This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our
and .overview
Key Learning Outcomes
- The principles and emerging trends in maritime cybersecurity, including analytics, critical infrastructure, key threats and risk assessment
- Adopt risk-based cyber best practices: Planning, fieldwork execution, reporting
- Understand the attack methodologies and life cycle in network, application and cryptography attacks
- Cyber Threat Landscape – Latest trends and vulnerability identification
- Technologies, connectivity and cyber risk assessment – ship board and terminal systems
- Protection measures on-board vessels and at ports/terminals
- Find out how to analyse and respond in the event of a cyber threat – incident preparation and detection best practices
- Developing a pragmatic cyber risk framework
- Training guidelines for crew, agents, service providers and on-shore parties
- Cyber risk response and business continuity
- Discuss options available for cyber security technologies and cyber liability, insurance
Unique Feature and Highlights
- Practical, real life examples and sample checklists on critical areas of concern in cyber security
- Hands-on exercises including how to exploit vulnerabilities and defend against them on vessels
- Demos, videos, quizzes to reinforce participants’ understanding of key cybersecurity principles
- Case Study – Large shipping company infected with the malware that cost them $300m to remediate
- Case Study – Has your vessel been compromised? How to investigate the vessel has not been compromised
- Demo: Live hacking of vessel
- Demo: VSAT and GPS System hack
Who Should Attend
This programme will benefit both IT and non-IT professionals from shipowners & managers, charterers, classification societies, port & terminal operators, and marine service providers:
- Personnel responsible for IT Governance, IT Risk Audit and Information Security
- Network Security
- e-Crime / Business Crime
- Disaster Recovery
- Business Continuity
- Innovation
- Fleet Directors, Ship Captains / Masters
- Risk Professionals
- Ship & Port Agents
Digital Badge
Upon completion of this training course, participants will earn a digital badge.
Earners of Maritime Cyber Security Certificates have acquired practical understanding of the principles and emerging trends in cybersecurity within marine industry, including analytics, critical infrastructure, key threats and risk assessment. They are equipped with best practices in vulnerability identification, global guidelines for on-board vessels’ protection measure, security management for fleet or at terminals. They are skilled in developing a pragmatic cyber risk framework, contingency planning and business continuity management.
Skills:
attack methodologies, critical infrastructure, risk exposure assessment, cybersecurity, BIMCO Guidelines, crew training, fleet cybersecurity, protection measures, port cybersecurity, contingency planning, business continuity, cybersecurity insurance, cyber insurance, cyber risk response, cyber risk framework, detection, prevention, penetration testing, operational technologies.
Eligibility:
Attend and participate in the 2 full days of training course duration, led by the designated training expert
Available to:
Seminar attendees
Singapore MCF Grant
You may be eligible for the Singapore Maritime Cluster Fund (MCF) Grant for up to 50% of the total course fee. Please contact Sushil Kunwar on +65 6989 6614 or email [email protected] for more information and eligibility criteria.
Agenda
CYBERSECURITY IN THE MARITIME INDUSTRY
- Introduction to cybersecurity and key principles
- Systems and connectivity in the marine supply chain
- Financial, Legal and operational implications
- IMO Safety Management Systems (ISM CODE 2021)
- Digital trends in maritime industry
CYBER THREAT LANDSCAPE – LATEST TRENDS AND VULNERABILITY IDENTIFICATION
- Key threats, threat actors and motivations
- Cyber underground
- Supply chain risks
- Assess risk exposure (Ship perspectives) and impacts
- Assess on-shore risk exposure (ports sector) and impacts
EXERCISE: TECHNOLOGIES, CONNECTIVITY AND CYBER RISK ASSESSMENT – SHIP BOARD AND TERMINAL SYSTEMS ATTACK METHODOLOGIES – OVERVIEW
- Attack lifecycle – Learning the steps of launching a cyber-attack that breach vessels
- Attack lifecycle – how attacks are launched?
