Maritime Cyber Risk Management

21 - 24 November 2023
Golden Tulip City Center Hotel
Dar Es Salaam - Tanzania

Maritime Cyber Risk Management

Register Now! Limited Seats Available!

Local - TZs 700,000.00 Per Delegate

International - USD 550.00 Per Delegate

Course overview:

Cyber security in maritime industry is fast evolving into a major concern due to increased use of computer based systems for its various operations, be it on ship or ashore. Breach of confidential data, can lead to major financial loss and credibility of stakeholders and may also result in legal issues.
The maritime sector has traditionally stood apart from the developments in cyber security. The majority of critical functions and assets was physically isolated with limited or non-existent connectivity, remote monitoring and control capabilities. This is no longer the case; cyber security technologies have become essential to the operation and management of systems critical to the safety and security of shipping and protection of the marine environment.
Inevitably, accessing and networking creates new kinds of vulnerabilities and leads to maritime cyber security risks which should be addressed and managed

Course Objectives:

By the end of the course you will be able to:

    • Interpret the current regulatory landscape
    • Appreciate why a non-prescriptive cyber security risk management approach is a natural extension of existing safety and security management practices
    • Consider a variety of potential cyber security threats and vulnerabilities
    • Assess associated risks
    • Recommend mitigating measures, including management, operation or procedural and technical controls
    • Identify the different functional elements of an effective cyber security risk management plan
    • Respond to and recover from cyber security incidents in accordance with established contingency plans
    • Champion appropriate behaviours and ways of work in your organisation
    • Contribute towards the continual improvement of your organisation’s cyber security risk management performance.

Targeted Audience:

The program has been designed for all persons in the maritime industry that have authorized access to systems and data. This includes

    • Ship managers,
    • Port managers,
    • Harbour masters,
    • Ship superintendents,
    • Security officers,
    • IT managers,
    • Port authorities, and entities operating within ports.

Course Outline:

Module 1: Cybersecurity, Threats, Actors and Motives

    • Terms and definitions of cybersecurity
    • Analysis of existing threats that cybersecurity is seeking to address, and possibly, mitigate
    • Effects that threat actors are trying to achieve
    • Threat actors’ motivation
    • Case study

Module 2: Cybersecurity in the Maritime Industry

    • The importance of cybersecurity for ships
    • The importance of cybersecurity for shore-based maritime industry activities
    • Threat actor motivation specifically against the shipping industry
    • Case study

Module 3: Information and Operational Technology Systems and 3rd Party Vulnerabilities

    • IT shipboard systems – vulnerabilities and potential consequences of cyberattacks
    • OT shipboard systems – vulnerabilities and potential consequences of cyberattacks
    • 3rd party (vendors, insurers, clients, ship brokers) vulnerabilities
    • Case study

Module 4: Maritime Cyber Risk Assessment and Mitigation Measures

    • The importance of risk assessment on cyber attacks
    • Risk assessment and management tools (KPIs)
    • Types (APT, no-targetted) and stages of cyber-attacks against the shipping industry
    • Case study

Module 5: Regulatory Framework, Best Practises and Basic Cyber-Hygiene

    • Existing regulatory framework
    • The human factor in cybersecurity
    • Shipboard operations safety briefing
    • Tools and policy measures to achieve effective and sustainable cyber-hygiene on board and ashore
    • Actions and reporting procedures in case of a cybersecurity breach

Module 6: Cybersecurity and Safety Management System (SMS)

    • Development of a comprehensive shipboard cybersecurity plan (CSP)
    • Review of the CSP
    • Monitoring and auditing the CSP
    • Role of a cybersecurity officer (CySO)
    • Functions of a Security Operations Centre (SOC)
    • Cyber Incident Investigation and Emergency Response mechanisms

We will discuss the mistakes and the consequences in one or more of the following case studies:

    • May 2022, attack that targeted the Port of London Authority forced its website to go offline.
    • October 2021, attempt to hack over 250 Office 365 accounts, with a focus on Persian Gulf ports of entry or maritime transportation companies with a presence in the Middle East.
    • October 2020, UN shipping agency the International Maritime Organization (IMO) reported that its website and networks had been disrupted by a sophisticated cyber attack.
    • September 2020, French shipping company CMA CGM SA saw two of its subsidiaries in Asia hit with a ransomware attack that caused significant disruptions to IT networks, though did not affect the moving of cargo.
    • February 2022, multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.
    • What has happened?
    • Why has it happened?
    • Which were the consequences?
    • How could it be avoided?

End of the workshop

IN HOUSE AND ONLINE TRAINING

While both In-House and Online training can present with cost-effectiveness and time-efficacy, there are some very specific differences between in-house courses and those based online.
The demand for additional courses by individuals or groups of people is increasing. Still, it depends entirely on the preferences of a person what type of training he or she wants to receive. Online courses and in-house training carry some similarities but they are considered to exhibit some very pivotal differences too. Despite that, both types of learning can be really beneficial for attendees.

For Registration and other Training arrangements,
contact us on the detail below.

SOUTH AFRICA : +27 11 057 6001
TANZANIA Cell: +255 769 688 544
WhatsApp +27 79 574 0389
info@bmktraining.co.za / www.bmktraining.com