Maritime and port cybersecurity.

As mentioned in a recent article, the shipping company MSC was the victim of a cyberattack about a week ago. The incident disrupted the operation of its online booking systems for four days.

In a recent statement, the company confirmed the cyber origin of the incident, which affected several servers located in Geneva: “we have determined that it was a virus attack exploiting a targeted vulnerability.”

It is worth noting that the company shared information about the attack with its partners in order to reduce the risk of similar incidents occurring elsewhere.

According to Le Marin and other online sources, the shipping company MSC (Mediterranean Shipping Company), the world’s second-largest container shipping line, was reportedly affected by a cyber incident that disrupted its electronic booking system known as “MyMSC.” The incident occurred at a particularly difficult time, as the global shipping industry was already dealing with the effects of the COVID-19 pandemic.

Email services appeared to remain operational, but the company initially released little information beyond indicating that the disruption was likely related to a network outage in one of its data centers.

The Finnish technology group Wärtsilä has obtained cybersecurity certifications from DNV GL and the International Electrotechnical Commission (IEC) for its solution called Translink.

Translink is the company’s connected ECDIS solution, which combines traditional ECDIS hardware and software with an encrypted network link to shore. This connectivity enables, among other things, route optimization and improved exchanges between the vessel and the shipowner.

The DNV GL certification scheme was recently updated (March 2020), and the corresponding document can be found here.

The Digital Container Shipping Association (DCSA), whose members include MSC, Maersk, CMA-CGM, Hapag-Lloyd, and Evergreen, has published a guide along with supporting templates to help shipping companies and vessels in the container shipping sector comply with regulations issued by the International Maritime Organization (IMO), particularly resolution MSC.428(98).

Adopted in 2017, this resolution aims to ensure that cyber risks onboard ships are properly addressed within existing onboard risk management processes. The requirement becomes applicable starting January 2021.

Market Research Intellect has published a market study on cybersecurity in the oil and gas sector, including projections extending to 2026.

The report, primarily focused on economic analysis and market trends, is available for purchase here.

Following an initial publication in 2016, the UK Department for Transport has recently released an updated version of its guidance on good practices titled Cyber Security for Ports and Port Systems.

This 71-page guide, which can be compared to the work published by ENISA at the end of last November, brings together a set of best practices aimed at improving the management of cyber risks affecting port systems.

The document is relatively comprehensive and covers topics such as risk analysis, the implementation of security policies, the distribution of cybersecurity roles within port organizations, and the protection of industrial systems.