Cyber Security On the High Seas

Cyber technologies have emerged as essential to the operation of maritime cargo vessels.

Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked.

This, in turn, can lead to cyber risks and vulnerabilities, which need to be addressed.

That’s why the International Maritime Organization, the UN agency responsible for measures to improve the safety and security of international shipping, recently released a set of draft guidelines on maritime cyber risk management.

Cyber threats in the maritime environment are presented by malicious actions—such as hacking or the introduction of malware, noted the guidelines, or the unintended consequences of benign actions, such as software maintenance or user permissions.

“In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology,” said the guidelines. “Effective cyber risk management should consider both kinds of threat.”

Vulnerabilities result from inadequacies in design, integration and/or maintenance of systems. When vulnerabilities are exploited, the document noted, whether directly from weak passwords or indirectly from the absence of network segregation, “there can be implications for security and the confidentiality, integrity, and availability of information.” There can also be implications for the safety and operations of a vessel, particularly when critical systems, such navigation or propulsion systems, are compromised.

The essential elements of a cyber defense strategy identified in the guidelines include:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.

Recover: Identify measures to back up and restore systems necessary for shipping operations.

“Effective cyber risk management should ensure an appropriate level of awareness of cyber risks at all levels of an organization,” the document concluded. “The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system.”

GlobalTradeMag: http://bit.ly/25xiN6v

« The CIA Is Driving Cyber Intelligence In Australia
Unlikely Partners Build High Speed Trans-Atlantic Cable »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

it-sa 365

it-sa 365

it-sa 365 is a digital platform for connecting IT security vendors and experts with those who bear responsibility for IT security in management and technology.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Gradient Cyber

Gradient Cyber

Gradient Cyber offer mid-market organizations enterprise-grade threat detection and response services at a fraction of the cost of an in-house SOC.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

CyberAntix

CyberAntix

CyberAntix offers Premium CyberSecurity for your business using an advanced Security Operations Centre technology and process platform reinforced by a steadfast and expert SOC team.

Sirar by STC

Sirar by STC

Sirar is an advanced technology and cybersecurity company established by STC, the MENA region’s ICT and digital services provider.