Australia: Maritime cyber risk management forum
Last Updated: 18 June 2019


June 25, 2019 | 08:15 - 19:30 GMT | London


08.15 Registration

08.50 Welcome address from the conference chairmen

Philip Roche, Partner, Norton Rose Fulbright
Edwin Lampert, Head of Content, Riviera Maritime Media

09.00Keynote: Maritime and Cybersecurity coordination

  • Specificities of the maritime domain – the French cross sectorial approach.
  • Similarities between digital and maritime approaches.
  • Global maritime cyber coordination – avoid the fear to share.

Bruno Bender, Maritime Cybersecurity coordinator, Secretary for the Sea - France

Session one: Regulations, compliance and risk

This session provides up to date information on legal, regulatory and liability considerations and gives you the tools you need to build and develop an effective risk management strategy.

Session Chairman:Edwin Lampert, Head of Content, Riviera Maritime Media

09.15 Legal and regulatory compliance in the cyber incident response context

  • Positive obligations under GDPR and how to comply with them in the cyber incident context.
  • Other obligations which may be of relevance, including NIS.
  • Going beyond "mere compliance" – how best to respond to cyber incidents in a way which mitigates.
  • the risk of losses and liabilities more generally?

Steven Hadwin, Head of Operations – Risk Advisory and Cyber Security, Norton Rose Fulbright

09.35 Cyber risk management - the guidelines on cyber security onboard ships

  • Identifying roles and responsibilities.
  • Identifying systems, assets, data and capabilities that pose risks to ship operations when disrupted.
  • Protect, detect, respond and recover: implementing risk control measures and contingency plans to provide resilience and restore systems vital for ship operations impacted by a cyber incident.

Michael Hawthorne, CEO, Cobweb Cyber

09.55 Insurance cover for liability and property damage arising from a cyber incident

  • Distinguish between the different aspects of the term "cyber".
  • Ensure that you are acting with reasonable care in your approach to managing cyber risk.
  • Exclusion clauses - What losses are and aren't covered by Norwegian Hull Club, which could arise from a cyber incident, and are not in the nature of third-party liabilities arising from the operation of the ship?

Leif Olav Sætenes, Senior Claim Handler, Norwegian Hull Club
Morten Aalén, Head of Loss Prevention and Emergency Response, Norwegian Hull Club

10.15 Q&As

10.35 Coffee and networking break

Session two: A view from shipowners and ship operators

As there still seems to be an attitude of 'it won't happen to me', how many shipping companies have understood the risks that satellite and onboard equipment bring? These case study presentations allow you to understand what ship owners are doing and not doing. How are they trying to cope, and which measures are they taking?

Session Chairman: Philip Roche, Partner, Norton Rose Fulbright

11.15 Vendor Risk Management: Overcoming Today's Most Common Security and Privacy Challenges

Managing third-party vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more. In this session, we'll breakdown a six-step approach for automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.

  • Review the drivers and challenges organizations face when managing third-party vendor risk
  • Identify priorities before, during and after vendor procurement
  • Takeaway a six-step approach for automating the third-party vendor risk lifecycle
  • Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk

Jacob Eborn, Privacy Consultant, OneTrust EMEA

11.35 Implementing the lessons learned from a major cyber attack

In June 2017 Maersk suffered a major NotPetya cyber-attack, this session explains lessons learned, and how they are now being applied within Maersk.

  • How the Cyber-attack happened?
  • How was it dealt with and what steps were taken?
  • What were the consequences?
  • What were the cost implications?
  • What was the follow up to the cyber threat? Contingency plan.

Andy Powell, CISO, A.P Moller – Maersk

11.55 Cyber lessons learned from Industrial Control Systems - What can the maritime industry learn from the ICS

  • What changes have happened in the post-Stuxnet era ICS world and the what challenges control system asset owners are facing?
  • What kind of approaches are the advanced manufacturing companies using in protecting their critical control systems?
  • What are the main challenges we still face nearly 10 years after Stuxnet?
  • How can maritime industry best utilise the ground work laid by the ICS community? ICS standards, frameworks and best practices applicable to the maritime industry.

Janne Taponen, Maritime Cyber Security Expert, F-Secure

12.15 Q&As

Session three: Cybersecurity incident simulation

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

12.35 What is the magnitude of cyber risk?

Based on a cyber-attack scenario, you will be able to discuss the possible outcomes and solutions and highlight the complexity of the maritime cyber security sector. This will give you the opportunity to verify your own ideas and plans

  • The problem is now, but what is the real magnitude of cyber risk?
  • Business security challenges to the exponential growth of the IoT. Are you on the verge of being attacked?
  • How do we convince the main boards of shipping companies to take cyber risks seriously?
  • Find the right balance and allocate a budget to reduce risk exposure and implement it.

