公告&动态 第217页

European Commission – Press release

Commission signs agreement with industry on cybersecurity and steps up efforts to tackle cyber-threats

Brussels, 5 July 2016

The Commission today launches a new public-private partnership on cybersecurity that is expected to trigger €1.8 billion of investment by 2020. This is part of a series of new initiatives to better equip Europe against cyber-attacks and to strengthen the competitiveness of its cybersecurity sector.

According to a recent survey, at least 80% of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38% in 2015. This damages European companies, whether they are big or small, and threats to undermine trust in the digital economy. As part of its Digital Single Market strategy the Commission wants to reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU.

Andrus Ansip, Vice-President for the Digital Single Market, said: "Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders. Today, we are proposing concrete measures to strengthen Europe's resilience against such attacks and secure the capacity needed for building and expanding our digital economy."

Günther H. Oettinger, Commissioner for the Digital Economy and Society, said: "Europe needs high quality, affordable and interoperable cybersecurity products and services. There is a major opportunity for our cybersecurity industry to compete in a fast-growing global market. We call on Member States and all cybersecurity bodies to strengthen cooperation and pool their knowledge, information and expertise to increase Europe's cyber resilience. The milestone partnership on cybersecurity signed today with the industry is a major step ."

Today's action plan includes the launch of the first European public private partnership on cybersecurity. The EU will invest €450 millionin this partnership, under its research and innovation programme Horizon 2020. Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more. This partnership will also include members from national, regional and local public administrations, research centres and academia. The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance. Commissioner Oettinger today signs the partnership with the ECSO in Strasbourg (photos and videos to be available at around 12.00 CET).

The Commission also sets out different measures to tackle the fragmentation of the EU cybersecurity market. Currently an ICT company might need to undergo different certification processes to sell its products and services in several Member States. The Commission will therefore look into a possible European certification framework for ICT security products.

A myriad of innovative European SMEs have emerged in niche markets (e.g. cryptography) and in well-established markets with new business models (e.g. antivirus software), but they are often unable to scale up their operations. The Commission wants to ease access to finance for smaller businesses working in the field of cybersecurity and will explore different options under the EU investment plan.

The Network and Information Security Directive, which is expected to be adopted by the European Parliament tomorrow, already creates a network of Computer Security Incident Response Teams across the EU in order to rapidly react to cyber threats and incidents. It also establishes a ‘Cooperation Group’ between Member States, to support and facilitate strategic cooperation as well as the exchange of information, and to develop trust and confidence. The Commission today calls on Member States to make the most of these new mechanisms and to strengthen coordination when and where possible. The Commission will propose how to enhance cross-border cooperation in case of a major cyber-incident. Given the speed with which the cybersecurity landscape is evolving, the Commission will also bring forward its evaluation of the European Union Agency for Network and Information Security (ENISA).This evaluation will assess whether ENISA's mandate and capabilities remain adequate to achieve its mission of supporting EU Member States in boosting their own cyber resilience. The Commission also examines how to strengthen and streamline cybersecurity cooperation across different sectors of the economy, including in cybersecurity training and education.

Background

Today's action plan finds its main roots in the 2015 Digital Single Market strategy, the 2013 EU Cybersecurity strategy and the forthcomingNetwork and Information Security (NIS) Directive. It builds on the recent Communications on Delivering the European Agenda on Security andCountering Hybrid Threats.

CEN and CENELEC welcome European Commission’s commitment to have a 'single standardization policy'

Brussels, 2 June 2016 – The European Standardization Committees CEN and CENELEC welcome the European Commission’s latest proposals concerning the future of the European Standardization System.  In particular, CEN and CENELEC are satisfied to see that the Commission has committed itself to having a more consistent and unified policy towards standardization, which serves to strengthen the Single Market and also supports the implementation of EU policies and legislation.

Responding to the European Commission’s Communication 'European Standards for the 21st Century' (COM(2016) 358 final), which was published on 1 June, Elena Santiago Cid, Director General of CEN and CENELEC said: "In CEN and CENELEC, we are very pleased to see that the European Commission has promised to have a much more coherent and integrated policy towards standardization. We believe that the 'single standardization policy' should encompass all economic sectors and fields of activity – including digital technologies, which until now have been addressed separately."

 "In today’s world, where digital and smart technologies are becoming ever more prevalent, it is increasingly difficult to draw the line between what is digital and what is not digital," said Ms Santiago Cid. "For example – in the domestic environment, appliances such as washing machines and refrigerators are becoming smarter, while home heating systems can also be connected to the internet. Meanwhile, in the workplace, digital interfaces are being integrated into all kinds of equipment and machinery. Therefore, it is necessary to ensure a more coherent and consistent approach towards standardization across all fields of activity, and this should also be reflected in the cooperation between the European Commission, the European Standardization Organizations and other stakeholders."

Referring to 'The annual Union work programme for European standardisation for 2017', which was also published on 1 June, Ms Santiago Cid stated: "We look forward to cooperating with the European Commission on the implementation of this work programme, and we especially welcome the renewed commitment to promoting the development of standards in relation to services. Based on experience, we know that having common standards at European level can help to strengthen the Single Market, boost growth and create jobs. However, the current situation is that service standards only account for 2% of all European standards, even though services represent 70% of the European economy. So there is enormous potential for standards to play a positive role in the future!"

