公告&动态 第225页

Piracy has posed a major security threat to mariners everywhere, from Asia to the Mediterranean, since time immemorial. In the future, threats from armed gangs boarding ships and holding vessels and crews for ransom may be replaced by ones from cyberspace. Every day, many institutions, establishments and individuals are the targets of cyberattacks. While the maritime industry has yet to record a major cyber incident, it recognizes that it is only a matter of time before some of its assets are targeted. As a result, it is taking pre-emptive measures, which include the adoption of International Standards, to mitigate the possibility of cyberattacks and their potential impact.

Armed piracy still a major threat to shipping

Armed robbery and piracy against ships still poses a significant threat to shipping; it is concentrated in certain areas but has dropped 44% since 2011 when Somali pirates were most active. The International Chamber of Commerce (ICC) International Maritime Bureau (IMB) 2015 annual report on "Piracy and armed robbery against ships" recorded 246 incidents worldwide in 2015 (as against 245 in 2014 and 439 in 2011). Nearly 60% of these incidents (147) took place in Southeast Asia. The report indicates that 203 vessels were boarded, that there were also 27 attempted attacks and 15 hijackings and that 333 crew were victims of various acts of violence ranging from kidnapping to being kept hostage, being injured or even killed (one case). Bulk carriers, tankers of various types and container and cargo ships made up some 90% of the targets. The cost to the industry represents billions of dollars. However a new, less spectacular form of piracy, cyberpiracy, looms on the horizon. It may prove far more costly and quite possibly no less dangerous to the shipping industry.

Cyber incidents on ships are not unusual

Cyberattacks on a broad range of sectors for fraudulent or malicious reasons are widely reported on a nearly daily basis. Financial losses, which are often considerable, are also detailed. The maritime industry has yet to make headlines in this domain. However, this doesn't mean that it is not targeted or that it is safe. Cyberattacks against maritime assets would have particularly serious ramifications since around 80% of global trade by volume and over 70% of global trade by value is carried by sea and is handled by ports worldwide, according to UNCTAD, the United Nations Conference on Trade and Development.

Furthermore, ships represent very high value assets. The cost of an 18 000 Twenty Foot Equivalent Unit (TEU) container ship, one of the largest types currently sailing, is around USD 200 million. If its cargo is included, it can be worth one billion dollars or more.   

The International Maritime Organization (IMO), the UN specialized agency with responsibility for the safety and security of shipping and the prevention of marine pollution by ships, is now considering cyber security matters together with other bodies and relevant international organizations.

Gert-Jan Panken, a senior executive from Inmarsat, the global satellite communication company set up by the IMO, told participants to a recent Maritime Cyber Risk Management Summit held in London, that 43% of seafarers reported having worked on vessels that had been compromised by a cyber incident, which could have constituted malware insertion, digital virus attack or software updating issues. Some 95% of cyber incidents were human-related, yet only 10% of crew surveyed had received some form of cyber security training, according to Marine Electronics & Communications. This fact points to a major weakness that should, however, be relatively easily remedied by applying appropriate training measures.

Humans are not alone as the weakest links

Outdated software and ships not designed with modern cyber security in mind are two existing vulnerabilities that have been identified in a study led by Plymouth University’s Maritime Cyberthreats Research Group. The paper, published in Engineering and Technology Reference, notes that maritime-related systems for navigation, propulsion, and cargo-related functions can be the targets of cyber-attacks. It points out that “the [maritime] sector is probably the most vulnerable aspect of critical national infrastructure”.

Cyber incidents could affect a number of systems and points of entry. Some of these were identified by speakers at the Maritime Cyber Risk Management Summit. They include the Automatic Identification System (AIS), Global Positioning System (GPS) and inputs to the Electronic Chart Display and Information System (ECDIS). They could also come from connection to online services over satellite communications, in-port WiFi, or through contractors providing remote monitoring services, or engineers updating shipboard system software. The Global Maritime Distress and Safety System (GMDSS) developed by the IMO is seen as another potential target of cyber attacks.

IEC TC 80: Maritime navigation and radiocommunication equipment and systems, is involved in developing International Standards for many of these systems.

It has published 12 Standards covering various aspects of GMDSS (based on IMO resolutions) in the IEC 61097 series. It has also developed International Standards for AIS and ECDIS.

Growing awareness from the sector

A number of maritime industry organizations and bodies have highlighted the potential risks posed by cyber incidents and are preparing for these.

