Preparing for the Maritime Cyber Security Challenge
Imagine you are an Information Security Manager for a shipping company and while docked in port, a service technician boards your ship to perform a software update of the Voyage Data Recorder system and unknowingly introduces a virus. As a result of the virus the ship’s ECDIS system becomes infected resulting in a denial of service once you’ve set sail. The ship is now sailing without ECDIS and the last course direction was towards North Korean waters. What do you do next?
That exact scenario was played out with 60 delegates from the Greek shipping community and 5 UK companies at the British Ambassador’s Residence on March 5th. Roundtable discussions took place on possible outcomes and solutions which highlighted the complexity of the cyber security sector. Running through scenarios like this give the security officers opportunity to verify their own ideas and plans in the same way that the armed forces run their own wargames.
Five UK organisations with specialist cyber security interest hosted the Greek delegates and promoted discussions on the tables. CyberOwl, ESID Consulting, Inmarsat, Lloyd’s Register and the University of Plymouth all took part in the wargame. The wargame scenario was created and overseen by Professor Siraj Shaikh of Coventry University, who authored the “Future of the Sea: Cyber Security” for the UK Government Office of Science.
Daniel Ng, CyberOwl said “The cyber war game format facilitated some fantastic, and sometimes passionate, discussions. It is clear the Greek shipping community is concerned about cyber risks and are struggling to understand where and how best to start managing them. Events like this are so important to engage in such important dialogue and showcase the best British capabilities that can be brought to the table.”
Gary Peace of ESID Consulting said “The Cyber Security event hosted at the British Ambassador’s Residence in Athens was a truly ground breaking event in its format and structure. It really engaged the audience and provoked some intense discussion and exchanges from the shipping community delegates present, showing just how complex the response to a cyber-attack can be. More importantly the scenario posed showed what actions and decisions need to be considered and taken when managing an organisational response to a cyber breach and to stop it turning into a crisis.”
Elisa Cassi of Lloyd’s Register said “As cyber threats continue to increase in the marine industry, it is our mission to ensure that our clients never make the headlines for the wrong reasons. Whilst it’s impossible to eliminate cyber threats, implementing the right strategy, education and services covering both information and operational assets will dramatically reduce the risk of a breach, and the associated operational and safety risk as well as reputational and financial impacts. No business can make itself impregnable. What it can do, however, is seek to temper any attack on its critical business drivers by creating a scalable security posture.”
Wayne Perks of Inmarsat said ““It was a fantastic event and is great to see the enthusiasm and proactive responses from Greek ship operators and owners towards the increasing cyber security threat. Inmarsat has been responsible for safety at sea for over 40 years, the cyber war-game scenario gave a clear demonstration of why treating a cyber security event as critical as you would a distress situation is so important.”
Tom Chant from the Society of Maritime Industries (SMI), the co-organiser of the event, said “With the growth of the digital sector the SMI has created a Digital Technology Group to support this type of activity for the sector. I’m delighted that we were able to pull this event together in close co-operation with the Department for International Trade team in Athens whose connections made the event possible.”
Source: Society of Maritime Industries