Cyber Security On the High Seas

Uploaded on 2016-06-06 in INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Cyber technologies have emerged as essential to the operation of maritime cargo vessels.

Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked.

This, in turn, can lead to cyber risks and vulnerabilities, which need to be addressed.

That’s why the International Maritime Organization, the UN agency responsible for measures to improve the safety and security of international shipping, recently released a set of draft guidelines on maritime cyber risk management.

Cyber threats in the maritime environment are presented by malicious actions—such as hacking or the introduction of malware, noted the guidelines, or the unintended consequences of benign actions, such as software maintenance or user permissions.

“In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology,” said the guidelines. “Effective cyber risk management should consider both kinds of threat.”

Vulnerabilities result from inadequacies in design, integration and/or maintenance of systems. When vulnerabilities are exploited, the document noted, whether directly from weak passwords or indirectly from the absence of network segregation, “there can be implications for security and the confidentiality, integrity, and availability of information.” There can also be implications for the safety and operations of a vessel, particularly when critical systems, such navigation or propulsion systems, are compromised.

The essential elements of a cyber defense strategy identified in the guidelines include:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.

Recover: Identify measures to back up and restore systems necessary for shipping operations.

“Effective cyber risk management should ensure an appropriate level of awareness of cyber risks at all levels of an organization,” the document concluded. “The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system.”

GlobalTradeMag: http://bit.ly/25xiN6v

« The CIA Is Driving Cyber Intelligence In Australia
Unlikely Partners Build High Speed Trans-Atlantic Cable »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.