A September 2015 information paper on cyber risk by the Joint Hull Committee (JHC), which brings together underwriting representatives from both Lloyd’s and the International Underwriting Association of London(IUA) notes that "the risk of a loss to a ship as a result of cyber disruption is foreseeable, but is not yet a reality".

The Baltic and International Maritime Council (BIMCO), the world’s largest international shipping association, published guidelines on cyber security onboard ships in January 2016. BIMCO Secretary General Angus Frewsaid at the time that the aim of these guidelines was “to provide the shipping industry with clear and comprehensive information on cyber security risks to ships”. He added that they “should help companies take a risk-based approach to cyber security that is specific to their business and the ships they operate”.

Canada and the United States submitted a framework document for cyber risk management (CRM) to the IMO Facilitation Committee in January 2016. These “Guidelines on the facilitation aspects of protecting the maritime transport network from cyberthreats”, list five functional elements – identify, protect, detect, respond, recover – “which taken together can form the foundation of an effective CRM system”.

Cyber risk management guidelines rest on International Standards

A common thread to all these documents is that they show clearly that all the measures recommended to be taken to ensure better cyber security rest on a number of International Standards, many of which are developed by ISO/IEC JTC 1/SC 27: Security Techniques.

ISO/IEC JTC 1/SC 27 is a Subcommittee of ISO/IEC JTC 1, the Joint TC formed by the IEC and the International Organization for Standardization (ISO) to prepare International Standards for Information Technology.

The Guidelines submitted by Canada and the US to IMO list the following CRM-related Standards and Technical requirements (TR) developed by ISO/IEC JTC 1/SC 27:

ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements

ISO/IEC TR 27019:2013, Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry

ISO/IEC 27031:2011, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

ISO/IEC 27033-3: 2010, Information technology – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues

ISO/IEC 27039:2015, Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS)

The BIMCO Guidelines focus on “issues facing the shipping industry onboard ships” but gives the “ISO/IEC 27000 series of Information Security Management Systems (ISMS) standards” as an example of international standards and guidelines that “cover cyber security issues for shoreside operations.”

As for the JHC, its Cyber Risk Assessment Guidance background checks state that shipping companies should carry out “a thorough threat assessment, contemplating (…) the current level of compliance with international security standards (ISO/IEC 27001 / ISO/IEC 27002, NERC [North American Electric Reliability Corporation] 1300, ISA/IEC 62443). The IEC 62443 series of IS, TS and TR on Industrial communication networks/network and system security, is developed by IEC TC 65:  Industrial-process measurement, control and automation.

Cyber incidents may not stay limited to cargo theft and smuggling for long

In recent years a number of cyber incidents focusing on cargo rather than vessels have been reported.

In June 2013 Belgian and Dutch police broke a drug smuggling ring after tracking down hackers who had penetrated shipping companies computers to follow the movement of containers loaded with drugs to let traffickers locate the right containers and remove them undetected.

Pirates have also been found to have hacked a shipping company’s computers to locate valuable cargo, according to findings published in a data breach investigation report by Verizon. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate – and that crate only – and then depart the vessel without further incident,” the report notes.

So far no major shipping disaster has resulted from cyber attacks. However, the industry considers this to be a possibility, as previously mentioned reports indicate. Insurers also worry about the possibility of a shipping disaster resulting from a cyber incident. In its 2015 Safety and Shipping Review, Allianz Global Corporate & Specialty notes that “A cyber-attack could result in a total loss, leading to substantial insurance claims for hull, cargo and protection & indemnity underwriters. It could even involve multiple vessels from the same company”.

Allianz says that the cost of a maritime disaster involving two megaships could reach USD 2 billion.

The trend towards increased automation and ongoing work on the introduction of remotely operated unmanned vessels, may see cyber incidents on shipping assets increase in the future.

Reports and recommendations from the IMO and the maritime sector organizations show that the cyberthreats are being taken seriously; these reports also show that International Standards developed by the IEC on its own or within ISO/IEC JTC 1 are seen as central to protecting shipping against these threats.

 

 

 

 

 

 

 

 

Enabling sustainable and smart cities for improved quality of life

IEC, ISO and ITU host international forum to tackle pain points that limit Smart Cities’ development

Geneva, Switzerland, 2016-07-14 – Smart Cities promise improved quality of life for the world’s estimated 3.9 billion urban dwellers(1), while at the same time allowing better, more efficient use of resources and improved security. However many barriers limit Smart City development. Key pain points that inhibit Smart Cities have been under the spotlight at the first World Smart City Forum, held in Singapore on 13 July 2016.

