Cyber Security On the High Seas

Cyber technologies have emerged as essential to the operation of maritime cargo vessels.

Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked.

This, in turn, can lead to cyber risks and vulnerabilities, which need to be addressed.

That’s why the International Maritime Organization, the UN agency responsible for measures to improve the safety and security of international shipping, recently released a set of draft guidelines on maritime cyber risk management.

Cyber threats in the maritime environment are presented by malicious actions—such as hacking or the introduction of malware, noted the guidelines, or the unintended consequences of benign actions, such as software maintenance or user permissions.

“In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology,” said the guidelines. “Effective cyber risk management should consider both kinds of threat.”

Vulnerabilities result from inadequacies in design, integration and/or maintenance of systems. When vulnerabilities are exploited, the document noted, whether directly from weak passwords or indirectly from the absence of network segregation, “there can be implications for security and the confidentiality, integrity, and availability of information.” There can also be implications for the safety and operations of a vessel, particularly when critical systems, such navigation or propulsion systems, are compromised.

The essential elements of a cyber defense strategy identified in the guidelines include:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.

Recover: Identify measures to back up and restore systems necessary for shipping operations.

“Effective cyber risk management should ensure an appropriate level of awareness of cyber risks at all levels of an organization,” the document concluded. “The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system.”

GlobalTradeMag: http://bit.ly/25xiN6v

« The CIA Is Driving Cyber Intelligence In Australia
Unlikely Partners Build High Speed Trans-Atlantic Cable »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

Portnox

Portnox

In 2007, Portnox set out to create one of the world’s easiest to use, most loved, value-driven network security solutions — and our customers will tell you we’ve succeeded.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.