Maritime Cyber
Risk Management Forum 25 June 2019
London

Maritime Cyber <br>Risk Management Forum

Programme

08.15 Registration and coffee (ground floor)

08.50 Welcome address from the conference chairmen
Philip Roche, Partner, Norton Rose Fulbright
Edwin Lampert, Head of Content, Riviera Maritime Media

09.00 Keynote: Maritime and Cybesecurity coordination

  • Specificities of the maritime domain – the French cross sectorial approach
  • Similarities between digital and maritime approaches
  • Global maritime cyber coordination – avoid the fear to share

Bruno Bender, Maritime Cybersecurity coordinator, Secretary for the Sea

SESSION ONE: REGULATIONS, COMPLIANCE AND RISK MANAGEMENT

This session provides up to date information on legal, regulatory and liability considerations and gives you the tools you need to build and develop an effective risk management strategy.

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

09.15 Legal and regulatory compliance in the cyber incident response context

  • Positive obligations under GDPR and how to comply with them in the cyber incident context.
  • Other obligations which may be of relevance, including NIS.
  • Going beyond “mere compliance” – how best to respond to cyber incidents in a way which mitigates the risk of losses and liabilities more generally?

Steven Hadwin, Head of Operations – Risk Advisory and Cyber Security, Norton Rose Fulbright

09.35 Cyber risk management - the guidelines on cyber security onboard ships

  • Identifying roles and responsibilities.
  • Identifying systems, assets, data and capabilities that pose risks to ship operations when disrupted.
  • Protect, detect, respond and recover: implementing risk control measures and contingency plans to provide resilience and restore systems vital for ship operations impacted by a cyber incident.

Michael Hawthorne, CEO, Cobweb Cyber

09.55 Insurance cover for liability and property damage arising from a cyber incident

  • Distinguish between the different aspects of the term “cyber”.
  • Ensure that you are acting with reasonable care in your approach to managing cyber risk.
  • Exclusion clauses - What losses are and aren’t covered by Norwegian Hull Club, which could arise from a cyber incident, and are not in the nature of third-party liabilities arising from the operation of the ship?

Leif Olav Sætenes, Senior Claim Handler, Norwegian Hull Club
Morten Aalén, Head of Loss Prevention and Emergency Response, Norwegian Hull Club

10.15 Q&As

10.35 Coffee and networking break in the exhibition area (Terrace Suite, 9th floor)

SESSION TWO: A VIEW FROM SHIPOWNERS AND SHIP OPERATORS

As there still seems to be an attitude of ‘it won’t happen to me’, How many shipping companies have understood the risks that satellite and onboard equipment bring? These case study presentations allow you to understand what ship owners are doing and not doing. How are they trying to cope, and which measures are they taking?

Session Chairman: Philip Roche, Partner, Norton Rose Fulbright

11.15 What can be learnt from a cyber-attack case study?

  • Where to start? How to take essential and necessary good first steps?
  • What is the protocol between onboard and ashore systems when strange connections and unusual plugging are detected?
  • How to test the security of the ship systems?
  • How service providers improve business security, helping companies implementing digitalisation and implementing programmes?

Senior Representative, OneTrust

11.35 Implementing the lessons learned from a major cyber attack

In June 2017 Maersk suffered a major NotPetya cyber-attack, this session explains lessons learned, and how they are now being applied within Maersk.

  • How the Cyber-attack happened?
  • How was it dealt with and what steps were taken?
  • What were the consequences?
  • What were the cost implications?
  • What was the follow up to the cyber threat? Contingency plan.

Andy Powell, CISO, A.P Moller – Maersk

11.55 Cyber lessons learned from Industrial Control Systems - What can the maritime industry learn from the ICS

  • What changes have happened in the post-Stuxnet era ICS world and the what challenges control system asset owners are facing?
  • What kind of approaches are the advanced manufacturing companies using in protecting their critical control systems?
  • What are the main challenges we still face nearly 10 years after Stuxnet?
  • How can maritime industry best utilise the ground work laid by the ICS community? ICS standards, frameworks and best practices applicable to the maritime industry.

