Shipping’s cyber-security risks are real and pressing, but they can be quantified and managed, says LR cyber security product manager Elisa Cassi
Maritime’s fragmented approach to digitalisation carries risk, especially when it comes to cyber security.
Speaking recently at Lloyd’s Register Asia Shipowners’ Forum, Wallem Group chief executive Frank Coles highlighted how operators can fail to update critical processes when embracing new onboard technologies. By overlooking the human elements of cyber security, he said, operators can undermine the potential benefits of acquiring a new technology – introducing risk instead capitalising on the rewards it can offer.
While cyber security risks posed to the shipping sector are real and pressing, they can be quantified and managed, if the right approach is taken.
Safeguarding critical assets in a fragmented digitalisation process and ensuring profitability in the years to come depends on three cornerstones:
The cyber security landscape is rapidly changing and the insights gained as little as five years ago are of less and less value as threat actors adjust their approaches in response to advances made by security professionals and technical defenders. Regular threat intelligence and assessment activities allow an owner to view their organisation through the eyes of a potential attacker, to perceive their attack surface in detail, and to assess the real-world threats to their business.
With knowledge of the attack surface and adversaries already in hand, owners can take steps to safely, effectively and efficiently ensure they are prepared to respond to a cyber attack by using a simulated cyber attack known as a ‘red team’ exercise. Such exercises allow a company to define and simulate real-world attack scenarios using the same tactics, techniques, and procedures as a genuine threat actor. They also help determine the level of assurance and ability needed to effectively detect and respond to a genuine cyber attack and educate defence teams about effective responses within a controlled and forgiving environment.
An effective cyber security strategy completes the foundation of a secure technological and organisational infrastructure. Designing a cyber security strategy is a complex task for most firms as the strategy must be robust and responsive enough to address a dynamic operational environment. Security professionals can work to create a cyber security strategy to create operational efficiencies, maximum return on technology investments, and assured data and asset protection into the future.
Given the cost and reputational risks associated with a cyber attack – estimated at £11.7M (US$15.4M) per company according to a World Economic Forum 2017 study – there is no doubting the importance of taking a strategic approach to cyber security.
Ultimately, a truly cyber resilient shipping organisation is one that gains intelligence on evolving cyber threats to inform decisions and plans, going beyond the minimums needed to achieve compliance.
Riviera Maritime Media’s Maritime Cyber Risk Management Forum takes place in London on 25 June 2019. The event includes a live cyber attack exercise and provides an unrivalled opportunity for 100 key maritime industry stakeholders, including shipowners and C-level decision makers, to analyse the industry’s cyber security preparedness.