The Forum was organized by the IEC (International Electrotechnical Commission), in partnership with ISO (International Organization for Standardization) and ITU (International Telecommunication Union). These three organizations publish International Standards that provide technical tools to enable the integration of city services and technologies.

The World Smart City Forum recognized that cities battle with pain points like the sustainable supply of energy or water, or the elimination of the gridlock and related pollution caused by congested transport networks.

City leaders and international experts shared insights into how major efficiency gains can be made by horizontally interconnecting individual systems such as energy, water, sanitation and waste management, transportation, and security.

However, as the Forum heard, on the operational level many of the systems used in today’s cities are from different suppliers and maintained by different agencies who sometimes work in isolation. To connect them both physically and virtually, standardized interfaces need to be put in place, and this is where IEC, ISO and ITU have a global leadership role.

Now more than ever before, many different organizations and entities need to collaborate to help make cities smarter. Meeting the challenges of technology integration will demand broad cooperation via a systems approach. For city planners, utilities and service providers, International Standards are essential enablers, assuring an expected performance level and compatibility between technologies.

Says Frans Vreeswijk, IEC General Secretary and CEO: “Energy is the golden thread that allows cities and economies to prosper. We know that almost 70% of all energy produced globally is consumed by cities and that by 2050, an estimated 66% of the world’s population will live in urban areas. City authorities will face unprecedented challenges of satisfying their citizens’ basic needs while increasing their sustainability. IEC is committed to helping cities reach their Smart City objectives faster, more efficiently and with better outcomes. Moreover we welcome active, ongoing participation in our Smart City work.”

On 15 July the IEC System Committee (SyC) on Smart Cities will be launched, with representatives from more than 20 countries convening in Singapore. This new Systems Committee will foster the development of International Standards in the field of electrotechnology to help with the integration, interoperability and effectiveness of city systems.

Says Kevin McKinley, Acting ISO Secretary-General: "International Standards are the foundation for building smarter, more sustainable urban environments. They help systems and products work together, and spread new ideas, technology and efficiency. For example, ISO's work on city indicators helps cities identify the areas they need to improve on, and the recently published standard on sustainable development in communities will help communities themselves own and drive their future. In addition, ISO has many standards on water, transportation, construction and many other sectors will help cities address the diverse challenges they face."

Says Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau: “The information and communication technology (ICT) sector has gained a diverse range of new stakeholders in recent years, and we see ample evidence of this in the Smart City arena. The World Smart City Forum in Singapore offered valuable input to ITU’s standardization work, contributing to our ongoing efforts to ensure that ICT standardization speaks to the needs of the many public and private-sector actors deploying ICTs as enabling technologies to meet smart-city objectives.”

Says Tan Kok Yam, Head of the Smart Nation Programme Office, Prime Minister’s Office, Singapore: “Collaboration is key in a complex world where digital technology offers so much potential, and at the same time, comes with many challenges. Governments and businesses need to work closely to address the challenges of sustainability, transport, housing and healthcare, among others. Standards that enable inter-operability increase mutual trust, and strengthen systems resilience and cybersecurity are critical key enablers to the open creative environment that we seek.

About the World Smart City Forum, 13 July 2016, Singapore #worldsmartcity2016

The World Smart City Forum was held on Wednesday, 13 July 2016 at the Sands Expo and Convention Centre, Marina Bay Sands in Singapore, co-located with the World Cities Summit and Singapore International Water Week.

More than 400 city planners, city leaders, architects, utilities, transport planners, safety/security/data specialists, standardization specialists and industry representatives joined the event. The Forum was supported by many important city organizations and international, regional and national standards bodies. World experts addressed key pain points that hinder Smart City development during World Smart City Forum and live-stream in Singapore on 13 July 2016. Programme available here.

About the World Smart City community www.worldsmartcity.org

The online community gathers relevant city stakeholders globally and engages them in value-add discussions and high-level networking. The aim is to crystalize pain points, break down barriers and encourage communication to support faster Smart City development activities.

In addition to high-level VIPs, the community is attracting professionals such as city planners, architects, consultants, utilities, transport planners, safety/security/data specialists, standardization specialists, and solution providers. You can join the community here.

