Maritime Cybersecurity: Business E-Mail Compromise, a Cautionary Tale

Mainbrace | March 2018 (No.1)

Kate B. Belmont

Once upon a time, a shipping com­pany in a land far, far away fell victim to a sophisticated, yet common, e-mail scam that resulted in the loss of more than a million dollars. Due to a slight manipulation to a legitimate e-mail address, in the stroke of a key this company transferred millions of dollars into the account of a cyber-criminal. The story you are about to read is true, and should serve as a cautionary tale to all players in the maritime industry who rely on e-mail communications to conduct business and transfer funds on a regular basis.

A Cyber-Criminal Strikes Again

One day, in the not-so-distant past, a shipping company received an e-mail communication in the regular course of business from what appeared to be their counterparty, requesting the payment of an invoice. Continue reading “Maritime Cybersecurity: Business E-Mail Compromise, a Cautionary Tale”

Cyber Risk Management Guidelines for the Maritime Industry

Mainbrace | October 2017 (No.4)

Kate B. Belmont and Jared Zola

The summer of 2017 has been noteworthy for developments in maritime cybersecurity and cyber risk management. Major global cyber attacks from the WannaCry attack to the NotPetya attack, including mass GPS spoofing attacks in the Black Sea, have significantly affected the maritime industry, leaving no doubt of the importance of cybersecurity and cyber risk management. Continue reading “Cyber Risk Management Guidelines for the Maritime Industry”

Kate Belmont Authors Chapter, “Maritime Cyber Security: The Unavoidable Wave of Change”

Mainbrace | October 2017 (No.4)

Blank Rome Associate Kate B. Belmont authored the chapter, “Maritime Cyber Security: The Unavoidable Wave of Change,” in Issues in Maritime Cyber Security, edited by Joseph DiRenzo III, Nicole K. Drumhiller, and Fred S. Roberts (2017, Westphalia Press, an imprint of the Policy Studies Organization).

ABOUT THE BOOK:
The world relies on maritime commerce to move exceptionally large portions of goods, services, and people. Collectively, this effort comprises the Maritime Transportation System (“MTS”). Cyber networks, and the infrastructure they control, are a major com- ponent of this daunting multifaceted enterprise.

The impact of the cyber element on the international MTS is significant. The need for all stakeholders in both government (at all levels) and private industry to be involved in cyber security is more significant than ever as the use of the MTS continues to grow.

This pioneering book is beneficial to a variety of audiences, as a text book in courses looking at risk analysis, national security, cyber threats, or maritime policy; as a source of research problems ranging from the technical area to policy; and for practitioners
in government and the private sector interested in a clear explanation of the array of cyber risks and potential cyber defense issues impacting the maritime community.

To learn more or to purchase Issues in Maritime Cyber Security, please click here.

Maritime Cybersecurity: Protecting Passengers and Their Private Information in the Maritime Industry

Mainbrace | January 2017 (No. 1)

Kate B. Belmont

Cybersecurity has become a critical focus for all industries reliant on information technology (“IT”). Massive data breaches, cyber espionage, and hacking events sponsored by nation states around the globe occur with growing frequency. Continue reading “Maritime Cybersecurity: Protecting Passengers and Their Private Information in the Maritime Industry”

IMO Interim Guidelines: Recent Developments in Maritime Cyber Risk Management

Mainbrace | September 2016 (No. 4)

Kate B. Belmont

Cyber risk management continues to be one of the most significant  challenges currently facing the maritime industry. With an overreliance on information technology (“IT”) and operational technology (“OT”), the shipping industry is vulnerable to cyber risks, cyber threats, and cyber attacks that could result in significant damages and loss, including loss of business and damage to reputation and property. While the maritime industry has yet to be regulated, various stakeholders have recognized the need for the industry to address cyber risk. As the United States Coast Guard continues to assess and evaluate cyber risk throughout the marine  transportation system, the International Maritime Organization (“IMO”) and various industry organizations have issued guidelines on cyber risk management this past year. Most notably, on May 20, 2016, the IMO approved Interim Guidelines on Maritime Cyber Risk Management (“IMO Interim Guidelines”). Continue reading “IMO Interim Guidelines: Recent Developments in Maritime Cyber Risk Management”

Updated Guidance on the Cybersecurity Information Sharing Act Of 2015

Kate B. Belmont and Sean T. Pribyl

Action Item: On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and the U.S. Department of Justice (“DOJ”) jointly issued a notice announcing the availability of the Cybersecurity Information Sharing Act of 2015 (“CISA”) Final Guidance Documents, Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities and The Privacy and Civil Liberties Final Guidelines(“Final Guidance Documents”). These updated Final Guidance Documents address policies and procedures relating to the receipt and sharing of cyber threat indicators from non-federal entities and defensive measures by the federal government, as well as guidelines regarding privacy and civil liberties. Clients should seek counsel in navigating CISA and to assist with developing comprehensive cyber risk management strategies. Continue reading “Updated Guidance on the Cybersecurity Information Sharing Act Of 2015”

BIMCO’s Cybersecurity Guidelines: Shipowners’ and Operators’ Risk, Exposure, and Liability

Mainbrace | March 2016 (No. 2)

Kate B. Belmont

Introduction

On January 4, 2016, the maritime industry changed forever. With the release of “The Guidelines on Cyber Security Onboard Ships” created by BIMCO, CLIA, ICS, Intercargo, and Intertanko, the maritime industry acknowledged and recognized that cyber-threats are grave and cyber-attacks are happening. The maritime industry responded to the call for greater education on cybersecurity and greater protections, and created a set of guidelines for shipowners and operators to defend against such attacks. Accordingly, as the BIMCO Cybersecurity Guidelines make clear, shipowners and operators must be proactive in protecting against such threats, and they must be responsive. While the maritime industry has been hesitant to address cybersecurity issues and embrace the new realities of operating in a world heavily reliant on ICT (information and communication technology), with the release and publication of the BIMCO Cybersecurity Guidelines, the maritime industry no longer has its head in the sand. These guidelines have become the new standard against which shipowners and operators will be judged when addressing issues related to cybersecurity onboard ships. Continue reading “BIMCO’s Cybersecurity Guidelines: Shipowners’ and Operators’ Risk, Exposure, and Liability”