The maritime industry is bracing for a potential new cyber security regulatory regime as shipowners, shipyards, and terminal operators reassess their vulnerability to an attack such as the one that crippled the world’s biggest container ship operator.

As of 6 July, operations at Maersk were running “close to normal” after an outside virus infiltrated the Copenhagen-based company’s information technology (IT) systems on 27 June. The cyber attack, aimed at government agencies in Ukraine before spreading, caused disruptions worldwide at Maersk’s terminal operator subsidiary APM Terminals (APMT) and the liner carriers and alliances that feed into them.

Asked about any internal damage caused by the attack, a Maersk spokesman told Fairplay, “At present we do not have any indication or presumption that data [including personal data] have been leaked to or reviewed/accessed by any unauthorised third parties outside of the Maersk Group.”

Container ship operator Mediterranean Shipping Company (MSC), which along with Maersk forms the 2M liner network, confirmed on 3 July that its operations were running smoothly in the wake of the disruptions at APMT.

“With some of these terminals on shutdown last week, Maersk and MSC activated the necessary contingency plans,” MSC said in a statement. “Several vessels were diverted to other terminals to ensure that customers’ cargoes were not unduly delayed. MSC and Maersk have found alternative ways to transfer data for items such as load lists and bayplans, and this is not significantly affecting vessel [estimated times of arrival].”

Cyber security experts acting as liaisons between government and industry are convinced that the Maersk attack could be a watershed moment for shipping, and could place more urgency on maritime policy being considered on every level.

“This is going to expedite what the US Coast Guard [USCG] is doing, whether it’s policy, standards, or guidance, and will certainly underscore the importance and seriousness of what the federal government will expect of the private sector,” said Norma Krayem, a senior policy advisor at the law firm Holland & Knight who specialises in supply chain security.

“It’s not just about the commercial impact that a cyber attack has on a company like Maersk, but the larger national security and economic considerations that go with that,” she added.

Kate Belmont, a cyber security specialist at the law firm Blank Rome, went further. “This event could definitely lead to regulatory initiatives, both in the United States and abroad,” she said. “It was only a matter of time before [the maritime industry] ended up on the front page.”

Shipping had gotten serious about cyber security before Maersk made headlines. The USCG published a cyber security strategy in 2015 that included voluntary guidelines to address cyber incidents. In early 2016, a consortium of cargo vessel groups that included BIMCO, INTERCARGO, and INTERTANKO published industry-backed guidelines addressing cyber incidents on board ships.

Regulators paid greater attention to cyber security risks this year when the USCG issued a policy letter underscoring requirements within the US Maritime Transportation Security Act that obligate vessel and facility operators to report “without delay” suspicious cyber activity and security breaches to the USCG National Response Center.

The guidance gives owners and operators the option of reporting to the National Cybersecurity and Communications Integration Center, the federal government’s clearing house for cyber incidents across all industry sectors, depending on the nature of the threat.

In November 2016, the Maritime Safety Committee (MSC), a discussion group within the International Maritime Organization, agreed to delay a decision on whether to make interim cyber security guidelines mandatory.

That decision was approved in June at MSC 98, when the committee also adopted a resolution encouraging flag states to address cyber risks in vessel safety management systems “no later than the first annual verification of the company’s Document of Compliance” after 1 January 2021.

Class societies, which help the industry comply with regulations on the books, have also been affected by escalating cyber risks.

“The focus on cyber safety is increasing, and that is changing the expectations [the] industry has for classification services,” said ABS president Christopher Wiernicki earlier this year.

The Houston, Texas-based ABS society was the first class society to offer a notation that can be used to help evaluate a vessel’s exposure to cyber risk.

Container operator Hapag-Lloyd considers cyber attacks a “permanent challenge” for the industry.

“We have already faced several attempts to hack our systems – but so far we have been able to successfully fight them,” Hapag-Lloyd spokesman Nils Haupt told Fairplay.

He noted that Hapag-Lloyd has an action plan in the case of a breach, with “sophisticated and progressive systems in place, and that our set up is pretty good”, although he declined to disclose details.