1. United Nations, Department of Economic and Social Affairs, Population Division (2015). World Urbanization Prospects: The 2014 Revision, (ST/ESA/SER.A/366). https://esa.un.org/unpd/wup/Publications/Files/WUP2014-Report.pdf

 

Enabling sustainable and smart cities for improved quality of life

IEC, ISO and ITU host international forum to tackle pain points that limit Smart Cities’ development

Geneva, Switzerland, 2016-07-14 – Smart Cities promise improved quality of life for the world’s estimated 3.9 billion urban dwellers(1), while at the same time allowing better, more efficient use of resources and improved security. However many barriers limit Smart City development. Key pain points that inhibit Smart Cities have been under the spotlight at the first World Smart City Forum, held in Singapore on 13 July 2016.

The Forum was organized by the IEC (International Electrotechnical Commission), in partnership with ISO (International Organization for Standardization) and ITU (International Telecommunication Union). These three organizations publish International Standards that provide technical tools to enable the integration of city services and technologies.

The World Smart City Forum recognized that cities battle with pain points like the sustainable supply of energy or water, or the elimination of the gridlock and related pollution caused by congested transport networks.

City leaders and international experts shared insights into how major efficiency gains can be made by horizontally interconnecting individual systems such as energy, water, sanitation and waste management, transportation, and security.

However, as the Forum heard, on the operational level many of the systems used in today’s cities are from different suppliers and maintained by different agencies who sometimes work in isolation. To connect them both physically and virtually, standardized interfaces need to be put in place, and this is where IEC, ISO and ITU have a global leadership role.

Now more than ever before, many different organizations and entities need to collaborate to help make cities smarter. Meeting the challenges of technology integration will demand broad cooperation via a systems approach. For city planners, utilities and service providers, International Standards are essential enablers, assuring an expected performance level and compatibility between technologies.

Says Frans Vreeswijk, IEC General Secretary and CEO: “Energy is the golden thread that allows cities and economies to prosper. We know that almost 70% of all energy produced globally is consumed by cities and that by 2050, an estimated 66% of the world’s population will live in urban areas. City authorities will face unprecedented challenges of satisfying their citizens’ basic needs while increasing their sustainability. IEC is committed to helping cities reach their Smart City objectives faster, more efficiently and with better outcomes. Moreover we welcome active, ongoing participation in our Smart City work.”

On 15 July the IEC System Committee (SyC) on Smart Cities will be launched, with representatives from more than 20 countries convening in Singapore. This new Systems Committee will foster the development of International Standards in the field of electrotechnology to help with the integration, interoperability and effectiveness of city systems.

Says Kevin McKinley, Acting ISO Secretary-General: "International Standards are the foundation for building smarter, more sustainable urban environments. They help systems and products work together, and spread new ideas, technology and efficiency. For example, ISO's work on city indicators helps cities identify the areas they need to improve on, and the recently published standard on sustainable development in communities will help communities themselves own and drive their future. In addition, ISO has many standards on water, transportation, construction and many other sectors will help cities address the diverse challenges they face."

Says Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau: “The information and communication technology (ICT) sector has gained a diverse range of new stakeholders in recent years, and we see ample evidence of this in the Smart City arena. The World Smart City Forum in Singapore offered valuable input to ITU’s standardization work, contributing to our ongoing efforts to ensure that ICT standardization speaks to the needs of the many public and private-sector actors deploying ICTs as enabling technologies to meet smart-city objectives.”

Says Tan Kok Yam, Head of the Smart Nation Programme Office, Prime Minister’s Office, Singapore: “Collaboration is key in a complex world where digital technology offers so much potential, and at the same time, comes with many challenges. Governments and businesses need to work closely to address the challenges of sustainability, transport, housing and healthcare, among others. Standards that enable inter-operability increase mutual trust, and strengthen systems resilience and cybersecurity are critical key enablers to the open creative environment that we seek.

About the World Smart City Forum, 13 July 2016, Singapore #worldsmartcity2016

The World Smart City Forum was held on Wednesday, 13 July 2016 at the Sands Expo and Convention Centre, Marina Bay Sands in Singapore, co-located with the World Cities Summit and Singapore International Water Week.

More than 400 city planners, city leaders, architects, utilities, transport planners, safety/security/data specialists, standardization specialists and industry representatives joined the event. The Forum was supported by many important city organizations and international, regional and national standards bodies. World experts addressed key pain points that hinder Smart City development during World Smart City Forum and live-stream in Singapore on 13 July 2016. Programme available here.