Kieren Nicolas Lovell, Incident Management Specialist, Tallinn University of Technology
Jack Lienert, mentor, CyberNorth, Startup Wise Guys and Simulation Centre Member, Estonian Maritime Academy
Elisa Cassi, Product Manager, Lloyd's Register EMEA
Ken Munro, Consultant, Pen Test Partners
Merike Kaev, Data Protection Office, Swedbank Group Estonia

13.35 Networking lunch

Session four: Threats to cybersecurity in ports

This session will help ports and maritime operations understand and appraise the cyber security threats, balance digital opportunities with new cyber threats and raise cyber security to an acceptable level.

Session Chairman: Philip Roche, Partner, Norton Rose Fulbright

14.45 Innovative Risk and Security Management solutions for protecting European Ports and their Supply Chains

  • How can we enhance the security and resilience of the ports' critical infrastructures?
  • How can we help port operators anticipate and withstand potential cyber, physical or combined threats?
  • How can we effectively estimate risks in port supply chains?
  • Are there appropriate efficient and effective tools that provide risk and security management?

Prof Christos Douligeris, Department of informatics, University of Piraeus
Dr Spyros Papastergiou, Technical Manager, University of Piraeus Research Centre

15.05 Resilience planning - Maritime ports to up their game in cybersecurity

  • A solid cyber security plan is a must in any modern port. How ready are you?
  • Identifying actions for when a cyber event will occur.
  • Planning for protection against threats or categories of threats.
  • Creating a response plan that clarifies action and provides an incident response team.

Daniel Ng, CEO, Cyber Owl

15.25 Using AI for Real-Time Threat Detection across OT and IT

  • How to use artificial intelligence to detect emerging threats and latent vulnerabilities.
  • Achieving 100 per centvisibility across OT, IT and Industrial IoT.
  • Real-world case studies of stealthy cyber-threats identified early by cyber AI – before a crisis occurred.

Andrew Tsonchev, Director of Technology, Darktrace

15.45 Q&As

16.05 Coffee and networking break

Session five: How to prevent cyber-attacks from happening?

What should the industry do to reduce cyber risks? Should cyber security responsibilities be moved up a level and from IT to Operations? A change in approach to the problem needs to occur. Stakeholders are spreading the risk awareness beyond those who are ready and engaged to those who aren't to defeat the cyber threat.

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

16.45 Panel discussion: The weakest link: the role of human error in cybersecurity

  • The importance of crew awareness to achieve more integrated risk management.
  • What tools are available to train staff onboard and ashore?
  • What resources and capabilities do ship companies have?
  • Security through collaboration - Combining ideas and experiences, such as a global Cybercrime reporting portal, for the benefit of the maritime community.
  • What are your legal obligations as a shipowner?

Panellists include:

Kewal Rai, Policy Adviser for Cyber Security, Department for Transport
Philip Roche, Partner, Norton Rose Fulbright
Anu Khurmi, Director, The Maritime Cyber Emergency Response Team (MCERT), Templar Executives
Dr Rikke Bjerg Jensen, Information Security Group, Royal Holloway, University of London

17.10 Q&As

Session six: Riviera Maritime Media Cyber Security Hub

Session Chairman: Edwin Lampert, Head of Content, Riviera Maritime Media

Riviera Maritime Media Cyber Security Hub serves as an innovative start-up and pioneers' incubator, designed to help develop ideas and early stage projects by tapping into the knowledge, skills and connections of attendees. Riviera Maritime Media Cyber Security Hub is for people who care about cyber technology and risk, to get fresh ideas, identify new opportunities and expand business and professional networks.

17.20 Challenges in maritime incident response

Take the journey as we explore responding to a cyber incident in 2 hypothetical scenarios involving a vessel at sea and at a port.

  • How did the vessel get impacted? What actions can we take? Where do liabilities land?
  • What preparations can be taken?

Jason Dely, Director, ICS and Critical Infrastructure, Cylance
Steven Hadwin, Head of Operations – Risk Advisory and Cyber Security, Norton Rose Fulbright

17.40 The CIRM Cyber Risk Code of Practice for Providers of Marine Electronic Equipment and Services

CIRM will soon release a voluntary Code of Practice and associated Guidance to encourage implementation of cyber security best practice by CIRM member companies.

The Code of Practice is based on the principle that cyber risk management is a chain of trust where every participant is responsible for providing the elements needed to establish a complete chain of cyber security.

This presentation will introduce the six guiding principles for Vendors of Marine Electronic Equipment and Services to establish their role in the chain of trust for a secure digital maritime environment.

Philip Lane, Technical Officer, CIRM

18.00 Q&As

18.10 Closing remarks from the conference chairmen

Edwin Lampert, Head of Content, Riviera Maritime Media Philip Roche, Partner, Norton Rose Fulbright

*Programme subject to amendments/change

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Press Releases from this Firm
Recent Content from this Firm
By Helen Macpherson, Isobel Taylor
By Claire Forster, Rachel Murphy
By Sarah Ralph
By Elisa de Wit, Laura Jayne Waterford, Francis Meehan
By Kelly Davies, Paul Lingard, Brett Thornton
By Jon Ireland, Matthew Farnsworth, Cate Shirley
By Helen Macpherson, Harrison Ottaway
By Jon Ireland, Matthew Farnsworth, Georgia Wolff
Font Size:
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions