The Triton

Deck

Secure at Sea: Guide helps set up cyber security plan

ADVERTISEMENT

Secure@Sea: by Corey Ranslem

Cyber security is a hot topic. It’s  become one of the most dominant and expanding threats to the maritime industry, and it’s increasing at rapid rates. A day doesn’t go by that there isn’t some news about a government or commercial entity being attacked and losing millions of data points, including critical client and personal information. The financial and health care industries have been dealing with cyber threats for years and are ahead of the maritime industry when it comes to protective measures. However, they aren’t that far ahead.

The protection of a large yacht from a cyber threat is operationally more difficult than a land-based facility or organization. OT (operational technology) and IT (integrated technology) on board large yachts continues to expand as new software is developed and launched with the goal of reducing onboard workloads. These technologies are playing a bigger role in a yacht’s day-to-day operations. OT is defined as a system we use in our normal day-to-day operations – such as navigation equipment, radar, GPS, etc. – and IT is the system that integrates those devices and eventually connects them to the internet.

Most large yachts fall outside the requirements of the ISPS (International Ship and Port Facility Security) Code because of size and operations, so they don’t have formalized security plans. The IMO, or International Maritime Organization, is the larger governing body when it comes to maritime-related issues, including the ISPS Codes and maritime security. The IMO has pushed forward some regulations when it comes to maritime cyber security, but it isn’t planning on making major changes to the ISPS Codes or other regulations. So cyber security remains the responsibility of the vessel owner, operator and crew.

BIMCO (Baltic and International Maritime Council) has put together and updated a guide titled “Cyber Security Onboard Ships”. This is a free guide and not a difficult read. BIMCO primarily deals with cargo vessels, but many of the practices they mention in this guide are pertinent to large yachts and don’t take a computer science degree to put into practice. It’s a great foundation to help captains, crew and shore-side personnel set up the basics of a cyber security plan.

The guide concentrates on three main areas: safety management systems, OT risks, and supply chain dangers. Supply chain dangers don’t potentially apply to large yachts, but there is some good information in that section regardless.

As with any plan you develop, it is a good idea to understand the potential threats. When it comes to devising a cyber plan, you also should understand how your internal network and external connections are set up. If you have an IT company working with your boat, you should ask them about some of the items discussed in the BIMCO report.

Here are some key areas BIMCO suggests looking at when setting up your cyber security plan:

  • Cyber security should fit into your physical security plan– who has access to the physical equipment and how that access is controlled and secured.
  • If you have multiple users within your onboard networks, you should consider segmenting the networks to prevent issues (different networks for guest, crew and operations).
  • What type of physical and cyber intrusion detection do you have in place to detect issues within your network?
  • Consider periodic scanning and testing for vulnerabilities.
  • Look at using “whitelisted” software.
  • Access and user controls – that is, who has access to different parts of the network?

Make sure you have a training program in place for crew to teach them about cyber risk. You can put any type of protection measures in place, but without good crew training and vigilance all of that work could be for nothing.

Corey Ranslem, CEO at International Maritime Security Associates (www.imsa.global), has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Related Articles

Secure at Sea: Navigate high-risk areas safely with accurate intel in real time

Secure@Sea: by Corey D. Ranslem The world is amazingly dynamic, and an ever-changing maritime security situation can sometimes cause major interruptions to the best organized plans. I have worked …

Secure at Sea: Is your vessel ready for IMO’s Cyber Security compliance?

Secure at Sea: Is your vessel ready for IMO’s Cyber Security compliance?

Secure@Sea: by Corey D. Ranslem Cyber security threats continue to be one of the top threats facing governments, businesses, and private individuals around the globe with attacks increasing …

Secure at Sea: Disaster response calls for extra steps

Secure at Sea: Disaster response calls for extra steps

Secure@Sea: by Corey D. Ranslem The hurricane season this year hasn’t been particularly busy when it comes to the number of storms and systems, however, it has been devastating for the Abacos …

Secure at Sea: Solid plan can mitigate cyber-security issues

Secure at Sea: Solid plan can mitigate cyber-security issues

Secure@Sea: by Corey D. Ranslem Cyber security for the global maritime industry continues to be a concern that most seem to be ignoring. Over the past few weeks, I have read several news articles …

Secure at Sea: Training must be specific to yacht, crew

Secure at Sea: Training must be specific to yacht, crew

Secure@Sea: by Corey Ranslem Our daily underway routine was constant on board the Coast Guard cutter. Each day, right after lunch, we did drills and training for just about every type of possible …

Secure at Sea: Yachts, yards may be liable for inadequate network security

Secure@Sea: by Corey D. Ranslem Cyber security issues are a dominant part of world headlines on an hourly basis. Attacks continue in almost every industry and location of the world with an …

Comments

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.