CEN and CENELEC look forward to the launch of the 'Joint Initiative on Standardization' (JIS), which has been developed in the framework of the European Commission’s 'Single Market Strategy'. The JIS will be officially launched in Amsterdam on 13 June, during a major conference on the Single Market organized by the Dutch Presidency of the Council of the EU. Alongside the European Commission, EFTA and the European Standardization Organizations (CEN, CENELEC and ETSI), a wide range of stakeholders will participate in the JIS –  including European industry federations, societal stakeholder organizations, SBS (Small Business Standards) and national governments, among others.

"We welcome the fact that the Joint Initiative is bringing together such a wide range of stakeholders, and we believe that this will serve to further strengthen the European Standardization System, which is based on a public-private partnership that includes the European institutions, business and other stakeholders," said Ms Santiago Cid. "All of the standards published by CEN and CENELEC are developed by experts from industry – including small and medium-sized enterprises (SMEs), working together with representatives of societal stakeholders – including consumers, environmental and social interests. By following an inclusive approach and taking the views of different stakeholders into account, we can ensure that our standards meet market needs, and that they also contribute to achieving societal objectives such as accessibility and sustainability."

Notes

Defining ICT skills and competences for the digital economy
On 1 June 2016, the European Commission published the following documents:
•Communication 'European standards for the 21st century' (COM(2016) 358 final)
•The annual Union work programme for European standardisation for 2017 (COM(2016) 357 final)
•Tapping the potential of European service standards to help Europe's consumers and businesses (SWD(2016) 186 final)

CEN and CENELEC welcome European Commission’s commitment to have a 'single standardization policy'

Brussels, 2 June 2016 – The European Standardization Committees CEN and CENELEC welcome the European Commission’s latest proposals concerning the future of the European Standardization System.  In particular, CEN and CENELEC are satisfied to see that the Commission has committed itself to having a more consistent and unified policy towards standardization, which serves to strengthen the Single Market and also supports the implementation of EU policies and legislation.

Responding to the European Commission’s Communication 'European Standards for the 21st Century' (COM(2016) 358 final), which was published on 1 June, Elena Santiago Cid, Director General of CEN and CENELEC said: "In CEN and CENELEC, we are very pleased to see that the European Commission has promised to have a much more coherent and integrated policy towards standardization. We believe that the 'single standardization policy' should encompass all economic sectors and fields of activity – including digital technologies, which until now have been addressed separately."

 "In today’s world, where digital and smart technologies are becoming ever more prevalent, it is increasingly difficult to draw the line between what is digital and what is not digital," said Ms Santiago Cid. "For example – in the domestic environment, appliances such as washing machines and refrigerators are becoming smarter, while home heating systems can also be connected to the internet. Meanwhile, in the workplace, digital interfaces are being integrated into all kinds of equipment and machinery. Therefore, it is necessary to ensure a more coherent and consistent approach towards standardization across all fields of activity, and this should also be reflected in the cooperation between the European Commission, the European Standardization Organizations and other stakeholders."

Referring to 'The annual Union work programme for European standardisation for 2017', which was also published on 1 June, Ms Santiago Cid stated: "We look forward to cooperating with the European Commission on the implementation of this work programme, and we especially welcome the renewed commitment to promoting the development of standards in relation to services. Based on experience, we know that having common standards at European level can help to strengthen the Single Market, boost growth and create jobs. However, the current situation is that service standards only account for 2% of all European standards, even though services represent 70% of the European economy. So there is enormous potential for standards to play a positive role in the future!"

CEN and CENELEC look forward to the launch of the 'Joint Initiative on Standardization' (JIS), which has been developed in the framework of the European Commission’s 'Single Market Strategy'. The JIS will be officially launched in Amsterdam on 13 June, during a major conference on the Single Market organized by the Dutch Presidency of the Council of the EU. Alongside the European Commission, EFTA and the European Standardization Organizations (CEN, CENELEC and ETSI), a wide range of stakeholders will participate in the JIS –  including European industry federations, societal stakeholder organizations, SBS (Small Business Standards) and national governments, among others.

"We welcome the fact that the Joint Initiative is bringing together such a wide range of stakeholders, and we believe that this will serve to further strengthen the European Standardization System, which is based on a public-private partnership that includes the European institutions, business and other stakeholders," said Ms Santiago Cid. "All of the standards published by CEN and CENELEC are developed by experts from industry – including small and medium-sized enterprises (SMEs), working together with representatives of societal stakeholders – including consumers, environmental and social interests. By following an inclusive approach and taking the views of different stakeholders into account, we can ensure that our standards meet market needs, and that they also contribute to achieving societal objectives such as accessibility and sustainability."