He revealed, however, that “if [cargo] bookings were suspended for 24 hours, we would need [an additional] maximum 24 hours to clear the backlog.”

In a cyber security survey conducted by Fairplay and BIMCO (see chart below) last year, 21% of respondents revealed they had been a victim of a cyber attack. So far, however, the cyber regulatory regime in place, aimed at reducing the risks of such an attack, has been based on voluntary guidelines and recommendations. Big vessel operators think it should stay that way.

“The nature of the beast is such that you can’t come up with a one-size-fits-all regulation,” World Shipping Council president John Butler told Fairplay – Butler’s members represent over 90% of the world’s container ship capacity.

“Everyone has different systems, different vulnerabilities, and different protections built in. It’s really a process of getting appropriately trained people in place to analyse the vulnerabilities of the systems and take measures to button them up,” said Butler.

His assessment of what regulators might be up against in trying to make cyber guidelines and policy mandatory is underscored in the details of the IT breach against Maersk.

The attack, originally reported as a type of ransomware, was later identified as the ‘NotPetya’ virus, which simulates ransomware but is in fact “destructive wiper malware disguised as ransomware”, according to EC-Council, the world’s largest cyber security technical certification body.

Lars Jensen, CEO of security firm Cyber Keel, explained that the NotPetya virus essentially overwrites the master boot record. That means that the infected computers and systems will not be able to start, and therefore the user will not be able to access files, with re-installing data from scratch the only remedy.

“There is no way to protect [yourself] from such an attack,” said Jensen. What you have to do is “design and configure your systems to prevent the virus from spreading. If Maersk had applied the appropriate patches and configured their systems correctly, the virus should not have spread.”

Jensen emphasised, however, that Maersk should not be blamed for being penetrated in the first place because penetration is inevitable. The question is how well the company is equipped to deal with such a breach, he said.

Although Maersk’s ships were not directly affected by the latest cyber attack, the increasing connectivity of vessels to the internet, and the likely evolution of maritime autonomous surface ships, is increasing the risk of attacks on vessels – thus further complicating the breach scenarios that must be considered by regulators.

Tipping the scale, however – at least in the United States – could be laws passed by the US Congress and signed into law by President Donald Trump, who has made cyber security within the maritime sector a priority.

Congress passed a trillion-dollar government spending bill signed by Trump on 5 May that includes a provision requiring the US Department of Homeland Security (DHS), along with the US Director of National Intelligence, to submit a report on cyber security threats against US maritime shipping, including “entities conducting significant operations” at ports.

The provision requires that the USCG provide a status report on efforts “to include cyber security concerns in the National Response Framework, Emergency Support Functions, or both, relating to the shipping or ports of the United States”.

A week later, Trump signed an executive order directing agency chiefs to provide a risk management report to the secretary of the DHS and the director of the Office of Management and Budget within 90 days, including the amount of money requested to carry out mitigation measures.

A solution that could reduce the need for formal regulations is solving the problem from the ground up.

O Kitamura, a naval architect and engineering manager at Japan shipbuilder Mitsubishi Heavy Industries, as well as a member of the Active Shipbuilding Experts’ Federation (ASEF), said it would be impractical for the thousands of shipyards to have proprietary cyber security teams.

However, with the key International Association of Classification Societies (IACS) members developing their own cyber security systems and protocols, yards can liaise with classes to form a more comprehensive system. IACS’ joint independent working group (JWG) on cyber security first met around 18 months ago, and is now working on defining the risks involved.

“Identifying a unified risk is not possible, so the group must consider how to design, equip, and verify a system,” said Kitamura. He added that the JWG is still at the conceptual stage of development and so its systems are not verified.

Dave Iwamoto, ASEF council member and a member of Japan Marine United’s planning department, told Fairplay that shipyards are not experts on cyber security technology. “Cyber security is not so simple,” he explained. “It goes back to ship design and integrating the systems at the time of the ship’s design … we need to see how we can benefit from a system integrator’s view.”

ASEF wants to be a part of a broader, more long-term solution to the problem of maritime cyber security. That goal is certainly considered to be essential by Jensen, whose company conducted a survey in 2014 following the ‘Heartbleed’ and ‘Poodle’ data encryption cyber attacks using a sample of ports and shipping lines.

