Seven lessons must be learned and five key actions taken to formulate and implement an effective cyber risk-management strategy, says Cobweb Cyber chief executive Michael Hawthorne OBE
Mr Hawthorne, a former UK defence cyber operations chief and Royal Navy captain, shared his views on cyber risk management and compliance of vessel owners, operators and IT experts at the Maritime Cyber Risk Forum in London on 25 June.
With high levels of connectivity in shipping, when we talk about risk on board vessels we are really talking about risk for the whole company, Mr Hawthorne said.
However, there are two interesting dynamics to consider about ships in terms of risk, he added. “Firstly, they are mobile and not always connected to your network.
“Secondly, the tendency of crews to be shifting all the time [means] the responsibility and accountability for looking after those networks all the time is not the same as it would be for a land-based organisation.”
While there are several guidelines available, including from class societies and organisations such as BIMCO, not all of them are applicable or relevant to every operator. Mr Hawthorne advised evaluating each guideline in light of the requirements of an operators’ area of activity and making a selection based on this. And while there is a wide array of potential frameworks to be implemented, identifying which is applicable requires a similar process, he added.
Seven lessons to learn:
Five actions to take: