Simple Steps to be Cyber Secure in the Complex Technology Environment of Maritime.
The maritime industry is rapidly digitizing and optimizing into a tech-heavy industry. This translates into a tech-heavy industry that makes it a large attack surface for cybercriminals and hacktivist to gain access to industry safety and technology.
Securing and defending this technology means constant renewal of knowledge and efforts for members of an enterprise to be cyber secure. Keeping up with the high industry standards, various safety, navigation, technology, and training are maintained. This means that every member of different roles can put their effort to ensure a cyber secure environment. The best practices that can be used are relatively simple and easy to maintain in existing safety checks and operating procedures.
Starting at the highest level of an organization that involves decision-makers in the maritime sector, members can re-examine the role technology plays in the operation of their business. Revisiting technology being used in supply chains and analysing the product manufactured in critical places can prove to be found vulnerable. Also, reviewing the existing risk management on the technology to reflect the new standards helps significantly improve in the event of disaster recovery. Decision-makers should take the time to identify the likelihood of disruption of new technology before implementing it into their main operations.
Moving a step down, operation managers of technology should ensure any equipment that is reliant on enterprise computer or network access is well configured and optimized through regular patches and updates, as well as limiting physical access to the connected devices through thoroughly strong and cycled passwords. This policy must be applied to every technology being used from navigation systems found abroad on the ship to the computers used to maintain inventories at ports. It is also critical that the footprint and signatures of these devices are managed appropriately. This makes it easy and accurate to track the inventory of devices that are networked or connected, as well as measures, are taken to secure them.
Finally, at an individual level, every member of an organization plays a critical role in maintaining cyber security within the rapidly evolving threat environment. Basic hygiene that includes not sharing passwords, being appropriately suspicious of potential phishing emails, and not trusting devices of unknown origin are elements everyone can follow to help harden the cyber structure from most of the common attacks.
A collaborative discussion across the management and the different team levels helps set an understanding of required devices within the network and technology environment. Crew should be knowledgeable to understand the impact of implementing a new system being attacked or degraded which can affect operations. Security control should be regularly maintained for systems being used by operators. A strong business continuity program and incident response plan should also be implemented to ensure strong resilience and survivability in the event of a large-scale security breach or a ransomware attack.
With the current, rapidly growing cyber threat environment, organizations should maintain plans preparing them for the possibility of any type of attack. It is still not too late to maintain proper retentions that can weather a cyber-attack. Every individual in an organization plays an important role in maintaining a cyber secure environment.
This article reacts to an original article by Jason P. Atwell, Principal Advisor of Global Intelligence, Mandiant, Inc.
About the Author
Captain Errol Gonsalves FICS