The results, as was the case with the Fairplay survey, were sobering: 70% of the sample had not used the patches to protect their systems.

“Following the Maersk attack, we repeated the survey and found that after two-and-a-half years, 10% of lines and 20% of ports had still not applied the patch protection against Heartbleed and Poodle. Moreover, 44% of the top 50 lines displayed weaknesses in their cyber security,” Jensen asserted.

As a result, Jensen concluded, “There were areas where Maersk’s contingency could be improved, but Maersk is one of the few [maritime] companies that is assigning resources to the problem.”

He said that it should serve as a warning to vessel operators that are less equipped to deal with a cyber breach on what could be awaiting them. 

Denmark’s state prosecutor charged the former manager of OW Bunker’s Singapore subsidiary with fraud on Thursday but cleared the Danish management of the failed marine fuel oil supplier of any criminal wrongdoing.

OW Bunker filed for bankruptcy in Denmark in November 2014 after losses at its Singapore business Dynamic Oil Trading, a marked change of fortunes for a firm valued at $1 billion when it listed in March that year.

The prosecutor said the former manager, a Danish citizen, has been charged with committing fraud of agent by granting credit outside his mandate worth more than 800 million Danish crowns ($123 million).

The prosecutor did not wish to name the defendant but said no reporting restrictions had been imposed.

The former head of Dynamic Oil Trading was Lars Moller. His lawyer, Arvid Andersen, could not immediately be reached by Reuters on Thursday for comment.

Andersen told Danish publication Shippingwatch on Thursday that there had been no criminal activity, reiterating what he has previously told Reuters.

The prosecutor said it had not found any legal grounds for the criminal prosecution of other members of management within the OW Bunker group.

“In Singapore, this manager of the subsidiary has single-handed committed these credit exaggerations,” state prosecutor for serious economic and international crime, Niels Vejlby Hansen, told Reuters.

“There had been several suspects in the mother company but our investigation shows that this has happened in the subsidiary,” he said.

The bankruptcy of OW Bunker sent shockwaves through the global shipping industry and left investors and business partners scrambling to cover their losses.

Hansen said claims for damages could be put forward as part of the trial though the judge could reject claims if they became “too complicated” and instead refer the matter to a civil court.

A group of 26 institutional investors, including two of the largest pension funds in Denmark, ATP and PFA, is also waging a legal campaign against the former management of OW Bunker for allegedly misleading them in its 2014 initial public offering.

One PFA executive said he did not think Thursday’s decisions by the state prosecutor affected their legal battle.

“I don’t think it weakens our case, if he is sentenced or imprisoned. On the contrary, we think there is a civil responsibility, and that is what we’re pursuing in regard to the board,” said Rasmus Bessing, chief operating officer at PFA Asset Management.

Source: Reuters (Reporting by Stine Jacobsen and Jacob Gronholt-Pedersen; editing by David Clarke)

Denmark is upping the stakes in the battle against sulphur polluters at sea with the adoption of new helicopter-mounted sniffer technology.

The Danish Environmental Protection Agency (EPA) has contracted domestic startup Explicit to monitor compliance from passing ships. The monitoring will start from July 2017 and will be conducted from the air by sampling exhaust plumes from vessels in waters around the Danish coast. The Danish EPA said the objective is to “detect and deter” violations of the 0.10% ECA restriction on sulphur in the bunker fuel.

The new “Mini Sniffer System” is said to be capable of measuring both sulphur and NOX emissions to determine compliance, yet is small enough to be carried on a drone. Initially however, the technology will be deployed on a manned helicopter, but with the prospect of phasing in drones as a supplement in the future.

“Our approach is very different from what has been attempted so far,” explains Explicit chief executive Jon Knudsen. “Firstly, we only use rotary platforms because of their ability to maneuver in the plume. Combined with our smart flight software we can guide the pilot on the real-time sensor feedback to optimize the position for sampling. This is important because plumes aren’t clearly visible. Not even on infrared or in case of high emitting ships, so you need navigational support.”

