Cyber Security On the High Seas

Cyber technologies have emerged as essential to the operation of maritime cargo vessels.

Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked.

This, in turn, can lead to cyber risks and vulnerabilities, which need to be addressed.

That’s why the International Maritime Organization, the UN agency responsible for measures to improve the safety and security of international shipping, recently released a set of draft guidelines on maritime cyber risk management.

Cyber threats in the maritime environment are presented by malicious actions—such as hacking or the introduction of malware, noted the guidelines, or the unintended consequences of benign actions, such as software maintenance or user permissions.

“In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology,” said the guidelines. “Effective cyber risk management should consider both kinds of threat.”

Vulnerabilities result from inadequacies in design, integration and/or maintenance of systems. When vulnerabilities are exploited, the document noted, whether directly from weak passwords or indirectly from the absence of network segregation, “there can be implications for security and the confidentiality, integrity, and availability of information.” There can also be implications for the safety and operations of a vessel, particularly when critical systems, such navigation or propulsion systems, are compromised.

The essential elements of a cyber defense strategy identified in the guidelines include:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.

Recover: Identify measures to back up and restore systems necessary for shipping operations.

“Effective cyber risk management should ensure an appropriate level of awareness of cyber risks at all levels of an organization,” the document concluded. “The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system.”

GlobalTradeMag: http://bit.ly/25xiN6v

« The CIA Is Driving Cyber Intelligence In Australia
Unlikely Partners Build High Speed Trans-Atlantic Cable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Information Network Security Agency (INSA) - Ethiopia

Information Network Security Agency (INSA) - Ethiopia

INSA's vision is to realize a globally competent National Cyber capability which plays a key role in protecting the national interests of Ethiopia.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

Rwanda Information Society Authority (RISA)

Rwanda Information Society Authority (RISA)

RISA is at the forefront of all ICT project implementation, research, infrastructure and innovation within the ICT sector in Rwanda.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.