Discuss About The Threats Impacts In Maritime Cyber Security.
Most of the world trade is carried via shipping industry. The international shipping industry is one of the main industry for world trade. About 90 % of the trade over the world is done via shipping industry (Lee 2017). The shipping industry is turning itself to technology to marketing improvise safety, manages the cargos effectively, and reduce the cost of shipping. Companies mostly have inherited issues that are related with technology, which is estimated to be $400 billion. It is estimated that the vulnerabilities with the technologies in the companies will rise more in the near future.
The case study that is involved in this report is the Cyprus Shipping Chamber that has recognized the increasing threat in its company related to cyber threat (Maritimecyprus.files.wordpress.com, 2018). The company has increased the concern about the cyber security and the protection that is to be given to its ships for creating awareness among its members as well as provide guidance to all its members. The Cyprus Shipping Chamber has more than 100 ships as well as operates many other ships including container ships, bulkers, and tankers (Jensen 2015). The company has more than 3,000 employees scattered along seven offices all over world. Along with the owner, the company has technical operator as well as crewing services. The company is recently undergoing a transition change from communication services of Fleet Broadband to higher broadband VSAT system. The VSAT is an open internet situation that drive the Cyprus Company to become more vigilance and involve a program of Cyber security in the company. This report details the IT environment of cyber shipping related to Cyprus Shipping Chamber. The risks, threats, and the measures that are taken to mitigate the risk of cyber shipping is discussed in this report in detailed.
Cyber threat in the shipping area is one of the most serious issue that the sector is facing. There are security challenges that the maritime industry is facing with the present technology advancement. The shipping industry needs to protect themselves from the threats that comes to them and also implement security enforcement to mitigate the risks (Qamar et al. 2017). The shipping industry also implements guidelines for supporting the operations of cyber system. The guideline are to be followed by a shipping company if there is a Cyber incident.
The approaches that Cyprus Shipping Chamber deals with addresses the information technology and system for industry specific operational technology. The company provides a range of services as well as solutions for the information technology (Robertson et al. 2016). The IT environment that is linked with the Cyber Shipping includes the following.
The practice that Cyprus Shipping Chamber follows for the information technology is the cyber security resilience management for all its shipping operations. To guide the owners, the managers, and the operators on the ships, resilience management is used for enhancing the assets of cyber security.
Cyber security assessment is another IT Environment that is linked with the Cyprus Shipping Chamber (Loukas 2015). The interdisciplinary teams that are engaged with the onshore personnel and the crews offshore basically identifies as well as addresses the risks of cyber security through different assessment levels. The assessment levels starts from a high level assessment such as via App, to a detailed assessment that is included in the business risks.
There is also Cyber Security Enhancement related with the IT environment of shipping industry. The cyber security enhancement will helps to close the gaps in cyber security that is basically based on the systematic assessment to support the development as well as improvement of plans, human factors, procedure management, and looking at the systems.
There is also penetration testing that the Cyprus Shipping Chamber involves in the IT environment of its technological shipping operations. Penetration testing means testing robustness of the barriers that is important for ensuring the assets and securing the assets of the company. The penetration testing offers more comprehensive as well as effective validation in the procedures and systems.
Verifying the new systems that are built within the ships or the branches is also a part of Information Environment (Carr 2017). The company involves verification of the requirements of cyber security by a third party and then issues a compliance letter. The verification of the operations that are carried out on the ships are also verified by the security official that are on board.
Proper training is provided to all the member of the ship onshore and offshore related to the cyber security (Tam and Jones 2018). The members should know about the technical issues as well as hacking of the systems. The Cyprus Shipping Chamber organizes training lessons for their crews covering all the factors of technical issues and hacking issues and how to mitigate them at the initial stage.
The main Information Technology environment that is linked with the cyber security of the Cyprus Shipping Chamber is penetration of third party and the vulnerability testing that are important to include in a business process and this is considered to be the best practice in a company (Bolat, Yüksel and Uygur 2016). The company also uses some prudent providers for getting a balanced assessment. This is because the assessment generally varies from one provider to another provider. Also, a third party testing is very advantageous in the company that is conducted externally and internally. The corrective measures are to be taken from the audits and test records.