Notes

Defining ICT skills and competences for the digital economy
On 1 June 2016, the European Commission published the following documents:
•Communication 'European standards for the 21st century' (COM(2016) 358 final)
•The annual Union work programme for European standardisation for 2017 (COM(2016) 357 final)
•Tapping the potential of European service standards to help Europe's consumers and businesses (SWD(2016) 186 final)

Piracy has posed a major security threat to mariners everywhere, from Asia to the Mediterranean, since time immemorial. In the future, threats from armed gangs boarding ships and holding vessels and crews for ransom may be replaced by ones from cyberspace. Every day, many institutions, establishments and individuals are the targets of cyberattacks. While the maritime industry has yet to record a major cyber incident, it recognizes that it is only a matter of time before some of its assets are targeted. As a result, it is taking pre-emptive measures, which include the adoption of International Standards, to mitigate the possibility of cyberattacks and their potential impact.

Armed piracy still a major threat to shipping

Armed robbery and piracy against ships still poses a significant threat to shipping; it is concentrated in certain areas but has dropped 44% since 2011 when Somali pirates were most active. The International Chamber of Commerce (ICC) International Maritime Bureau (IMB) 2015 annual report on "Piracy and armed robbery against ships" recorded 246 incidents worldwide in 2015 (as against 245 in 2014 and 439 in 2011). Nearly 60% of these incidents (147) took place in Southeast Asia. The report indicates that 203 vessels were boarded, that there were also 27 attempted attacks and 15 hijackings and that 333 crew were victims of various acts of violence ranging from kidnapping to being kept hostage, being injured or even killed (one case). Bulk carriers, tankers of various types and container and cargo ships made up some 90% of the targets. The cost to the industry represents billions of dollars. However a new, less spectacular form of piracy, cyberpiracy, looms on the horizon. It may prove far more costly and quite possibly no less dangerous to the shipping industry.

Cyber incidents on ships are not unusual

Cyberattacks on a broad range of sectors for fraudulent or malicious reasons are widely reported on a nearly daily basis. Financial losses, which are often considerable, are also detailed. The maritime industry has yet to make headlines in this domain. However, this doesn't mean that it is not targeted or that it is safe. Cyberattacks against maritime assets would have particularly serious ramifications since around 80% of global trade by volume and over 70% of global trade by value is carried by sea and is handled by ports worldwide, according to UNCTAD, the United Nations Conference on Trade and Development.

Furthermore, ships represent very high value assets. The cost of an 18 000 Twenty Foot Equivalent Unit (TEU) container ship, one of the largest types currently sailing, is around USD 200 million. If its cargo is included, it can be worth one billion dollars or more.   

The International Maritime Organization (IMO), the UN specialized agency with responsibility for the safety and security of shipping and the prevention of marine pollution by ships, is now considering cyber security matters together with other bodies and relevant international organizations.

Gert-Jan Panken, a senior executive from Inmarsat, the global satellite communication company set up by the IMO, told participants to a recent Maritime Cyber Risk Management Summit held in London, that 43% of seafarers reported having worked on vessels that had been compromised by a cyber incident, which could have constituted malware insertion, digital virus attack or software updating issues. Some 95% of cyber incidents were human-related, yet only 10% of crew surveyed had received some form of cyber security training, according to Marine Electronics & Communications. This fact points to a major weakness that should, however, be relatively easily remedied by applying appropriate training measures.

Humans are not alone as the weakest links

Outdated software and ships not designed with modern cyber security in mind are two existing vulnerabilities that have been identified in a study led by Plymouth University’s Maritime Cyberthreats Research Group. The paper, published in Engineering and Technology Reference, notes that maritime-related systems for navigation, propulsion, and cargo-related functions can be the targets of cyber-attacks. It points out that “the [maritime] sector is probably the most vulnerable aspect of critical national infrastructure”.

Cyber incidents could affect a number of systems and points of entry. Some of these were identified by speakers at the Maritime Cyber Risk Management Summit. They include the Automatic Identification System (AIS), Global Positioning System (GPS) and inputs to the Electronic Chart Display and Information System (ECDIS). They could also come from connection to online services over satellite communications, in-port WiFi, or through contractors providing remote monitoring services, or engineers updating shipboard system software. The Global Maritime Distress and Safety System (GMDSS) developed by the IMO is seen as another potential target of cyber attacks.

IEC TC 80: Maritime navigation and radiocommunication equipment and systems, is involved in developing International Standards for many of these systems.

It has published 12 Standards covering various aspects of GMDSS (based on IMO resolutions) in the IEC 61097 series. It has also developed International Standards for AIS and ECDIS.

Growing awareness from the sector

A number of maritime industry organizations and bodies have highlighted the potential risks posed by cyber incidents and are preparing for these.

A September 2015 information paper on cyber risk by the Joint Hull Committee (JHC), which brings together underwriting representatives from both Lloyd’s and the International Underwriting Association of London(IUA) notes that "the risk of a loss to a ship as a result of cyber disruption is foreseeable, but is not yet a reality".

The Baltic and International Maritime Council (BIMCO), the world’s largest international shipping association, published guidelines on cyber security onboard ships in January 2016. BIMCO Secretary General Angus Frewsaid at the time that the aim of these guidelines was “to provide the shipping industry with clear and comprehensive information on cyber security risks to ships”. He added that they “should help companies take a risk-based approach to cyber security that is specific to their business and the ships they operate”.

Canada and the United States submitted a framework document for cyber risk management (CRM) to the IMO Facilitation Committee in January 2016. These “Guidelines on the facilitation aspects of protecting the maritime transport network from cyberthreats”, list five functional elements – identify, protect, detect, respond, recover – “which taken together can form the foundation of an effective CRM system”.

Cyber risk management guidelines rest on International Standards

A common thread to all these documents is that they show clearly that all the measures recommended to be taken to ensure better cyber security rest on a number of International Standards, many of which are developed by ISO/IEC JTC 1/SC 27: Security Techniques.

ISO/IEC JTC 1/SC 27 is a Subcommittee of ISO/IEC JTC 1, the Joint TC formed by the IEC and the International Organization for Standardization (ISO) to prepare International Standards for Information Technology.

The Guidelines submitted by Canada and the US to IMO list the following CRM-related Standards and Technical requirements (TR) developed by ISO/IEC JTC 1/SC 27:

ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements

ISO/IEC TR 27019:2013, Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry

ISO/IEC 27031:2011, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

ISO/IEC 27033-3: 2010, Information technology – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues

ISO/IEC 27039:2015, Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS)

The BIMCO Guidelines focus on “issues facing the shipping industry onboard ships” but gives the “ISO/IEC 27000 series of Information Security Management Systems (ISMS) standards” as an example of international standards and guidelines that “cover cyber security issues for shoreside operations.”

As for the JHC, its Cyber Risk Assessment Guidance background checks state that shipping companies should carry out “a thorough threat assessment, contemplating (…) the current level of compliance with international security standards (ISO/IEC 27001 / ISO/IEC 27002, NERC [North American Electric Reliability Corporation] 1300, ISA/IEC 62443). The IEC 62443 series of IS, TS and TR on Industrial communication networks/network and system security, is developed by IEC TC 65:  Industrial-process measurement, control and automation.

Cyber incidents may not stay limited to cargo theft and smuggling for long

In recent years a number of cyber incidents focusing on cargo rather than vessels have been reported.

In June 2013 Belgian and Dutch police broke a drug smuggling ring after tracking down hackers who had penetrated shipping companies computers to follow the movement of containers loaded with drugs to let traffickers locate the right containers and remove them undetected.

Pirates have also been found to have hacked a shipping company’s computers to locate valuable cargo, according to findings published in a data breach investigation report by Verizon. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate – and that crate only – and then depart the vessel without further incident,” the report notes.

So far no major shipping disaster has resulted from cyber attacks. However, the industry considers this to be a possibility, as previously mentioned reports indicate. Insurers also worry about the possibility of a shipping disaster resulting from a cyber incident. In its 2015 Safety and Shipping Review, Allianz Global Corporate & Specialty notes that “A cyber-attack could result in a total loss, leading to substantial insurance claims for hull, cargo and protection & indemnity underwriters. It could even involve multiple vessels from the same company”.

Allianz says that the cost of a maritime disaster involving two megaships could reach USD 2 billion.

The trend towards increased automation and ongoing work on the introduction of remotely operated unmanned vessels, may see cyber incidents on shipping assets increase in the future.

Reports and recommendations from the IMO and the maritime sector organizations show that the cyberthreats are being taken seriously; these reports also show that International Standards developed by the IEC on its own or within ISO/IEC JTC 1 are seen as central to protecting shipping against these threats.

 

 

 

 

 

 

 

Piracy has posed a major security threat to mariners everywhere, from Asia to the Mediterranean, since time immemorial. In the future, threats from armed gangs boarding ships and holding vessels and crews for ransom may be replaced by ones from cyberspace. Every day, many institutions, establishments and individuals are the targets of cyberattacks. While the maritime industry has yet to record a major cyber incident, it recognizes that it is only a matter of time before some of its assets are targeted. As a result, it is taking pre-emptive measures, which include the adoption of International Standards, to mitigate the possibility of cyberattacks and their potential impact.

Armed piracy still a major threat to shipping

Armed robbery and piracy against ships still poses a significant threat to shipping; it is concentrated in certain areas but has dropped 44% since 2011 when Somali pirates were most active. The International Chamber of Commerce (ICC) International Maritime Bureau (IMB) 2015 annual report on "Piracy and armed robbery against ships" recorded 246 incidents worldwide in 2015 (as against 245 in 2014 and 439 in 2011). Nearly 60% of these incidents (147) took place in Southeast Asia. The report indicates that 203 vessels were boarded, that there were also 27 attempted attacks and 15 hijackings and that 333 crew were victims of various acts of violence ranging from kidnapping to being kept hostage, being injured or even killed (one case). Bulk carriers, tankers of various types and container and cargo ships made up some 90% of the targets. The cost to the industry represents billions of dollars. However a new, less spectacular form of piracy, cyberpiracy, looms on the horizon. It may prove far more costly and quite possibly no less dangerous to the shipping industry.