Knudesn, who is a software developer and chemical engineer, says Explicit has also been able to miniaturize the sniffer unit itself to about 500g, making it easy to carry. “Last but not least, we have developed a set of advanced algorithms enabling us to calculate the sulphur content and NOX emissions to reliably determine compliance,” he adds.

The performance and uncertainties of the new system are said to have been validated independently by FORCE Technology, the Danish Government Reference Lab for Air Emissions.

Explicit describes itself as an experienced technology company specialising in affordable systems for sensor data acquisition, monitoring and administration.

In May 2017 Danish authorities fined an unnamed foreign shipowner DKK 375,000 ($57,886) for using high-sulphur fuel within its waters.

The fine was issued by the North Jutland Police on the basis of a notification from the Danish EPA as part of the sulfur surveillance and is one of the first fines – and the largest so far issued in this type of case in Denmark.

Although the IMO MEPC has recently agreed to delay the deadline for some vessels to retrofit ballast water treatment systems, certain requirements of the Ballast Water Management Convention must still be complied with by 8 September 2017.

On 7 July 2017, at its 71th session, the IMO Marine Environmental Protection Committee (MEPC) approved draft amendments to regulation B-3 of the Ballast Water Management (BWM) Convention, setting out new deadlines for compliance with the D-2 discharge standard, i.e. the date by which ballast water treatment systems must be installed. The amendments are effectively adding two years to the global installation process, thus giving many vessel owners more time to comply while at the same time allowing new treatment systems, approved under the IMO’s revised G8 guidelines on testing and type approval, to become available on the market.

But – the BWM Convention introduces two standards for the handling of discharged ballast water: the D-1 standard covering ballast water exchange and D-2 covering ballast water treatment, and requires compliance with either the D-1 or the D-2 standard on or after 8 September 2017. There will be a transitional period from this date when only compliance with the D-1 standard is required, until compliance with the D-2 standard becomes mandatory. It is therefore important to keep in mind that, despite the IMOs recent agreement to delay the deadline for some vessels to retrofit a treatment system, the deadline for vessels to comply with the D-1 standard on ballast water exchange is non-negotiable, as are the Convention’s requirements covering BWM documentation to be carried onboard.

New implementation schedule for compliance with the D-2 standard
The amended regulation B-3, as approved by MEPC71, require new vessels (vessels constructed/keel-laid on or after 8 September 2017) to comply with the D-2 standard and have a ballast water treatment system installed upon delivery. For existing vessels (vessels constructed prior to entry into force of the Convention), the MEPC stands by its decision to use the renewal of a vessel’s International Oil Pollution Prevention (IOPP) certificate as the mechanism to define the phase-in schedule but applying “on or after 8 September 2019” as the start of the phase-in period. As a result, the date by which all ships must have installed a ballast water treatment system has been extended from 2022 to 2024.

The principles of the new implementation schedule for compliance with the D-2 standard is illustrated in the figure below and the details are provided here.





The MEPC71 also agreed that existing vessels not holding an IOPP certificate shall be D-2 compliant no later than 8 September 2024.

The draft amendments to regulation B-3 will be submitted to MEPC72 in spring 2018 – after the BWM Convention has entered into force – with a view to their adoption at that meeting. Members and clients are advised to carefully examine and consider their vessels’ individual IOPP renewal dates so as to ensure compliance in due time.

Prepare for 8 September 2017
Members and clients are reminded that the BWM Convention applies to almost all vessels in international trade using ballast water, including submersibles, floating craft, floating platforms, FSUs and FPSOs, and that, after 8 September 2017, such vessels must:

• have an approved BWM Plan onboard (regulation B-1);
• maintain a ballast water record book (regulation B-2);
• for a vessel of 400 gross tonnes and above, be surveyed and issued with an international ballast water management certificate (regulations E-1/E-2);
• assign a competent officer to manage ballast water and to train officers and crew so that they can carry out their respective duties; and
• manage their ballast water on every voyage, either by performing ballast water exchange (regulations B-4/D-1) or by operating an approved ballast water treatment system (regulations B-3/D-2).

Vessels registered with a flag administration that is not yet a party to the BWM Convention will need to demonstrate compliance and are advised to undergo surveys and be issued with a ‘document of compliance’.

