Maritime Cyber Security Policy
The security environment of the twenty-first century has changed. There is no 100% security.
The maritime industry as a part of the cyber domain is a very competitive and complex industry. Increasingly dependent on complex critical communication and information systems make this industry one of the most susceptible to cybersecurity attacks.
Cyber threats and cyber-attacks are becoming more frequent and more sophisticated every day. As these attacks have been happening more frequency with serious consequences, cybersecurity has become a primary focus for the maritime industry. The cyber threats cannot be eliminated completely, but the risk can be greatly reduced to a level that allows the maritime community to continue to prosper and benefit from the huge opportunities that digital technology brings.
Therefore, appropriate Cyber Defense measures and capabilities have to be in place to face and counter the threats from cyberspace. This will require having effective tools, a well-trained workforce and proper processes in place to detect, analyze, counter, and mitigate cyber threats and vulnerabilities.
To help understand the risks, this paper attempts to analyze the common cyber threats, the possible actors behind a cyber-attack as well as its anatomy. Furthermore, there is a report about the vulnerabilities in ship systems but the main purpose of this paper is to propose a cyber-security policy and its components for the maritime sector.
Download the paper : An Integrated Maritime Cyber Security Policy Proposal
Factors affecting Cyber Risk in Maritime
To ensure the safety of ships and ports, groups and individuals, at all levels of the maritime sector, use analysis to identify potential hazards and their outcomes. One of the most relied upon methods is using a risk assessment tool to deﬁne and prioritise threats.
A disadvantage of most existing assessment frameworks, however, is their inability to update risks dynamically as factors, such as the environment, change.
In the maritime sector, a range of dynamic factors is needed to measure risks, but most conventional frameworks are unable to use them to revise and update their risk proﬁles. In addition to static and dynamic, maritime operational risks can be affected by elements classiﬁed as cyber, cyber-physical, or physical in nature. This demonstrates the relatively equal presence of information and operational technology (i.e. IT/OT) used, however most quantitative risk assessment frameworks are normally limited to one or the other.
This article explores the full range of cyberrelated risk factor types within maritime in order to evaluate applicable risk frameworks and suggest improvements that could help each of those tools assess maritime-cyber risks speciﬁcally. Index Terms-cyber, dynamic, risk, maritime, cyber-physical
Download The Paper: Factors Affecting Maritime Risk