveyor to demonstrate that their operations and cyber security postures have been maintained.

And this is where we come to another upcoming vulnerability in the overall system. At this point, port state entities have relatively scarce resources to conduct credible inspections and assessments at an industry level. The numbers are adequate to generate standards, but the temptation will be there within administrations to produce standards and then fall back on regimes that rely on the presentation of certifications. These certificates will likely be problematic and become attractive to counterfeiters, who will likely offer certificates for a fee without the actual activities like audits and assessments to back them up. Before we roll into this, it may be prudent for the Maritime Safety Committee or other body within the IMO to produce a template for Contracting Governments to use that incorporates the necessary integrity controls to prevent (or more easily detect) this. This would require both the controls and the means of verifying the controls.

A number of publicly available reports that have not been well circulated outline the importance of this step. One such report, the Shen Attack, provides some context around this challenge. While different strings of ports would likely result in different impacts, the general concept of the report is sound and worth reading by those with responsibilities for local facilities/ports and areas or regions.

Project Support

March 25, 2024/in Calls for Participation, Public /by Al McDougall

The International Association of Maritime Security Professionals (the Association) is pleased to announce that it will support the “Helping Coastal Communities Prepare” project currently underway in central Nova Scotia, Canada. This project, initiated by an Association member, focuses on improving the resources available to residents who have faced significant challenges over the past two years due to climate-related issues ranging from severe snowfalls to significant storms and wildfires.

By using this project as one of its directed research projects, the Association demonstrates its commitment to building capacity within the maritime security space. Coastal communities and their infrastructure have been at increased risk due to the increasing frequency and intensity of storms. Residents of Nova Scotia and the broader Maritimes need no further explanation of what these challenges have involved. By offering this support, this project will be able to broaden its scope and depth of analysis.

The developmental site can be reached through https://evolutionarysecurity.net.

Newsletter Launch

March 25, 2024/in Announcements, Calls for Participation, Public, Uncategorized /by Al McDougall

The International Association of Maritime Security Professionals (the Association) is pleased to announce the launch of its bi-monthly newsletter focusing on association news and evolving maritime security issues. This newsletter will look at emerging trends in technology, changes in naval conflict, and the impacts of climate change on the overall maritime security environment. The newsletter is available to all members in good standing at no cost and may be made available to external members after its initial first year.

Members in good standing that have an interest in participating in this newsletter should contact the Chief Learning Officer for information.

IAMSP TET Supports OCEANUSLive.org Service

May 6, 2011/in Announcements, Projects, Public, Technology /by David Stone

IAMSP is pleased to announce the results of the Technical Evaluation Team’s (TET) review of the OCEANUSLive.org service currently in beta testing and expected to move into full production mode in the near future. This review, undertaken by a team of three persons under the oversight of the President, examined the offering based upon its adherence to the latest and sound principles associated with maritime domain awareness, information and intelligence production, and its utility to the maritime security effort currently underway in the Indian Ocean (and applicable elsewhere).

This review touched on 168 topics that included reviewing the concept, design, fragility, safety, maintenance, life cycle management, risk management and training elements associated with the service being offered and took place over a six week period.

formal bridesmaid dresses As a result of this effort, it is the assessment of the TET that the service does address a significant need or vulnerability currently evident within the maritime security awareness domain, has demonstrated that (under normal operating conditions) to be consistently reliable and to be reasonable in terms of integration and maintenance within organization’s normal operating routines.

The IAMSP is of the belief, based on sound doctrine and experience, that timely information communication and sharing is an essential element in helping protect our seafarers during higher-risk transits. We further echo the concept that such information sharing must be done across the full community of those seeking to protect our seafarers and add our voice to calls to the various reporting centers and organizations to focus on this important goal.

International Code of Conduct

April 24, 2011/in Projects, Public, Working Groups /by David Stone

Reposted from 11 November 2010 – The IAMSP is proud to be amongst the first Industry Associations lending their support and signatures to the International Code of Conduct for Private Security Service Providers. Allan McDougall represented ISSG Holdings, Evolutionary Security, APPDSand IAMSP at the signing ceremony held in Geneva, Switzerland on 09 November 2010.

This Code of Conduct, often referred to as the ICoC, is the first major step in a vital effort to ensure that companies operating in complex environments (where the rule of law has been significantly eroded) conduct their operations in a way that is respectful of the human rights that have been enshrined in such documents as the United Nations Universal Declaration of Human Rights.

This ICoC builds upon the foundations that were laid with the Montreux Document and so it may be seen as an appropriate evolutionary step rather than a revolutionary step. This is important because we need to understand that this is not a sudden and short term effort. It is something that is going to be built, implemented and maintained over time.

To date, we have been involved as an original signatory. We are currently involved in the process that will become the Maritime Security appendix and also involved in the ASIS International efforts associated with the development of the Technical standards. In short, the Association is proud to be able to say that it is at the leading edge of the development of this important effort.

For those interested in participating in the development of this Code, a discussion forum is being set up in this space within the controlled members area where specific elements can be discussed, collated and then presented to the drafting authorities.

Archive for category: Projects

犀利士