Floating platforms, FSUs and FPSOs may be exempted from certain requirements of the Convention as it is up to the relevant shelf state authority to establish appropriate measures for these units. If a BWM Certificate is not required by the shelf authorities, the requirements of the Convention become applicable only during relocation of the unit. Please refer to IMO’s BWM.2/Circ.46 “Application of the BWM Convention to Mobile Offshore Units” for a list of technical alternatives to ensure compliance.

Members and clients trading to ports in the United States (US) are also reminded that the US is not signatory to the BWM Convention, that vessels discharging ballast water into the waters of the US must comply with the requirements of 33 CFR 151 Subparts C and D, and that ballast water exchange in accordance with the Convention’s D-1 standard may not be an acceptable BWM method under the US ballast water regulations. The differences between acceptable BWM methods under US regulations and the BWM Convention are also highlighted in a post on the Coast Guard Maritime Commons blog on 5 July 2017.

Additional sources of information
Gard issued a Member Circular No. 17/2016 in January 2017, advising Members that liabilities (including fines for inadvertently introducing untreated ballast into the environment) arising from the escape or discharge overboard of untreated ballast through a “faulty” approved system, or other environmental liabilities related to ballast, are capable of cover, subject always to the Rules and any terms and conditions of cover. Cover for other fines relating to a breach of the BWM requirements are only available on a discretionary basis.

For those still in the process of planning the installation of a ballast water treatment system, key elements of the preparatory work is also highlighted in our Alert “Prepare to manage ballast water“ of 8 December 2016.

For those trading on US ports, our Gard Alert “US Coast Guard provides additional ’post type-approval’ guidance to its ballast water regulations“ of 15 March 2017 may be of interest. Remember also that the State of California enforces its own BWM regulations applicable to “vessels that arrive at a California port, are 300 gross registered tons or more, and are carrying or capable of carrying ballast water”. An overview of the current California requirements can be found in the information sheet “California’s Management Requirements for Ballast Water and Biofouling” published by the California State Land Commission. A separate information sheet on “Reporting and Recordkeeping” is also available.

Source: Gard (http://www.gard.no/web/updates/content/23667211/ballast-water-management-are-you-ready-for-8-september-2017?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3B%2Bd%2F4d429Tc26SG8t%2BqmVqw%3D%3D)

At a time when the dry bulk market is still saturated with too many ships, not many operators thoughts will be on acquiring brand new tonnage. A brief flurry of investment in dry bulk newbuildings in the first quarter turned out to be a knee jerk reaction to low prices and a market that had started to show the first signs of life in more than 18 months. But it demonstrated that there is at least some appetite for ordering despite the market woes. However, the business model behind many tonnage suppliers approach to newbuilding investment may well have to change as operators who got their fingers burnt on newbuildings in the past are opting to reduce their risk profile by shortening their time charter commitments.

The typical dry bulk newbuilding investment model, especially in the supramax and panamax sectors, from Japanese tonnage suppliers has been structured around five year charter contracts with both domestic and foreign ship operators. Mitsui OSK Lines, Nippon Yusen Kaisha and K Line built their giant chartered fleets around such deals, which have also become increasingly popular outside of the country. European owners such as Norden have used a similar model to take on new tonnage. But the collapse of Sanko and Daiichi Chuo Kisen demonstrated the dangers of taking on such long-term commitments as the financial losses can be catastrophically high if the market slumps. In Europe, the likes of Western Bulk Shipholding and Grieg Shipping also got caught out with expensive long-term charters.

The indications in Japan are that operators are now seeking shorter charters of two to three years with options to extend. Shorter charters protect operators from paying compensation on cancelled charters when trading turns against them, while the option to extend provides an opportunity to trade on without increasing longer term risk. While shorter charters insulate operators from risk, they pose a problem for banks and yards, limiting their funding options for newbuildings in a tight credit market. In the past, up to 80% financing — or in some cases even more — could be secured on the back of a five-year charters from blue chip operators. But on shorter charters, banks and yards are looking to owners to stump up more equity to spread the risk.

One positive under the new investment model is that it should prevent highly-geared newbuilding deals from once gain swamping the market. One broker said: “If there is now less chance of highly-leveraged newbuilding deals being done, then that will hopefully prevent the market from being over-ordered again.”

Although the market is chronically overtonnaged and will continue to see a large number of bulkers delivered this year, the orderbook is dwindling. Around 60 capesize, 108 panamax and 386 handymax bulkers will sail out of shipyards this year, according to figures from Maritime Strategies International (MSI). But after that deliveries will slump, with only 36 capesize, 26 panamax and 84 handymax bulkers entering the trading fleet in 2018. The figures fall even further for deliveries from 2019 onwards.

Lower delivery levels will eventually push up demand for fleet renewal, particularly in the handymax sector, where 12% of the fleet is more than 20 years old. And there could even be accelerated scrapping of relatively young tonnage as the dry bulk sector faces the costs of complying with ballast water regulation that kicks in from September.

A cyber attack that shutdown AP-Moller-Maersk’s computer systems could cost in excess of $50m in lost cargo bookings, analysts say.

The estimate from Alphaliner is based on the cargo that was diverted to other carriers after the Danish carrier was forced to shut down its communications and operating infra¬structure on 27 June.

The attack affected Maersk Line and its associated carriers, including Safmarine, MCC Transport, SeaLand, and Seago Line, as well as the Damco’s logistics business.

“We can, with great certainty, say that we have never experienced anything like this,” the Danish carrier said in a customer advisory on 3 July. It adds that its IT systems were being brought on line, and expects to have all its 1,500 applications fully functional within a week.

The crippling effect of the GoldenEye Notpetya attack on the world’s leading operator led to criticism of its cyber defences.

Security expert Lars Jensen estimates that 44% of the carriers had low levels of cyber security related to very basic defences, such as passwords. He added: “The cyber attack on Maersk is well within the scope of scenarios which have been predicted for several years.”

The fact that the virus spread across multiple different business units in Maersk “shows the security level cannot be said to be high”, said Jensen.

“While Maersk had a contingency plan to get rudimentary functions in place within 36 hours of the attack — which is good — the subsequent step from initial contingency operations back to normal operations is dragging out.”

“This development unfortunately supports the notion that the level of cyber security — which by definition includes contingency planning for exactly this eventuality — was not at the highest level.”

“It is crucial that the maritime companies look at the Maersk case and learn from it and create more robust and resilient systems — otherwise this will not be the last time we see such challenges arise,” Jensen added.

The IMO’s Marine Environment Protection Committee (MEPC) finished up its 71st meeting Friday with new resolutions on ballast water management and carbon dioxide emissions.

The most noteworthy resolution to emerge from MEPC 71 was a new implementation scheme for ballast water management (BWM) requirements. The new plan requires compliance with the Ballast Water Management Convention standards at the first or second IOPP renewal survey after September 2017, subject to certain conditions. This will allow existing vessels to continue operating without a retrofitted ballast water treatment system until as late as 2024, depending upon the particular timeline of their IOPP surveys – up to two years later than previously allowed, and twenty years after the Convention was first adopted.

New BWMC implementation timeline (graphic courtesy DNV GL)

MEPC has not yet adopted the new resolution, but it expects that the plan will be formally in effect by 2019. The resolution calls on all parties to acknowledge the revised timeline until it is officially in force.

The delay was not unexpected. Multiple flag states, including Brazil, Cook Islands, India, Liberia, Norway and the U.K., had called for IMO to push back the implementation timeline for the BWMC. While it will come as a relief for some financially-pressed shipowners, it may also have implications for ballast water treatment system manufacturers, who could see reduced demand for their products in the near term.

For vessels trading to the United States, the situation is more complex. This week, the U.S. Coast Guard issued a warning that the IMO guidelines on the Ballast Water Management Convention do not apply to America’s own ballast water laws. The agency reminded operators that when vessels are within the territorial waters of the United States, they must discharge via a USCG-approved ballast water management system, an approved alternate management system, a shoreside facility, or not at all. Noncompliance with American ballast water regulations can result in delays, inspection deficiencies and civil enforcement action.