The development that is include in the satellite of maritime broadband basically covers a combined introduction consisting of very high sophisticated equipment including system of computer controlled engine, has changed the risk structure to the maritime vessels. Ships are not protected by air gap from some external system (Heymann et al. 2016). It is estimated that over 30,000 vessels have been globally equipped that has constant access of internet. The system of ship operations, crew welfare, and the remote access for the suppliers have different networks. The separation that are done are compromised by the interventions of ad hoc by the crew and the suppliers provides connection and maintenance.
The risk of the cyber-attack that occurs in a ship has become significant. But the ship owners does not rely to share the information about the ship for the fear of being identified or spreading the news of cyber-attack (Beaumont 2017). This creates a big problem for maintaining the risks that are involved in the system. There are many efforts that are to be undertaken are face the incident that are involved in that platform. There are other risks as well that are included in a shipping attack. The attacks includes awareness lack, procedures and policies that are ineffective, as well as undeveloped culture to the management of cyber risk. The attacks that have been taken place mainly occurred because of getting the SSN (Social Security Number) of the members on the ships that basically result in loss of data, IT problems, and financial waste (Schauer et al. 2017). The data breach that are involved mostly with the offshore security breach includes human error for the cause of data breach. About 80 % of the data breach that occurs offshore are caused because of human error.
The cyber security that is involved in the shipping industry includes the security of the information network and the controlled systems along with all the equipment that are involved for communicating, storing, and acting on the data. There are systems, ships, as well as offshore assets that encompasses the cyber security. There are more external components that are involved with the system of cyber security that involves technicians, suppliers, subcontractors, and external components including sensors and analytic systems that are connected with the data systems and networks (Bhandari, Mohanty and Wylie 2017). The cyber security also involves human a good interaction between the crews as well as personnel of the company, potential threat players, and customers. Cyber security includes evolving group of capabilities that are inside a company, adapt, and develop the technology and the threats that evolve.
The cyber security in shipping industry are more holistic in nature (Bothur, Zheng and Valli 2017). The best practices that are included for mitigating the cyber security risk in maritime industry should implement a function known as SEIM (Security Information and Event Management). The best practice that is to be used for the threat and the risks that a shipping industry encounters is to take helps of the third party specifically for monitoring as well as analyzing the operations for avoiding false sense protection in cyber threat.
With the advancement of technologies, there are many resources available that helps the crew members as well as the operators to know about the risks or vulnerabilities occurring on the ship. There are many standard practices that can be implemented for reducing the cyber risk. The best practices that are involved includes defining the responsibilities and roles of personnel for cyber risk management as well as identify systems assets and the data gets disrupted poses to risks of ship cyber-attack. To mitigate the risks, the ship owners should also include processes of risk control as well as contingency planning, implementing and developing the activities that are needed to detect the cyber event on board (Buchanan 2016). The operators on off shore as well as on shore should identify measures of backing up the data and then restoring the cyber systems that are impacted by the cyber-event.
The shipping industry is facing more challenges with the cyber threat that are evolving day by day. The budgets for maintaining the security has a boundary and there is also a delay in the maintenance of the systems involved with the cyber security. The levels of the crew should also be reduced and training is also to be provided to the members of the ship to mitigate threats. The security for the Information Technology in the maritime industry is evolving with the increasing technology (Z?gan et al. 2018). There should be investment done on the education of cyber risk and proper training should be provided by the management team. The security of a company is not a factor that is to be neglected, especially at the time when technology has reached its peak.
There are many ways that can be undertaken to secure the ships from cyber threat involved in shipping industries. The cyber security that are to be involved in the maritime industry are listed below.
Network Security: Networks included dealing with the operations of a ship are very crucial. It is necessary that the networks of the computer systems are not exposed to the cyber-attack. The computer networks that are on the ships usually lacks the protection of networks and also lacks segmentation from networks. The attacks on the ships have become very common that cause cyber vulnerabilities (Jones, Tam and Papadaki 2016). The vulnerabilities that are included on the ships include implementation of simple policies as well as appropriate technical and architectural response that helps to manage as well as prevent the attacks from data breach in a company or organization. The networks that are onboard should have firewall implemented so that there is a safe area with the systems on the ships. The networks link should be minimized so that there are less communication, which makes the system more secured.
Malware Protection: Malwares are considered as malicious content that are designed to access, control gain, as well as damage the systems. Malware are capable to destroy all the system and networks that are on the system (Tucci 2017). Organizations should implement measures to avoid malwares from system on the ships. Best measure that an organization implement to avoid malware includes policy related to anti-malware for defending the depth of their networks for both off shore and onshore. This helps to avoid malicious content as well as unauthorized content.
Risk Management Establishment: It is important to implement a proper risk assessment measure on the system of shipping organizations (DiRenzo, Goward and Roberts 2017). The organizations needs to communicate all the approaches they are taking for developing policy as well as practice within the organization. The risk management establishment helps to maintain the cyber security by awaking the onboard personnel as well as off board personnel.
Secure the Configuration: Configuration basically improves security of the systems and then eliminates all the risks involved with the system. The shipping organization should avoid using functions that are unnecessary for the systems, and should also know about how to fix the vulnerabilities.
Managing the User Privileges: A users involved in the shipping industry should have a reasonable system privilege and should have right that are needed for those role (DiRenzo, Goward and Roberts 2015). To ensure high elevated system privilege, are to be managed and controlled, which is commonly known as least privilege.
Employees Awareness and Education: The members of the ship who are on board and off board plays a vital role in security of a shipping organization. It is very much important to ensure security rules and implement technology that are needed on the ships to do the jobs. A proper training as well as awareness programmers are to be delivered to ensure security as well as establish a culture of secured conscious in the company.
Monitoring: All the shipping companies should have a good monitoring process to detect the vulnerabilities on the ships (Voorde and Spruit 2017). Monitoring helps the shipping companies to ensure that all the systems are proper and appropriate implementing any experiment if required.
Removable Media Controls: The shipping companies should implement removable media policies that helps to control the use of external devices for export and import of the information, limit the media types that are used together with users, systems, as well as types of information that are transferred.
At initial stage, the shipping companies performs assessment that are potential to threat that are likely to be faced by the company. To map the robustness of the threat and to handle the threat level, assessment is used by organizations. The vulnerabilities assessments should serve the foundation for senior management level workshop (Burghouwt et al., 2016). The internal experts is to be facilitated by the external experts with knowledge of maritime industry along with the key processes that results in mitigating the key risks in the maritime industries.
Built Strong Passwords: A password should have at least 8 different character types. The passwords are not related to the users or the dictionary. All the systems should have different passwords for security purpose. The passwords should have at least a capital alphabet, a special character, as well as a number to make the system more secure. The passwords should not be stored in any file or on Internet while using a public network.
Using E-Mail Carefully: The identity of the email sender should be checked carefully by the member of the ship (Koch and Golling 2016). The members or users on the ships should be trained for the doable and not doable while dealing with a system on board and off board the ship. The users also should not open any attachments or clicks on any internet links.
Separate Personal as well as Professional Uses: The user should not transfer the professional messages on email to their personal messaging. Personal storage device should not be used for storing the business data.
Carefully using the Internet: On board and off board users should carefully use the internet. Using of social networks, forms and such things are vulnerable to disseminate the personal information through internet. Even before payment, the authenticity is to be checked for the security purpose.
Save the data daily: There should be a breakdown or data theft by backing up all the data that involved with the company for securing the data (Katsikas 2017). The external device or the service that should be used should be reputed one for keeping the data safe.
Control all Installed Software on IT Devices: The software that are installed on the system are to be secured with a good anti-virus such that any malware does not get in the software. The users are recommended only to use those software that are needed for the operation of the company. All the software should be updated from time to time to avoid any vulnerability.
Conclusion
The maritime risks related to cyber is basically measure by which an asset of the technology is threatened by potential circumstances or an event. That results in operation that are related to shipping, security, and safety failures as consequences for the information that are lost or corrupted.
The cyber risk management means to identify the processes, analyze the process, access as well as communicate the risks that are related to cyber threat. Cyber risks in shipping industry involves accepting the risks, transferring the risks, as well as mitigating the risks.
The threat to cyber security have grown its complexity as well as widened up in the information psychology sector. Cyber security in all context have become more powerful and has become the concern of all industries. One of the main area of concern that is facing the cyber security is the maritime industry. Safety management for cyber security has become an integral part of the shipping industry as well as the offshore industries.
The main concern is that the shipping industry all over the world is having a technological revolution similar to road, air, and rail transportation. From collision avoidance to the hull cleaning, all the system is automated and have increased much more in the recent years. There are multifaceted vulnerabilities included in the cyber-attack and the cyber security can be managed by risk management strategies.
From the above discussion it can be concluded that the shipping industry is one of the most important industry along with air as well as road industries. The details of the Cyprus Shipping Chamber that deals with many ships. This report details about the security threats involved in the shipping industry.