Cyber incidents on ships are not unusual

Cyberattacks on a broad range of sectors for fraudulent or malicious reasons are widely reported on a nearly daily basis. Financial losses, which are often considerable, are also detailed. The maritime industry has yet to make headlines in this domain. However, this doesn't mean that it is not targeted or that it is safe. Cyberattacks against maritime assets would have particularly serious ramifications since around 80% of global trade by volume and over 70% of global trade by value is carried by sea and is handled by ports worldwide, according to UNCTAD, the United Nations Conference on Trade and Development.

Furthermore, ships represent very high value assets. The cost of an 18 000 Twenty Foot Equivalent Unit (TEU) container ship, one of the largest types currently sailing, is around USD 200 million. If its cargo is included, it can be worth one billion dollars or more.   

The International Maritime Organization (IMO), the UN specialized agency with responsibility for the safety and security of shipping and the prevention of marine pollution by ships, is now considering cyber security matters together with other bodies and relevant international organizations.

Gert-Jan Panken, a senior executive from Inmarsat, the global satellite communication company set up by the IMO, told participants to a recent Maritime Cyber Risk Management Summit held in London, that 43% of seafarers reported having worked on vessels that had been compromised by a cyber incident, which could have constituted malware insertion, digital virus attack or software updating issues. Some 95% of cyber incidents were human-related, yet only 10% of crew surveyed had received some form of cyber security training, according to Marine Electronics & Communications. This fact points to a major weakness that should, however, be relatively easily remedied by applying appropriate training measures.

Humans are not alone as the weakest links

Outdated software and ships not designed with modern cyber security in mind are two existing vulnerabilities that have been identified in a study led by Plymouth University’s Maritime Cyberthreats Research Group. The paper, published in Engineering and Technology Reference, notes that maritime-related systems for navigation, propulsion, and cargo-related functions can be the targets of cyber-attacks. It points out that “the [maritime] sector is probably the most vulnerable aspect of critical national infrastructure”.

Cyber incidents could affect a number of systems and points of entry. Some of these were identified by speakers at the Maritime Cyber Risk Management Summit. They include the Automatic Identification System (AIS), Global Positioning System (GPS) and inputs to the Electronic Chart Display and Information System (ECDIS). They could also come from connection to online services over satellite communications, in-port WiFi, or through contractors providing remote monitoring services, or engineers updating shipboard system software. The Global Maritime Distress and Safety System (GMDSS) developed by the IMO is seen as another potential target of cyber attacks.

IEC TC 80: Maritime navigation and radiocommunication equipment and systems, is involved in developing International Standards for many of these systems.

It has published 12 Standards covering various aspects of GMDSS (based on IMO resolutions) in the IEC 61097 series. It has also developed International Standards for AIS and ECDIS.

Growing awareness from the sector

A number of maritime industry organizations and bodies have highlighted the potential risks posed by cyber incidents and are preparing for these.

A September 2015 information paper on cyber risk by the Joint Hull Committee (JHC), which brings together underwriting representatives from both Lloyd’s and the International Underwriting Association of London(IUA) notes that "the risk of a loss to a ship as a result of cyber disruption is foreseeable, but is not yet a reality".

The Baltic and International Maritime Council (BIMCO), the world’s largest international shipping association, published guidelines on cyber security onboard ships in January 2016. BIMCO Secretary General Angus Frewsaid at the time that the aim of these guidelines was “to provide the shipping industry with clear and comprehensive information on cyber security risks to ships”. He added that they “should help companies take a risk-based approach to cyber security that is specific to their business and the ships they operate”.

Canada and the United States submitted a framework document for cyber risk management (CRM) to the IMO Facilitation Committee in January 2016. These “Guidelines on the facilitation aspects of protecting the maritime transport network from cyberthreats”, list five functional elements – identify, protect, detect, respond, recover – “which taken together can form the foundation of an effective CRM system”.

Cyber risk management guidelines rest on International Standards

A common thread to all these documents is that they show clearly that all the measures recommended to be taken to ensure better cyber security rest on a number of International Standards, many of which are developed by ISO/IEC JTC 1/SC 27: Security Techniques.

ISO/IEC JTC 1/SC 27 is a Subcommittee of ISO/IEC JTC 1, the Joint TC formed by the IEC and the International Organization for Standardization (ISO) to prepare International Standards for Information Technology.

The Guidelines submitted by Canada and the US to IMO list the following CRM-related Standards and Technical requirements (TR) developed by ISO/IEC JTC 1/SC 27:

ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements

ISO/IEC TR 27019:2013, Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry

ISO/IEC 27031:2011, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

ISO/IEC 27033-3: 2010, Information technology – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues

ISO/IEC 27039:2015, Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS)

The BIMCO Guidelines focus on “issues facing the shipping industry onboard ships” but gives the “ISO/IEC 27000 series of Information Security Management Systems (ISMS) standards” as an example of international standards and guidelines that “cover cyber security issues for shoreside operations.”

As for the JHC, its Cyber Risk Assessment Guidance background checks state that shipping companies should carry out “a thorough threat assessment, contemplating (…) the current level of compliance with international security standards (ISO/IEC 27001 / ISO/IEC 27002, NERC [North American Electric Reliability Corporation] 1300, ISA/IEC 62443). The IEC 62443 series of IS, TS and TR on Industrial communication networks/network and system security, is developed by IEC TC 65:  Industrial-process measurement, control and automation.

