Cyber Security On the High Seas

Uploaded on 2016-06-06 in INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Cyber technologies have emerged as essential to the operation of maritime cargo vessels.

Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked.

This, in turn, can lead to cyber risks and vulnerabilities, which need to be addressed.

That’s why the International Maritime Organization, the UN agency responsible for measures to improve the safety and security of international shipping, recently released a set of draft guidelines on maritime cyber risk management.

Cyber threats in the maritime environment are presented by malicious actions—such as hacking or the introduction of malware, noted the guidelines, or the unintended consequences of benign actions, such as software maintenance or user permissions.

“In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology,” said the guidelines. “Effective cyber risk management should consider both kinds of threat.”

Vulnerabilities result from inadequacies in design, integration and/or maintenance of systems. When vulnerabilities are exploited, the document noted, whether directly from weak passwords or indirectly from the absence of network segregation, “there can be implications for security and the confidentiality, integrity, and availability of information.” There can also be implications for the safety and operations of a vessel, particularly when critical systems, such navigation or propulsion systems, are compromised.

The essential elements of a cyber defense strategy identified in the guidelines include:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.

Recover: Identify measures to back up and restore systems necessary for shipping operations.

“Effective cyber risk management should ensure an appropriate level of awareness of cyber risks at all levels of an organization,” the document concluded. “The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system.”

GlobalTradeMag: http://bit.ly/25xiN6v

« The CIA Is Driving Cyber Intelligence In Australia
Unlikely Partners Build High Speed Trans-Atlantic Cable »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Defence Labs

Defence Labs

Defence Labs is a cybersecurity company specialising in cost effective penetration testing for small-to-medium sized enterprises.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.

CrashPlan

CrashPlan

CrashPlan delivers secure, continuous endpoint backup and recovery for businesses of all sizes.