A draft outline for a CO2 strategy
MEPC did not adopt any specific goals or targets for shipping’s future emissions of greenhouse gases, but it did note that its intercessional working group on greenhouse gas emissions has created a draft outline. An initial IMO CO2 strategy could include the following sections:

– Preamble/introduction/context, including emission scenarios
– Vision
– Levels of ambition / Guiding principles
– List of candidate short-, mid- and long-term further measures with possible timelines and their impacts on States
– Barriers and supportive measures; capacity building and technical cooperation; R&D
– Follow-up actions towards the development of the revised strategy
– Periodic review of the Strategy

The strategy, referred to as the “Roadmap” for developing CO2 targets, would include three phases: first, the collection of fuel oil consumption data over the period from 2019-2021; second, a study to analyze this data; and third, “decision making on what further measures, if any, are needed.”

If IMO does not adopt a CO2 control strategy by 2021, the European Union will include shipping within its regional Emissions Trading Scheme (ETS) – an outcome that the industry would prefer to avoid. The International Chamber of Shipping recently called on IMO to develop and adopt “aspirational targets” for emissions reductions, noting that there is a “finite amount of time in which to make the progress that will be necessary to ensure that IMO remains in full control of how GHG emissions from international shipping should best be addressed.”

The global dry bulk fleet grew by its fastest rate year on in May for 27 months, while in the first six months of the year, the growth in dwt terms has exceeded 2.0%, according to a Norwegian shipping analyst and IHS Markit data.

However, IHS Markit figures also show that the Handymax fleet has bucked the trend of growth by shrinking by 3.1% in the past 12 months.

“Fleet growth has accelerated in the second qunarter of 2017 (2Q17), with May growth of about 3.9% y/y being the highest in 27 months. The reason is clearly more optimism, with deliveries speeding up and demolition lowered,” said Eirik Haavaldsen, head of research at Pareto in Oslo.

Fairplay database figures show that the global dry bulk carrier fleet now stands at 796.4 million dwt, which is 2.2% more than in a year ago. In terms of numbers of vessels, the growth has been 1.7%.

The figures show that the VLOC fleet grew by 1.1% to 62.2 million dwt, while in the Capesize category, the increase was 2.4% to 260.5 million dwt. The Post-Panamax tonnage increased by 1.5% to 38.5 million dwt and Supramax by 3.9% to 156.7 million dwt, the steepest increase in any size category.

This was contrasted by a 3.1% contraction of the Handymax fleet, to 31.2 million dwt. The average age of vessels in this category was 16 years, which was six years higher than VLOCs and Handysize vessels, which shared the second position.

The Capesize, Post-Panamax, and Panamax fleets’ average age stands at seven years, while that of the Supramax fleet is two years higher, the Fairplay figures show.

Haavaldsen notes that five Capesize vessels totalling 1 million dwt were sold for scrap in the 2Q17, a decrease from 24 in 2Q16. “With this, 3.7 million dwt of Cape-tonnage has been scrapped this year, vs. 15.4 million and 13.3 million during the whole of 2015 and (20)16 respectively,” he said in a daily market report.

“However – fleet growth will ease off from here due to the limited orderbook – though it is important to emphasise that overall fleet growth in 2017 looks set to be higher than last year due to the much more moderate scrapping activity,” he pointed out.

DS Norden, the Danish dry bulk shipping company, expects the global dry bulker fleet to grow by 3.0% this year, according to its 1Q17 interim report it released in May.

In the VLOC category, there are 51 units that are converted from tankers, with an average age of 23.8 years. This compares with 5.7 years of the purpose built VLOC fleet, BIMCO said in a report last month. The converted vessels account for 5.1 million dwt of the 62.2 million dwt total capacity of the global VLOC fleet, BIMCO, and Fairplay figures show.

In terms of age, many of the VLOCs converted from tankers could be ripe for scrapping, but as many of them operate on long-term timecharters agreed a fair while ago, they can remain profitable to their owners, despite their age.

BIMCO’s deputy secretary general Lars Robert Pedersen said in the report, ”The lifespan of a ship depends on a variety of parameters, such as maintenance, general fatigue, and the design itself. Without specific knowledge about these parameters it is impossible to draw specific conclusions on the general lifespan or projected life of any ship type.”