Cyber incidents may not stay limited to cargo theft and smuggling for long

In recent years a number of cyber incidents focusing on cargo rather than vessels have been reported.

In June 2013 Belgian and Dutch police broke a drug smuggling ring after tracking down hackers who had penetrated shipping companies computers to follow the movement of containers loaded with drugs to let traffickers locate the right containers and remove them undetected.

Pirates have also been found to have hacked a shipping company’s computers to locate valuable cargo, according to findings published in a data breach investigation report by Verizon. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate – and that crate only – and then depart the vessel without further incident,” the report notes.

So far no major shipping disaster has resulted from cyber attacks. However, the industry considers this to be a possibility, as previously mentioned reports indicate. Insurers also worry about the possibility of a shipping disaster resulting from a cyber incident. In its 2015 Safety and Shipping Review, Allianz Global Corporate & Specialty notes that “A cyber-attack could result in a total loss, leading to substantial insurance claims for hull, cargo and protection & indemnity underwriters. It could even involve multiple vessels from the same company”.

Allianz says that the cost of a maritime disaster involving two megaships could reach USD 2 billion.

The trend towards increased automation and ongoing work on the introduction of remotely operated unmanned vessels, may see cyber incidents on shipping assets increase in the future.

Reports and recommendations from the IMO and the maritime sector organizations show that the cyberthreats are being taken seriously; these reports also show that International Standards developed by the IEC on its own or within ISO/IEC JTC 1 are seen as central to protecting shipping against these threats.

 

 

 

 

 

 

 

 

Enabling sustainable and smart cities for improved quality of life

IEC, ISO and ITU host international forum to tackle pain points that limit Smart Cities’ development

Geneva, Switzerland, 2016-07-14 – Smart Cities promise improved quality of life for the world’s estimated 3.9 billion urban dwellers(1), while at the same time allowing better, more efficient use of resources and improved security. However many barriers limit Smart City development. Key pain points that inhibit Smart Cities have been under the spotlight at the first World Smart City Forum, held in Singapore on 13 July 2016.

The Forum was organized by the IEC (International Electrotechnical Commission), in partnership with ISO (International Organization for Standardization) and ITU (International Telecommunication Union). These three organizations publish International Standards that provide technical tools to enable the integration of city services and technologies.

The World Smart City Forum recognized that cities battle with pain points like the sustainable supply of energy or water, or the elimination of the gridlock and related pollution caused by congested transport networks.

City leaders and international experts shared insights into how major efficiency gains can be made by horizontally interconnecting individual systems such as energy, water, sanitation and waste management, transportation, and security.

However, as the Forum heard, on the operational level many of the systems used in today’s cities are from different suppliers and maintained by different agencies who sometimes work in isolation. To connect them both physically and virtually, standardized interfaces need to be put in place, and this is where IEC, ISO and ITU have a global leadership role.

Now more than ever before, many different organizations and entities need to collaborate to help make cities smarter. Meeting the challenges of technology integration will demand broad cooperation via a systems approach. For city planners, utilities and service providers, International Standards are essential enablers, assuring an expected performance level and compatibility between technologies.

Says Frans Vreeswijk, IEC General Secretary and CEO: “Energy is the golden thread that allows cities and economies to prosper. We know that almost 70% of all energy produced globally is consumed by cities and that by 2050, an estimated 66% of the world’s population will live in urban areas. City authorities will face unprecedented challenges of satisfying their citizens’ basic needs while increasing their sustainability. IEC is committed to helping cities reach their Smart City objectives faster, more efficiently and with better outcomes. Moreover we welcome active, ongoing participation in our Smart City work.”

On 15 July the IEC System Committee (SyC) on Smart Cities will be launched, with representatives from more than 20 countries convening in Singapore. This new Systems Committee will foster the development of International Standards in the field of electrotechnology to help with the integration, interoperability and effectiveness of city systems.

Says Kevin McKinley, Acting ISO Secretary-General: "International Standards are the foundation for building smarter, more sustainable urban environments. They help systems and products work together, and spread new ideas, technology and efficiency. For example, ISO's work on city indicators helps cities identify the areas they need to improve on, and the recently published standard on sustainable development in communities will help communities themselves own and drive their future. In addition, ISO has many standards on water, transportation, construction and many other sectors will help cities address the diverse challenges they face."

Says Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau: “The information and communication technology (ICT) sector has gained a diverse range of new stakeholders in recent years, and we see ample evidence of this in the Smart City arena. The World Smart City Forum in Singapore offered valuable input to ITU’s standardization work, contributing to our ongoing efforts to ensure that ICT standardization speaks to the needs of the many public and private-sector actors deploying ICTs as enabling technologies to meet smart-city objectives.”

