verticale

Un approccio innovativo alla gestione della minaccia Cyber in ambito Marino ed Offshore

- Le nuove Tecnologie trasformano i settori marittimo edoffshore
- Il ‘cyber risk’ esiste a bordo, a terra e nei porti
- Il trend degli incidenti cyber
- Il settore marittimo non è immune
- Il corpo normative Internazionale nel settore marittimo
- La comunità Marittima e la Cyber Security
- La gestione olistica del Rischio Cyber

Scarica il PDF Scarica il PDF
Aggiungi ai preferiti Aggiungi ai preferiti


Atti di convegni o presentazioni contenenti case history
mcT Cyber Security novembre 2018 Cyber Security per l'industria nel mondo Cloud e I-IoT

Pubblicato
da Benedetta Rampini
mcT Cyber Security 2018Segui aziendaSegui




Settori: 

Parole chiave: 


Estratto del testo
Milano, 29 novembre 2018 Gli atti dei convegni e pi di 10.000 contenuti su www.verticale.net Cyber Security Alimentare Petrolchimico Petr Un approccio innovativo alla gestione della minaccia Cyber in ambito Marino ed Offshore. Milano, 29 Novembre 2018 Paolo Scialla
Lead Specialist -
Lloyd's Register EMEA Introduzione ' Lloyd's Register Independente Propriet unica della Lloyd's Register Foundation, una UK charity dedicata al a ricerca ed alla formazione nei settori delle scienze e dell'ingegneria Chi Siamo
Organizazione internazionale con attivit nelle aree del marino, offshore, energia, sistemi gestionali, e servizi di ispezioni industriali La nostra storia Fondato nel 1760 la prima Societ di Classifica Navale al Mondo Cosa ci distingue Integrit Imparzialit Eccellenza tecnica Le nuove Tecnologie trasformano i settori marittimo ed offshore Reduce costs Increase operational efficiencies Enhance safety Become more sustainable Reduce environmental impacts Insieme alle opportunit ci sono i RISCHI Nuove Tecnologie Automazione Connettivit Maggiori rischi Connettivit VSAT, 4G, wi-fi
Sistemi SCADA/ICS
GPS, ECDIS, AIS, etc. Il 'cyber risk' esiste a bordo, a terra e nei porti Il trend degli incidenti cyber 2018 Cyber-attack on COSCO causes 'network' breakdown' Il settore marittimo non immune Cyber threats have increased in frequency and seriousness in recent years,
demonstrating the need for greater cyber security measures. 2017 ' NotPetya' ransomware strikes the maritime industry 2014 US shipping port shut down by GPS jamming 2012 Malicious GPS signals affect 100+ oceangoing vessels 2011 Hackers target IRISL, damaging cargo numbers & destinations 2010 Oil platform shutdown by industrial control malware NotPetya ha colpito anche Maersk - 2017 $2.5 - $3bn
Petya Ransomware
total global losses July 2017 "The impact of [NotPetya] is
that we basically found that
we had to reinstall an entire
infrastructure' we had to install
4,000 new servers, 45,000 new
PCs, 2,500 applications.' Maersk Chairman - Jim Hagemann Snabe L'attacco Ransomware a Cosco Shipping - 2018 Cosco July 2018 On July 24, 2018, a cyber-attack on the
American region of China's state-run
shipping company, Cosco Shipping
Holdings, Co. The cyber-incident has been chalked up
to a 'local network breakdown' in the
Americas region, which impacted email
and telephone. In a remedial step, the
company cut communications with other
regions, although operations were
maintained. Il corpo normative Internazionale nel settore marittimo Lloyd's Register 10 ' EU Directive 2016/1148 sicurezza di Network and Information
Systems (NIS Directive) ' US President issued Executive Order 13636 'Improving Critical
Infrastructure Cybersecurity,' on February 12, 2013 ' USCG ' Cyber Strategy 2015 ' International Maritime Organisation (IMO) ' MSC-FAL.1/Circ.3 Guidance on maritime cyber risk management (in place after 1 Jan 2021) ' International Safety Management (ISM) Code ' ISM Code 2018, (MSC.42/98) La comunit Marittima e la Cyber Security Lloyd's Register 11 ' Joint Industry Working Group ' The guidelines on cyber security onboard of
ships - version 2.0 ' 2018 ' International Union of Marine Insurance ' Oil Companies International Marine Forum (TMSA ' 2017) ' USCG Cyber Security Framework Profiles (December 2017) ' IACS Cyber Security JIWG ' LR joint task force and new Cyber Security Framework La gestione olistica del Rischio Cyber ' Il triangolo ISA Lloyd's Register 13 Information Security Assurance Technolog y Process People Security Policies SL1 ' lone wolf / insiders
SL2 ' Hacktivists
SL3 ' Cyber Crime
SL4 ' Organized cyber crime and States Sponsored Actors Una 'cyber security' proporzionata alla minaccia ShipRight CSF Levels Intended for Technical controls (IEC62443) Protection (motivation and capability of attackers) ShipRight CSF Established Ship owners and managers at the start of their
cyber strategy. Needing to meet compliance with
regulations from organisations such as IMO,
BIMCO and TMSA. Ships and/or systems that
have not been designed for mature connectivity
or with onshore service suppliers. SL 1 Protection against casual or unintentional
violation (lonewolf/insiders) ShipRight CSF Enhanced Suitable for ships and their organisations that
have a basic level of cyber security maturity and
have increased levels of connectivity and
integration via 3rd parties, or for those facing a
heightened level of threat. SL 2 - 3 Protection against intentional violation
using simple or sophisticated means with
low or moderate resources, generic or
specific skills, and low or moderate
motivation. (Hacktivists,cybercrime) ShipRight CSF Optimizing Ships and their organisations that are highly
connected and widely utilise shore based
services to operate and manage the
vessels/fleet. Designed for organisations with a
large cyber threat attack surface or where the
risk is high due to the value of the critical
functions being performed. SL 4 Protection against intentional violation
using extended means with high
resources, specific skills, and high
motivation. (OrganisedcybercrimeandStatesponsored ThreatActors) Thank you paolo.scialla@lr.org


© Eiom - All rights Reserved     P.IVA 00850640186