Janne Taponen, Maritime Cyber Security Expert, F-Secure

12.15 Q&As

SESSION THREE: CYBERSECURITY INCIDENT SIMULATION EXERCISE

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

12.35 What is the magnitude of cyber risk?
Based on a cyber-attack scenario, you will be able to discuss the possible outcomes and solutions and highlight the complexity of the maritime cyber security sector. This will give you the opportunity to verify your own ideas and plans:

  • The problem is now, but what is the real magnitude of cyber risk?
  • Business security challenges to the exponential growth of the IoT. Are you on the verge of being attacked?
  • How do we convince the main boards of shipping companies to take cyber risks seriously?
  • Find the right balance and allocate a budget to reduce risk exposure and implement it.

Chaired by: Edwin Lampert, Head of Content, Riviera Maritime Media
Kieren Niĉolas Lovell, Incident Management Specialist, Tallinn University of Technlogy

Ken Munro, Consultant, Pen Test Partners
Elisa Cassi, Product Manager, Lloyd’s Register EMEA

13.35 Networking lunch in the exhibition area (Terrace Suite, 9th floor)

SESSION FOUR: THREATS TO CYBERSECURITY IN PORTS

This session will help ports and maritime operations understand and appraise the cyber security threats, balance digital opportunities with new cyber threats and raise cyber security to an acceptable level.

Session Chairman: Philip Roche, Partner, Norton Rose Fulbright

14.45 Effective implementation of cyber security for ports & terminals

  • Understanding your network
  • Structuring your plan
  • What you can do to get started

Senior Representative, ABS

15.05 Resilience planning - Maritime ports to up their game in cybersecurity

  • A solid cyber security plan is a must in any modern port. How ready are you?
  • Identifying actions for when a cyber event will occur.
  • Planning for protection against threats or categories of threats.
  • Creating a response plan that clarifies action and provides an incident response team.

Daniel Ng, CEO, Cyber Owl

15.25 Using AI for Real-Time Threat Detection across OT & IT

  • How to use artificial intelligence to detect emerging threats and latent vulnerabilities.
  • Achieving 100% visibility across OT, IT and Industrial IoT.
  • Real-world case studies of stealthy cyber-threats identified early by cyber AI – before a crisis occurred.

Andrew Tsonchev, Director of Technology, Darktrace

15.45 Q&As

16.05 Coffee and networking break in the exhibition area (Terrace Suite, 9th floor)

SESSION FIVE: HOW TO PREVENT CYBER-ATTACKS FROM HAPPENING?

What should the industry do to reduce cyber risks? Should cyber security responsibilities be moved up a level and from IT to Operations? A change in approach to the problem needs to occur. Stakeholders are spreading the risk awareness beyond those who are ready and engaged to those who aren’t to defeat the cyber threat.

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

16.45 Panel Discussion: The weakest link: the role of human error in cybersecurity

  • The importance of crew awareness to achieve more integrated risk management.
  • What tools are available to train staff onboard and ashore?
  • What resources and capabilities do ship companies have?
  • Security through collaboration - Combining ideas and experiences, such as a global Cybercrime reporting portal, for the benefit of the maritime community.
  • What are your legal obligations as a shipowner?

Panellists include:
Kewal Rai, Policy Adviser for Cyber Security, Department for Transport
Marie Kelly, Dispute Resolution and Litigation Partner, Norton Rose Fulbright
Anu Khurmi, Director, The Maritime Cyber Emergency Response Team (MCERT), Templar Executives
Prof. Keith Martin, Information Security Group, Royal Holloway, University of London

17.10 Q&As

 

SESSION SIX: RIVIERA MARITIME MEDIA CYBER SECURITY HUB

 

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media


Riviera Maritime Media Cyber Security Hub serves as an innovative start-up and pioneers’ incubator, designed to help develop ideas and early stage projects by tapping into the knowledge, skills and connections of attendees. Riviera Maritime Media Cyber Security Hub is for people who care about cyber technology and risk, to get fresh ideas, identify new opportunities and expand business and professional networks.


17.30 Cylance
Jason Dely, Professional Services Principal consultant, Cylance


17.40 University of Piraeus
Prof. Christos Douligeris, Department of informatics, University of Piraeus
Spyros Papastergiou, Technical Manager, University of Piraeus Research Centre

 

17.50 Q&As

 

18.00 Closing remarks from the conference chairmen

Edwin Lampert, Head of Content, Riviera Maritime Media
Philip Roche, Partner, Norton Rose Fulbright

18.10 Drinks reception in the Terrace Suite (9th floor) sponsored by International Registries, Inc

19.30 End of forum

* Programme subject to amendments/change

Partners


Gold Sponsor


Silver Sponsor