Says Tan Kok Yam, Head of the Smart Nation Programme Office, Prime Minister’s Office, Singapore: “Collaboration is key in a complex world where digital technology offers so much potential, and at the same time, comes with many challenges. Governments and businesses need to work closely to address the challenges of sustainability, transport, housing and healthcare, among others. Standards that enable inter-operability increase mutual trust, and strengthen systems resilience and cybersecurity are critical key enablers to the open creative environment that we seek.

About the World Smart City Forum, 13 July 2016, Singapore #worldsmartcity2016

The World Smart City Forum was held on Wednesday, 13 July 2016 at the Sands Expo and Convention Centre, Marina Bay Sands in Singapore, co-located with the World Cities Summit and Singapore International Water Week.

More than 400 city planners, city leaders, architects, utilities, transport planners, safety/security/data specialists, standardization specialists and industry representatives joined the event. The Forum was supported by many important city organizations and international, regional and national standards bodies. World experts addressed key pain points that hinder Smart City development during World Smart City Forum and live-stream in Singapore on 13 July 2016. Programme available here.

About the World Smart City community www.worldsmartcity.org

The online community gathers relevant city stakeholders globally and engages them in value-add discussions and high-level networking. The aim is to crystalize pain points, break down barriers and encourage communication to support faster Smart City development activities.

In addition to high-level VIPs, the community is attracting professionals such as city planners, architects, consultants, utilities, transport planners, safety/security/data specialists, standardization specialists, and solution providers. You can join the community here.

1. United Nations, Department of Economic and Social Affairs, Population Division (2015). World Urbanization Prospects: The 2014 Revision, (ST/ESA/SER.A/366). https://esa.un.org/unpd/wup/Publications/Files/WUP2014-Report.pdf

 

Enabling sustainable and smart cities for improved quality of life

IEC, ISO and ITU host international forum to tackle pain points that limit Smart Cities’ development

Geneva, Switzerland, 2016-07-14 – Smart Cities promise improved quality of life for the world’s estimated 3.9 billion urban dwellers(1), while at the same time allowing better, more efficient use of resources and improved security. However many barriers limit Smart City development. Key pain points that inhibit Smart Cities have been under the spotlight at the first World Smart City Forum, held in Singapore on 13 July 2016.

The Forum was organized by the IEC (International Electrotechnical Commission), in partnership with ISO (International Organization for Standardization) and ITU (International Telecommunication Union). These three organizations publish International Standards that provide technical tools to enable the integration of city services and technologies.

The World Smart City Forum recognized that cities battle with pain points like the sustainable supply of energy or water, or the elimination of the gridlock and related pollution caused by congested transport networks.

City leaders and international experts shared insights into how major efficiency gains can be made by horizontally interconnecting individual systems such as energy, water, sanitation and waste management, transportation, and security.

However, as the Forum heard, on the operational level many of the systems used in today’s cities are from different suppliers and maintained by different agencies who sometimes work in isolation. To connect them both physically and virtually, standardized interfaces need to be put in place, and this is where IEC, ISO and ITU have a global leadership role.

Now more than ever before, many different organizations and entities need to collaborate to help make cities smarter. Meeting the challenges of technology integration will demand broad cooperation via a systems approach. For city planners, utilities and service providers, International Standards are essential enablers, assuring an expected performance level and compatibility between technologies.

Says Frans Vreeswijk, IEC General Secretary and CEO: “Energy is the golden thread that allows cities and economies to prosper. We know that almost 70% of all energy produced globally is consumed by cities and that by 2050, an estimated 66% of the world’s population will live in urban areas. City authorities will face unprecedented challenges of satisfying their citizens’ basic needs while increasing their sustainability. IEC is committed to helping cities reach their Smart City objectives faster, more efficiently and with better outcomes. Moreover we welcome active, ongoing participation in our Smart City work.”

On 15 July the IEC System Committee (SyC) on Smart Cities will be launched, with representatives from more than 20 countries convening in Singapore. This new Systems Committee will foster the development of International Standards in the field of electrotechnology to help with the integration, interoperability and effectiveness of city systems.

Says Kevin McKinley, Acting ISO Secretary-General: "International Standards are the foundation for building smarter, more sustainable urban environments. They help systems and products work together, and spread new ideas, technology and efficiency. For example, ISO's work on city indicators helps cities identify the areas they need to improve on, and the recently published standard on sustainable development in communities will help communities themselves own and drive their future. In addition, ISO has many standards on water, transportation, construction and many other sectors will help cities address the diverse challenges they face."

Says Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau: “The information and communication technology (ICT) sector has gained a diverse range of new stakeholders in recent years, and we see ample evidence of this in the Smart City arena. The World Smart City Forum in Singapore offered valuable input to ITU’s standardization work, contributing to our ongoing efforts to ensure that ICT standardization speaks to the needs of the many public and private-sector actors deploying ICTs as enabling technologies to meet smart-city objectives.”

Says Tan Kok Yam, Head of the Smart Nation Programme Office, Prime Minister’s Office, Singapore: “Collaboration is key in a complex world where digital technology offers so much potential, and at the same time, comes with many challenges. Governments and businesses need to work closely to address the challenges of sustainability, transport, housing and healthcare, among others. Standards that enable inter-operability increase mutual trust, and strengthen systems resilience and cybersecurity are critical key enablers to the open creative environment that we seek.