About the World Smart City community www.worldsmartcity.org

The online community gathers relevant city stakeholders globally and engages them in value-add discussions and high-level networking. The aim is to crystalize pain points, break down barriers and encourage communication to support faster Smart City development activities.

In addition to high-level VIPs, the community is attracting professionals such as city planners, architects, consultants, utilities, transport planners, safety/security/data specialists, standardization specialists, and solution providers. You can join the community here.

1. United Nations, Department of Economic and Social Affairs, Population Division (2015). World Urbanization Prospects: The 2014 Revision, (ST/ESA/SER.A/366). https://esa.un.org/unpd/wup/Publications/Files/WUP2014-Report.pdf

New ISO technical specification fuels hydrogen future

Imagine in the future, driving your hydrogen car and gassing it up at a hydrogen fuelling station. Sounds pretty futuristic, doesn't it? But, it's not as far-fetched as we think. ISO is working today to fuel hydrogen technologies into a booming industry.

The roll-out of technical specification ISO/TS 19880-1:2016 serves as an important guideline on safety and performance for hydrogen fuelling stations and will contribute to their worldwide deployment.

Aside from the actual vehicle technology, the creation of a fuelling station network is essential to the market development of these new vehicles. Fuel cell electric vehicles (FCEVs) can be refuelled in as little as 3-5 minutes at a hydrogen refuelling station, offering refuelling times similar to those of conventional petrol or diesel cars. At the moment, however, there are just a limited number of hydrogen refuelling stations with this capability.

Designed by hydrogen suppliers, hydrogen organizations, local and national governments and automakers from North America, Europe and Asia, ISO/TS 19880-1:2016 is the first step towards standardizing hydrogen filling stations and creating a hydrogen infrastructure. It covers the processes from hydrogen production and delivery to compression, storage and fuelling of a hydrogen vehicle.

The new technical specification is particularly important for the roll out of hydrogen stations in Europe per the EU Alternative Fuels Infrastructure Directive. There are plans to build several hundred hydrogen fuelling stations in Europe by 2020, in addition to similar plans in Japan and the USA.

ISO/TS 19880-1 provides technical guidance to ensure general safety and performance of a hydrogen fuelling station as well as for its key components and processes from on-site hydrogen production and delivery to compression, storage and fuelling of a hydrogen vehicle, including validation of the fuelling process and fuel quality control at the station. It aims to achieving the level of safety at a minimum on par with conventional fuelling stations. It uses risk-informed and evidence-based approach to guide its requirements.

ISO/TS 19880-1:2016, Gaseous hydrogen – Fuelling stations – Part 1: General requirements, supersedes the earlier ISO/TS 20100:2008, and is part of a series of standards covering the critical components necessary for a fuelling station. Experts in ISO/TC 197 – the committee for hydrogen technology standards – are already working on the next step – the development of an International Standard, to be published in 2017.

ISO tackles early warning system for landslides

A landslide often causes high material damage with corresponding costs or even personal injury and death. Now, new work on early warning systems started by ISO will help warn populations in disaster prone areas of the risks and actions needed in the likelihood of a landslide.

The first-of-its-kind proposal, ISO/AWI 21499, Security and resilience – community-based landslide early warning system, will serve to empower individuals and communities who are vulnerable to landslides to act in sufficient time in appropriate ways to reduce the possibility of injuries, loss of life and damage to property and the environment. It is designed to encourage communities to play a much more active role in their own protection.

The guidelines will be used by communities vulnerable to landslide, government agencies and non-governmental organizations at central, provincial, municipality/district, sub-district, and village levels. Its recommendations will include the following:
•Risk assessment
•Dissemination and communication
•Establishment of disaster preparedness and response team
•Development of evacuation route and map
•Development of standard operating procedures
•Monitoring, early warning, and evacuation drill
•Commitment of the local government and community on the operation and maintenance of the whole system

The implementation of early warning systems in the world is in line with the Sendai Framework for action, endorsed by the UN General Assembly following the 2015 Third UN World Conference on Disaster Risk Reduction (WCDRR). One of the four priorities emphasizes the improvement of preparedness in order to respond effectively to a disaster, by implementing a simple, low-cost early warning system and improving the dissemination of information.

The future standard will be developed by ISO/TC 292, Security and resilience. Forty-three countries participate in the committee’s work, under Swedish (SIS) leadership, with another 14 as observers.

For more information: ISO/TC 292 home page