An organisation that is cyber resilient is resilient overall, it stands to reason, and that’s why cyber security is great value. It really can pay for itself – especially in the marine industry.
Don’t believe me? It’s good to be sceptical but let me explain. Firstly, let me give you a couple of real-world examples so you can see what I mean.
A company we worked with recently on cyber resilience found that our work also improved their ability to recover from general technical failures. We identified areas that they had previously not considered – vulnerabilities that they did not know were vulnerabilities.
We asked them what their process was for recovering from a complete ECDIS failure and how long they expected it would take them to recover.
We listened and found that there were areas that could be improved. We worked with them to give them the ability to rebuild their bridge systems from the ground up if they needed to. Our team worked with the vendors to get them the software they needed and arranged for the crew to be trained to implement the recovery plan. It turned out it was quite simple to put in place but they had never before asked the “what if” question, they had never considered there could be a better way of doing things. They now have in place a far quicker, cheaper and simpler system of recovery than flying a specialist software engineer out to the vessel location or downloading a massive file over a VSAT connection.
That’s a typical situation that we come across. By working on cyber resilience, asking the right questions, my team identified operational improvements.
It’s about looking at the world through a different prism. About identifying problems and coming up with practical solutions that cause the minimum of disruption and ensure that, if any losses our outages do occur, they remain minimal. Forewarned is forearmed as they say.
Simply asking the question “Have we considered the cyber risk for X” brings it into the conversation. You don’t need to know the answer, you just need to make sure that someone else does.
Similarly, we work with some of the world’s leading insurance brokers and that is because we make their risks less risky. That’s good for them because it reduces the level of claims and good for us because we get more business. But the main beneficiary is the end client. They get cheaper insurance cover, less exposure to risk and enhanced operational resilience. It’s a virtuous circle.
The positive benefits of establishing a resilient cyber security posture go beyond ensuring you are less susceptible to a cyber attack. Our holistic approach looks at prevention and recovery – how you get a vessel’s systems back up and running as quickly as possible as in the example above.
It’s important to think in terms of a technical failure rather than a cyber attack. The problem that people face is that the moment we start to talk about cyber security they think of the classical image of the hooded hacker. Something mysterious and difficult to understand. It is not and the nomenclature makes it seem complicated which creates unhelpful barriers to understanding and adoption.
Cyber security is just another operational issue. Think about it in the usual safety, functional and commercial terms. It’s no different to all the other day-to-day procedures and compliances that are required to keep a vessel operating safely and efficiently.
Of course, cyber threats are complex and difficult to understand for non-specialists. The good news is that most of it is not difficult if you have the right approach and the right partner to support you.
Now let me tell you a bit about Neptune Cyber what we do and, importantly, what we are about. We are marine cyber security specialists – that is all we do. Yes, of course, we are tech geeks but we always try to keep things simple because we know that other people are not. Our team is made up of experts in cyber security, shipbuilding and operations. Combining this knowledge means that we properly understand the commercial, operational and regulatory challenges faced by the marine industry and how they can impact upon cyber security. The advice and solutions we deliver are implementable, will not disrupt operations and are founded in real-world insight into what is commercially viable for your specific needs.
The way we work is to add value to ease the pain of that buying decision. Now I realise we are selling something that people really don’t want to buy but they know they have to because the threat is real and regulation requires it.
It is important to realise that simply implementing a cyber security technology solution or adding policy documents to your SMS is not a magic bullet. You need to take the time to work with potential vendors to talk through your specific needs – not what the sales person wants to sell you – to make you more secure.
Every business in the marine industry strives to maintain and maximise the resilience of their business. Remember, ask the “what if” question. The best approach to cyber security ensures those questions are asked and answers are provided. And that’s why I believe that this approach to implementing cyber security is such great value.