About the World Smart City Forum, 13 July 2016, Singapore #worldsmartcity2016

The World Smart City Forum was held on Wednesday, 13 July 2016 at the Sands Expo and Convention Centre, Marina Bay Sands in Singapore, co-located with the World Cities Summit and Singapore International Water Week.

More than 400 city planners, city leaders, architects, utilities, transport planners, safety/security/data specialists, standardization specialists and industry representatives joined the event. The Forum was supported by many important city organizations and international, regional and national standards bodies. World experts addressed key pain points that hinder Smart City development during World Smart City Forum and live-stream in Singapore on 13 July 2016. Programme available here.

About the World Smart City community www.worldsmartcity.org

The online community gathers relevant city stakeholders globally and engages them in value-add discussions and high-level networking. The aim is to crystalize pain points, break down barriers and encourage communication to support faster Smart City development activities.

In addition to high-level VIPs, the community is attracting professionals such as city planners, architects, consultants, utilities, transport planners, safety/security/data specialists, standardization specialists, and solution providers. You can join the community here.

1. United Nations, Department of Economic and Social Affairs, Population Division (2015). World Urbanization Prospects: The 2014 Revision, (ST/ESA/SER.A/366). https://esa.un.org/unpd/wup/Publications/Files/WUP2014-Report.pdf

New ISO technical specification fuels hydrogen future

Imagine in the future, driving your hydrogen car and gassing it up at a hydrogen fuelling station. Sounds pretty futuristic, doesn't it? But, it's not as far-fetched as we think. ISO is working today to fuel hydrogen technologies into a booming industry.

The roll-out of technical specification ISO/TS 19880-1:2016 serves as an important guideline on safety and performance for hydrogen fuelling stations and will contribute to their worldwide deployment.

Aside from the actual vehicle technology, the creation of a fuelling station network is essential to the market development of these new vehicles. Fuel cell electric vehicles (FCEVs) can be refuelled in as little as 3-5 minutes at a hydrogen refuelling station, offering refuelling times similar to those of conventional petrol or diesel cars. At the moment, however, there are just a limited number of hydrogen refuelling stations with this capability.

Designed by hydrogen suppliers, hydrogen organizations, local and national governments and automakers from North America, Europe and Asia, ISO/TS 19880-1:2016 is the first step towards standardizing hydrogen filling stations and creating a hydrogen infrastructure. It covers the processes from hydrogen production and delivery to compression, storage and fuelling of a hydrogen vehicle.

The new technical specification is particularly important for the roll out of hydrogen stations in Europe per the EU Alternative Fuels Infrastructure Directive. There are plans to build several hundred hydrogen fuelling stations in Europe by 2020, in addition to similar plans in Japan and the USA.

ISO/TS 19880-1 provides technical guidance to ensure general safety and performance of a hydrogen fuelling station as well as for its key components and processes from on-site hydrogen production and delivery to compression, storage and fuelling of a hydrogen vehicle, including validation of the fuelling process and fuel quality control at the station. It aims to achieving the level of safety at a minimum on par with conventional fuelling stations. It uses risk-informed and evidence-based approach to guide its requirements.

ISO/TS 19880-1:2016, Gaseous hydrogen – Fuelling stations – Part 1: General requirements, supersedes the earlier ISO/TS 20100:2008, and is part of a series of standards covering the critical components necessary for a fuelling station. Experts in ISO/TC 197 – the committee for hydrogen technology standards – are already working on the next step – the development of an International Standard, to be published in 2017.

ISO tackles early warning system for landslides

A landslide often causes high material damage with corresponding costs or even personal injury and death. Now, new work on early warning systems started by ISO will help warn populations in disaster prone areas of the risks and actions needed in the likelihood of a landslide.

The first-of-its-kind proposal, ISO/AWI 21499, Security and resilience – community-based landslide early warning system, will serve to empower individuals and communities who are vulnerable to landslides to act in sufficient time in appropriate ways to reduce the possibility of injuries, loss of life and damage to property and the environment. It is designed to encourage communities to play a much more active role in their own protection.

The guidelines will be used by communities vulnerable to landslide, government agencies and non-governmental organizations at central, provincial, municipality/district, sub-district, and village levels. Its recommendations will include the following:
•Risk assessment
•Dissemination and communication
•Establishment of disaster preparedness and response team
•Development of evacuation route and map
•Development of standard operating procedures
•Monitoring, early warning, and evacuation drill
•Commitment of the local government and community on the operation and maintenance of the whole system

The implementation of early warning systems in the world is in line with the Sendai Framework for action, endorsed by the UN General Assembly following the 2015 Third UN World Conference on Disaster Risk Reduction (WCDRR). One of the four priorities emphasizes the improvement of preparedness in order to respond effectively to a disaster, by implementing a simple, low-cost early warning system and improving the dissemination of information.

The future standard will be developed by ISO/TC 292, Security and resilience. Forty-three countries participate in the committee’s work, under Swedish (SIS) leadership, with another 14 as observers.

For more information: ISO/TC 292 home page