References
Beaumont, P., 2017. Cyber-risks in maritime container ports: An analysis of threats and simulation of impacts.
Bhandari, R., Mohanty, S.S. and Wylie, J., 2017. Cyber Security the Unknown Threat At Sea. 18-th Annual General Assembly of the International Association of Maritime Universities, p.101.
Bolat, P., Yüksel, G. and Uygur, S., 2016. A STUDY FOR UNDERSTANDING CYBER SECURITY AWARENESS AMONG TURKISH SEAFARERS. PROCEEDINGS BOOK, p.278.
Bothur, D., Zheng, G. and Valli, C., 2017. A critical analysis of security vulnerabilities and countermeasures in a smart ship system.
Buchanan, B., 2016. The life cycles of cyber threats. Survival, 58(1), pp.39-58.
Burghouwt, P., Maris, M., van Peski, S., Luiijf, E., van de Voorde, I. and Spruit, M., 2016, October. Cyber Targets Water Management. In International Conference on Critical Information Infrastructures Security (pp. 38-49). Springer, Cham.
Carr, C., 2017. Exploration into the Types, Operational Areas, and Peripheral Resources of Cyber Threat Intelligence: An Expert Panel Delphi Study (Doctoral dissertation, Northcentral University).
DiRenzo, J., Goward, D.A. and Roberts, F.S., 2015, July. The little-known challenge of maritime cyber security. In Information, Intelligence, Systems and Applications (IISA), 2015 6th International Conference on (pp. 1-5). IEEE.
Egan, D., Drumhiller, N., Rose, A. and Tambe, M., 2016. Maritime Cyber Security University Research: Phase 1 (No. CG-D-07-16). US Coast Guard New London United States.
Heymann, E., Miller, B.P., Alghazzawi, M.J. and Incertis, D., 2016. Addressing the Cyber-Security of Maritime Shipping. In European Transport Conference 2016Association for European Transport (AET).
Jalonen, R., Tuominen, R. and Wahlström, M., 2017. Safety of Unmanned Ships-Safe Shipping with accounting and Remote Controlled Ships.
Jensen, L., 2015. Challenges in Maritime Cyber-Resilience. Technology Innovation Management Review, 5(4), p.35.
Jones, K.D., Tam, K. and Papadaki, M., 2016. Threats and Impacts in Maritime Cyber Security.
Katsikas, S.K., 2017, April. Cyber Security of the Autonomous Ship. In Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security (pp. 55-56). ACM.
Koch, R. and Golling, M., 2016, May. Weapons systems and cyber security-a challenging union. In Cyber Conflict (CyCon), 2016 8th International Conference on (pp. 191-203). IEEE.
Lee, Y.C., Park, S.K., Lee, W.K. and Kang, J., 2017. Improving cyber security awareness in maritime transport: A way forward. 41(8), pp.738-745.
Loukas, G., 2015. Cyber-physical attacks: A growing invisible threat. Butterworth-Heinemann.
Maritimecyprus.files.wordpress.com. (2018). [online] Available at: https://maritimecyprus.files.wordpress.com/2017/09/cyprus-shipping-chamber-cyber-security-case-study.pdf [Accessed 15 May 2018].
Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E. and Chu, B.T., 2017. Data-driven analytics for cyber-threat intelligence and information sharing. Computers & Security, 67, pp.35-58.
Robertson, J., Diab, A., Marin, E., Nunes, E., Paliath, V., Shakarian, J. and Shakarian, P., 2016. Darknet Mining and Game Theory for Enhanced Cyber Threat Intelligence. The Cyber Defense Review, 1(2), pp.95-122.
Schauer, S., Stamer, M., Bosse, C., Pavlidis, M., Mouratidis, H., König, S. and Papastergiou, S., 2017. An adaptive supply chain cyber risk management methodology.
Tam, K. and Jones, K., 2018. Cyber-Risk Assessment for Autonomous Ships.
Tucci, A.E., 2017. Cyber risks in the marine transportation system. In Cyber-Physical Security (pp. 113-131). Springer, Cham.
van de Voorde, I. and Spruit, M., 2017, November. Cyber Targets Water Management. In Critical Information Infrastructures Security: 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers (Vol. 10242, p. 38). Springer.
Z?gan, R., Raicu, G., Hanzu-Pazara, R. and Enache, S., 2018. Realities in Maritime Domain Regarding Cyber Security Concept. In Advanced Engineering Forum (Vol. 27, pp. 221-228). Trans Tech Publications.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download