ClassNK Consulting Service Co., Ltd. (NKCS) has launched the service to support ship management companies in complying with ISM requirements for cyber security.

Regarding IMO Resolution MSC.428(98), which recommends that a safety management system should take into account cyber risk management in accordance with the ISM Code requirements, the number of flag states making it compulsory from 2021 is increasing.

In particular, the U.S. Coast Guard (USCG) has announced that it will make this recommendation mandatory for U.S. flagged vessels and foreign flagged vessels that call on ports in the U.S. However, detailed information is not always enough at present, and NKCS is aware that many shipping companies are struggling with the specifics of how to handle this issue.

In response to this situation, NKCS has launched the service to incorporate cyber risk management into an existing SMS manual as its support for ship management companies in complying with ISM requirements for cyber security.

Based on a systematic and comprehensive approach to the cyber risks that may occur onboard and the recommended elements (Identify,…

Read More…

Key Points:

• The business promise of 5G networks can only be realized if they are secure, despite new cyber risks on a vastly expanded attack surface.
• Congress recently passed an Internet of Things security bill, showing bipartisan support for 5G security policy.
• The incoming administration and Congress could accelerate a 5G national security strategy in 2021.

U.S. government and industry have been setting the stage for 5G technology to achieve its full potential in America and launch the next wave of digital business transformation. But only if the 5G network is secure will it deliver on its business promise of quantum leaps in productivity, innovation and cost reduction.

A new 5G security report from AT&T addressed this challenge directly: ‘Many scenarios will broaden connections among humans and machines more quickly and efficiently but also bring advanced attacks that can take down businesses,…

Read More…

Cybersecurity is becoming increasingly crucial for businesses in every sector, and it is especially vital for small- to medium-sized organizations. Cyberattacks continue to become a major problem in the United States and the rest of the globe, often times resulting in customer information being stolen.

Because of this increased risk, cybersecurity certifications are an important tool to prepare against the attacks. The high demand for cybersecurity skills means a top cybersecurity certification will boost one’s resumé.

With so many cybersecurity certifications to choose from, let’s take a look at the top ones on the market:

The Certified Ethical Hacker (CEH) course was developed in order to get you thinking like a hacker, which is crucial to stop one.

The class covers various topics and tools such as hacking technologies that are used against cloud computing technology, mobile platforms and operating systems. It also covers the latest malware and viruses, as well as information security laws and standards.

One of the fundamental aspects of the course is real-time scenarios, where you are exposed to various ways in which hackers breach networks and steal information. You will…

Read More…

Unit exits stealth mode

Israeli Fintech startup Unit emerges from stealth mode announcing both Seed and Series A funding rounds, totaling $18.6 million. The startup, which develops a financial services platform for enterprises, had both investments led by TLV Partners ($3.6 million Seed round) and Aleph ($15 million Series A). The rounds also saw participation from Better Tomorrow Ventures, Flourish Ventures, OperatorVC, and 30 Angels from the Fintech sphere.

Implement financial tools at core

Unit develops a platform that helps organizations create financial features in their existing products. For example linking bank accounts, payments, loans, and more. Unit claims that by utilizing its service, clients can provide their users custom financial services integrated into their core technologies.

The system is implemented into the organizational infrastructure, and it takes care of the tedious and complicated negotiation process with banks, as well as helping meet bureaucratic regulations. The company was founded by CEO Itai Damti and CTO Doron Somech, who previously founded Leverate in 2008. Unit’s system is currently available in the U.S., with the new…

Read More…

A&B Abstract: The Conference of State Bank Supervisors (“CSBS”) proposed regulatory prudential standards (the “Standards”) to develop a consistent regulatory structure of nonbank mortgage servicers.  Comments on all aspects of the Standards are encouraged by December 31, 2020.

Background:

Since the financial crisis, the rapid growth of mortgage bank mortgage servicers has led regulators to call for the enhanced oversight of such entities.  The Financial Stability Oversight Council (charged under the Dodd-Frank Act with identifying risk to the stability of the U.S. markets) recommended in its 2014 and 2019 annual reports that state regulators work collaboratively to develop prudential and corporate governance standards. Earlier this year, the Federal Housing Finance Agency (FHFA) proposed new financial eligibility requirement for nonbank servicers doing business with Fannie Mae and Freddie Mac.

In 2015, state regulators working through the Mortgage Servicing Rights Task Force proposed baseline and enhanced prudential regulatory standards (including capital and net worth requirements) for nonbank mortgage servicers.  Although those standards were not finalized,…

Read More…

Ships sailing in US waters could be detained if they are found not to be complying with the IMO’s cyber risk management guidelines.

The guidance to inspectors on how to enforce the guidelines, which come into effect in January, states that serious deficiencies will require fixing and an external audit carried out within 90 days, or risk detention. Minor deficiencies will need an internal audit within 90 days and the deficiencies to be fixed prior to departure.

Robert Dorey, CEO of cyber risk management and insurance company, Astaara, said the USCG’s position is a stark warning to shipowners that non-compliance is not an option.

‘The US Coast Guard have fired the first salvo and have put operators of foreign flagged vessels on clear notice that if they arrive in a US port without the required cyber security/hygiene, they risk being impounded, or at the very least being required to undertake rapid remediation,’ he said.

‘There are indications in the document that cyber security will start to be regarded as a fundamental enabler for seaworthiness. It is also clear…

Read More…

Read More…

United States:

Cybersecurity In A Digital Age – “The Only Truly Secure System Is One That Is Powered Off”

27 November 2020

Milbank LLP

To print this article, all you need is to be registered or login on Mondaq.com.

Read More…

NIST Special Publication (SP) 800-53 offers regulatory guidelines and controls for federal information systems except those relating to national security. This catalog of security and privacy controls has been used and adopted by a range of organizations both apart of the federal government and beyond due to the comprehensive nature of the control set.

Back in 2017, NIST released the first public draft of SP 800-53 Revision 5. In September of 2020, NIST released the official version of Rev 5, following what NIST describes as “a multi-year effort to develop the next generation of security and privacy controls needed to strengthen and support the Federal Government and every sector of critical infrastructure,” and with it has come a monumental sweep of changes for federal agencies and non-governmental organizations alike to use in an effort to protect the critical systems, components, and services that defend the United States.

Many of the major changes in NIST Special Publication 800-53 include, but are not limited to…

Controls for information systems and security controls are integrated into a seamless catalog for information systems and organizations. Privacy elements are…

Read More…

“If you spend more on coffee than on IT security, you’ll be hacked. What’s more, you deserve to be hacked.” – Richard A. Clarke, American Advisor.

Cybersecurity is a key enterprise-wide concern for organizations. Whether you’re a small organization with 2-100 employees or a corporate giant with more than 10,000 employees, if you’re dealing with data, you’re always at the risk of a cyber-attack.

Look at some of the astounding cyber-security statistics¹:

• • • • Data breaches exposed 4.1 billion records in the first half of the year 2019.
      • Security breaches have increased by 11% since 2018.
      • The average time to identify a breach was 206 days in 2019.
      • The average cost of a data breach is $3.92 million as of 2019.

Coupled with digital transformation and increasing cloud migration, the cyber-risk of companies has increased. As businesses and individuals expose themselves to digital ecosystems, they need to equally pay attention to control their risk of falling prey to a cyber-attack.

And, amidst the coronavirus pandemic, these cyber crimes have increased by 600%. There has also been an increase in phishing emails and coronavirus scams.

As cyber-criminals become…

Read More…