Insurers and security experts say the discovery of the bodies of two Vietnamese seafarers beheaded by an Islamic terror group highlights the issues faced by the maritime sector.

The bodies were found by soldiers on the island of Basilan in the southern Philippines, and came on the day the ICC International Maritime Bureau (IMB) issued its piracy report for the first six months of the year.

The document highlighted a continuing decline in the number of reported incidents of maritime piracy and armed robbery against ships, with the figures being some of the lowest in the past five years.

However, the discovery of the bodies paints a very different picture and one which adds to the issues for shipowners when it comes to piracy kidnap and ransom, especially those involving terrorist groups.

The two victims were part of a six-man crew of the cargo vessel MV Royal 16, who were taken by members of the Islamic State-aligned militant group, Abu Sayyaf, in November 2016.

The group had been demanding a ransom for the past eight months and, while one hostage was rescued in June, the execution of the two men has heightened fears for the remaining hostages.

One London marine underwriter told Safety at Sea, “The tragic death of these two seafarers highlights the fact that the threat to the maritime sector remains real. Given the belief that the crew were taken by a terrorist group this was not a simple case of piracy.”

The issue for many insurers is that there are clear and stringent sanctions on the funding of Islamic terrorism and therefore strict bans on the payment of any ransom to groups or piracy gangs with links to militant Islamic groups.

“The involvement of Islamic terrorist links does have an impact on the way insurers can respond to these incidents,” added the underwriter. “However, we will do everything we can to work with our clients to ensure the safe return of crew, vessel, and cargo, with the crew the priority.”

In recent years there has been a great deal of talk, and what some may have felt was doom-saying, about the possibility of major cyber attacks in shipping. However, since the world’s largest container ship operator, Maersk, was struck with multiple attacks on 27 June the sector has had a very loud wake-up call.

The incident looks set to have a far-reaching impact, not just for Maersk and its profits but for the industry as a whole. John Gallagher, senior editor at Fairplay, wrote that this event could speed up the development of US cyber policy in light of larger concerns around national security and wider economic impacts.

Meanwhile, it could also spur the shipping sector to take stronger action. As Jordan Wylie writes, “being unprepared is not an excuse” anymore. There are likely hundreds of cyber attacks in the shipping sector that go unreported and are brushed under the carpet, most likely to protect company reputations; this is not sustainable and is more damaging in the long run. Simple policies and staff training can help to strengthen defences.

Shipping should also take a leaf out of the aerospace sector’s book, which has a much more proactive and open approach. The UK’s Aerospace Technology Institute released a statement in March this year that said that “cyber security cannot be dealt with in isolation, it’s a shared responsibility” that requires global collaboration and sharing of intelligence. The government-backed organisation has organised consultations with cyber-security specialists from the aerospace sector and is formulating an industry-wide technology strategy.

The CSO Alliance is currently working on an anonymous cyber-security reporting platform in collaboration with P&I Clubs and a major European aeronautics and cyber-industrial company. Mark Sutcliffe, director of CSO Alliance, told Safety at Sea, “Humans can report and share incidents faster than worms move through computers, so once we see breaking issues, within our world we can analyse share and help to protect.”

Christopher Henny, contracted project manager for the Airbus Defence and Space maritime cyber incident reporting system, told Safety at Sea that the Maersk cyber attack proved that even governments can no longer work in isolation. “This must be a collective solution between all the actors – states, commercial, and industrial – as it is a global phenomenon that knows no borders,” said Henny. “The maritime market is also global and many of the flag states do not have their own cyber-incident reporting centres so regional solutions will only solve a minority of the problems.”

Ports and maritime assets will need to take an increased level of precaution and boards must now take the threat seriously and put cyber security high on the agenda.

Henny added, “While this wave of attacks focused on shore-based servers, as companies move toward cloud computing the potential for ships’ systems to be compromised is growing.”

As we take steps to become more resilient to future cyber attacks it is clearer than ever that speed, stronger regulations, information sharing, and training will be key to tackle this ever-evolving threat.