Maritime Cybersecurity: Business E-Mail Compromise, a Cautionary Tale

Mainbrace | March 2018 (No.1)

Kate B. Belmont

Once upon a time, a shipping com­pany in a land far, far away fell victim to a sophisticated, yet common, e-mail scam that resulted in the loss of more than a million dollars. Due to a slight manipulation to a legitimate e-mail address, in the stroke of a key this company transferred millions of dollars into the account of a cyber-criminal. The story you are about to read is true, and should serve as a cautionary tale to all players in the maritime industry who rely on e-mail communications to conduct business and transfer funds on a regular basis.

A Cyber-Criminal Strikes Again

One day, in the not-so-distant past, a shipping company received an e-mail communication in the regular course of business from what appeared to be their counterparty, requesting the payment of an invoice. Continue reading “Maritime Cybersecurity: Business E-Mail Compromise, a Cautionary Tale”

Cyber Risk Management Guidelines for the Maritime Industry

Mainbrace | October 2017 (No.4)

Kate B. Belmont and Jared Zola

The summer of 2017 has been noteworthy for developments in maritime cybersecurity and cyber risk management. Major global cyber attacks from the WannaCry attack to the NotPetya attack, including mass GPS spoofing attacks in the Black Sea, have significantly affected the maritime industry, leaving no doubt of the importance of cybersecurity and cyber risk management. Continue reading “Cyber Risk Management Guidelines for the Maritime Industry”

Kate Belmont Authors Chapter, “Maritime Cyber Security: The Unavoidable Wave of Change”

Mainbrace | October 2017 (No.4)

Blank Rome Associate Kate B. Belmont authored the chapter, “Maritime Cyber Security: The Unavoidable Wave of Change,” in Issues in Maritime Cyber Security, edited by Joseph DiRenzo III, Nicole K. Drumhiller, and Fred S. Roberts (2017, Westphalia Press, an imprint of the Policy Studies Organization).

ABOUT THE BOOK:
The world relies on maritime commerce to move exceptionally large portions of goods, services, and people. Collectively, this effort comprises the Maritime Transportation System (“MTS”). Cyber networks, and the infrastructure they control, are a major com- ponent of this daunting multifaceted enterprise.

The impact of the cyber element on the international MTS is significant. The need for all stakeholders in both government (at all levels) and private industry to be involved in cyber security is more significant than ever as the use of the MTS continues to grow.

This pioneering book is beneficial to a variety of audiences, as a text book in courses looking at risk analysis, national security, cyber threats, or maritime policy; as a source of research problems ranging from the technical area to policy; and for practitioners
in government and the private sector interested in a clear explanation of the array of cyber risks and potential cyber defense issues impacting the maritime community.

To learn more or to purchase Issues in Maritime Cyber Security, please click here.

Maritime Cybersecurity: Protecting Passengers and Their Private Information in the Maritime Industry

Mainbrace | January 2017 (No. 1)

Kate B. Belmont

Cybersecurity has become a critical focus for all industries reliant on information technology (“IT”). Massive data breaches, cyber espionage, and hacking events sponsored by nation states around the globe occur with growing frequency. Continue reading “Maritime Cybersecurity: Protecting Passengers and Their Private Information in the Maritime Industry”

IMO Interim Guidelines: Recent Developments in Maritime Cyber Risk Management

Mainbrace | September 2016 (No. 4)

Kate B. Belmont

Cyber risk management continues to be one of the most significant  challenges currently facing the maritime industry. With an overreliance on information technology (“IT”) and operational technology (“OT”), the shipping industry is vulnerable to cyber risks, cyber threats, and cyber attacks that could result in significant damages and loss, including loss of business and damage to reputation and property. While the maritime industry has yet to be regulated, various stakeholders have recognized the need for the industry to address cyber risk. As the United States Coast Guard continues to assess and evaluate cyber risk throughout the marine  transportation system, the International Maritime Organization (“IMO”) and various industry organizations have issued guidelines on cyber risk management this past year. Most notably, on May 20, 2016, the IMO approved Interim Guidelines on Maritime Cyber Risk Management (“IMO Interim Guidelines”). Continue reading “IMO Interim Guidelines: Recent Developments in Maritime Cyber Risk Management”

Updated Guidance on the Cybersecurity Information Sharing Act Of 2015

Kate B. Belmont and Sean T. Pribyl

Action Item: On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and the U.S. Department of Justice (“DOJ”) jointly issued a notice announcing the availability of the Cybersecurity Information Sharing Act of 2015 (“CISA”) Final Guidance Documents, Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities and The Privacy and Civil Liberties Final Guidelines(“Final Guidance Documents”). These updated Final Guidance Documents address policies and procedures relating to the receipt and sharing of cyber threat indicators from non-federal entities and defensive measures by the federal government, as well as guidelines regarding privacy and civil liberties. Clients should seek counsel in navigating CISA and to assist with developing comprehensive cyber risk management strategies. Continue reading “Updated Guidance on the Cybersecurity Information Sharing Act Of 2015”

BIMCO’s Cybersecurity Guidelines: Shipowners’ and Operators’ Risk, Exposure, and Liability

Mainbrace | March 2016 (No. 2)

Kate B. Belmont

Introduction

On January 4, 2016, the maritime industry changed forever. With the release of “The Guidelines on Cyber Security Onboard Ships” created by BIMCO, CLIA, ICS, Intercargo, and Intertanko, the maritime industry acknowledged and recognized that cyber-threats are grave and cyber-attacks are happening. The maritime industry responded to the call for greater education on cybersecurity and greater protections, and created a set of guidelines for shipowners and operators to defend against such attacks. Accordingly, as the BIMCO Cybersecurity Guidelines make clear, shipowners and operators must be proactive in protecting against such threats, and they must be responsive. While the maritime industry has been hesitant to address cybersecurity issues and embrace the new realities of operating in a world heavily reliant on ICT (information and communication technology), with the release and publication of the BIMCO Cybersecurity Guidelines, the maritime industry no longer has its head in the sand. These guidelines have become the new standard against which shipowners and operators will be judged when addressing issues related to cybersecurity onboard ships. Continue reading “BIMCO’s Cybersecurity Guidelines: Shipowners’ and Operators’ Risk, Exposure, and Liability”

Risk-Management Tools for Maritime Companies

Mainbrace | March 2016 (No. 2)

Compliance Review Program

Blank Rome Maritime has developed a flexible, fixed-fee Compliance Review Program to help maritime companies mitigate the escalating risks in the maritime regulatory environment. The program provides concrete, practical guidance tailored to your operations to strengthen your regulatory compliance systems and minimize the risk of your company becoming an enforcement statistic. To learn how the Compliance Review Program can help your company, please visit www.blankrome.com/  compliancereviewprogram.

Maritime Cybersecurity Review Program

Blank Rome provides a comprehensive solution for protecting your company’s property and reputation from the unprecedented cybersecurity challenges present in today’s global digital economy. Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepare customized strategy and action plans, and provide ongoing support and maintenance to promote cybersecurity awareness. Blank Rome’s maritime cybersecurity team has the capability to address cybersecurity issues associated with both land-based systems and systems onboard ships, including the implementation of the BIMCO Guidelines on Cyber Security Onboard Ships. To learn how the Maritime Cybersecurity Review Program can help your company, please visit www.blankrome.com/cybersecurity or contact Kate B. Belmont (KBelmont@BlankRome.com, 212.885.5075) or Steven L. Caponi (Caponi@BlankRome.com, 302.425.6408).

Trade Sanctions And Export Compliance Review Program

Blank Rome’s Trade Sanctions and Export Compliance Review Program ensures that companies in the maritime, transportation, offshore, and commodities fields do not fall afoul of U.S. trade law requirements. U.S. requirements for trading with Iran, Cuba, Russia, Syria, and other hotspots change rapidly, and U.S. limits on banking and financial services, and restrictions on exports of U.S. goods, software, and technology, impact our shipping and energy clients daily. Our team will review and update our clients’ internal policies and procedures for complying with these rules on a fixed-fee basis. When needed, our trade team brings extensive experience in compliance audits and planning, investigations and enforcement matters, and government relations, tailored to provide practical and businesslike solutions for shipping, trading, and energy clients worldwide. To learn how the Trade Sanctions and Export Compliance Review Program can help your company, please visit www.blankromemaritime.com or contact Matthew J. Thomas (MThomas@BlankRome.com, 202.772.5971).

Major Shipping Associations Issue Cybersecurity Guidelines for Shipowners and Operators

Mainbrace | January 2016 (No. 1)

Kate B. Belmont

BIMCO and its international shipping association partners CLIA, ICS, Intercargo, and Intertanko, recently released the first set of cybersecurity guidelines  targeted to shipowners and operators, “The Guidelines on Cyber Security Onboard Ships.” Recognizing the maritime industry’s over-reliance on information technology (“IT”) and operational technology (“OT”), and the risks associated with unauthorized access or malicious attacks to ships’ systems and networks, BIMCO and its partners created these guidelines specifically for the maritime industry. The guidelines provide direction, awareness, and “guidance to shipowners and operators on how to assess their operations and put in place the necessary procedures and actions to maintain the security of cyber systems onboard their ships.” Continue reading “Major Shipping Associations Issue Cybersecurity Guidelines for Shipowners and Operators”