- Fundamentals behind attack methodologies Network attacks (Man in the middle, Ping of Death, DDoS), Wireless
- Cryptography
- Phishing
- Social engineering, malicious software, trojans, viruses, ransomware
- Rootkit, application vulnerabilities, SQL injection
- Cross-site scripting (XSS), Cross-site request forgery (CSRF)
- Frameworks of attack tools (Kali Linux, Metasploit, etc)
- Threats posed by unauthorised access to vessel systems
- Threats to interconnected vessels and autonomous infrastructure
PROTECTION MEASURES ON-BOARD VESSELS
- BIMCO Guidelines on cyber security onboard ships
- Crew training guidelines, crew requirements and operations in the event of cyber attacks
- Electronic communication guidelines across ships, ports and authorities ashore
- Cybersecurity quality for agents
- Updating real-time information into owner’s vessel management system
- Cyber risk management process with service providers in supplier agreements
EXERCISE: PROTECTION MEASURES FOR KEY OPERATIONAL TECHNOLOGY
- Navigation Systems
- Vessel Tracking Systems
- Terminal Management Systems
FLEET CYBER SECURITY MEASURES – CASE STUDY
- Fleet vulnerability management
- Fleet-wide standard cyber security strategy
- Potential new vulnerabilities
- Risk assessment documentation
- Fleet-wide remote scanning capability
PROTECTION MEASURES AT PORT / TERMINAL
- Port automation and cybersecurity risks
- Operational systems and data networks
- Resilience exercises
PENETRATION TESTING (PT) CASE STUDIES
- How PT can be used as a tool to improve enterprise security
- What to expect from PT and best practices in adoption
- PT strategies, categories and when to use
- Fingerprinting, user harvesting, access control, privilege elevation
DEVELOPING A PRAGMATIC CYBER RISK FRAMEWORK
- How companies manage cyber risks: Risk scenarios, application, mitigation measures
- Cyber risk detection Identifying crown jewels and third-party relationships
- Establishing threat awareness and ability to detect patterns
- Applying cyber intelligence to identify and manage risks
- How to proactively assess cyber risk?
- Cyber risk prevention Planning and implementing “Secure by Design”
- Securing risk-sensitive assets – Controls to mitigate known and emerging threats
- How to assess and manage cyber risk and compliance?
- Key security considerations: Design, requirements, strategy
- Effective Cybersecurity audit approach
- Risk-based audit methodology – best practices (planning, fieldwork, reporting, on-going activities)
- Effective Cybersecurity audit approach and latest tools
EFFECTIVE CYBERSECURITY AUDIT APPROACH AND CYBER SECURITY RISK MANAGEMENT CASE STUDIES
- Latest tools for cyber security risk management
- Ship to shore systems
- Jamming of navigation systems case study
- Remote access control security
- Maritime SATCOMS Cyber security
EXERCISE: CONTINGENCY PLANNING DEVELOPMENT
- Disabled/manipulated electronic navigational equipment
- Disabled/manipulated electronic industial control systems and other critical systems
- What to do with unconfirmed data threat?
- Handle ransomeware incidents
- Operational contingencies
INCIDENT ANALYSIS INVESTIGATING CYBER INCIDENTS
- Incident exercises and preparation
- Incident detection and analyses
- Containment, eradication and recovery
CYBER RISK RESPONSE AND BUSINESS CONTINUITY
- Prepare, plan, exercise, simulate, wargame
- Building and maintaining a response plan
- How to react quickly to cyber-attacks and reduce the impact?
- Cleaning up, business continuity and disaster recovery planning
- PR Intervention and Legal assistance
CYBERSECURITY INSURANCE
- Liability, Charterparties, Claims and P&I
- Standard protection packages – an overview
- Key insuring clauses (privacy, network security, media, cyber extortion, data asset loss, business interruption loss, recovery costs, incident response expenses, regulatory penalties etc)
when & where
26 - 27 Sep 2019
Mandarin Orchard Singapore, by Meritus
333 Orchard Road, Singapore 238867
Tel: +65 6831 6062 | Fax: +65 6737 3130
Mobile No.: +65 8298 9442
Contact Person: Tan Ai Li
Email: [email protected]
Website: www.meritushotels.com
On-site & in-house training
Deliver this course how you want, where you want, when you want – and save up to 40%! 8+ employees seeking training on the same topic?
Talk to us about an on-site/in-house & customised solution.