Page 18: of Maritime Reporter Magazine (April 2018)

Cyber Security

CYBER SECURITY

Incident Response

About the Author

James Espino is president of Gnostech

Inc. A career Coast Guard Of? cer, he

Cyber Incident Response and Incident for the worked in maritime law enforcement, defense operations, and C4ISR devel-

Resilient Organization opment and procurement.

Even prior to NotPetya, regulatory bodies, insurers, P&I clubs, port authorities, and oth- er segments of the maritime industry started taking steps to minimize the industry’s expo- sure to cyberattacks. © aetb/AdobeStock

The maritime industry has had an the industry’s exposure to cyberattacks. port and terminal operators, port authori- order to minimize damage to the mari- awakening. We have awoken to the The U.S. Coast Guard released a draft ties, and other agencies, companies, and time and port operations. These activi- fact that digitalization has woven its Navigation and Vessel Inspection Circu- organizations that make up the “mari- ties aim to minimize the negative im- threads throughout the industry, and we lar 05-17, Guidelines for Addressing Cy- time industry” add an additional layer pacts to commerce, the environment, have greatly bene? ted from being able ber Risks at Maritime Transportation Se- of complexity can slow the adoption of and safety of life at sea or on and about to operate in an interconnected cyber curity Act (MTSA) regulated facilities, comprehensive cyber risk management the water. Additionally, no different than environment. Likewise, being able to to introduce the idea of creating a cyber plans industry wide. a major environmental disaster response, transmit shipboard machinery diagnos- risk framework for the maritime indus- the industry must be prepared to address tic information to shore-side operations try based on the National Institute of Post Cyberattack Actions. Given the all aspects of a cyber-incident response centers, having the ability to navigate in Standards and Technology (NIST) Cy- immediate need to understand what must including the development of a well restricted waters using position and nav- bersecurity Framework. Shipping asso- be done to limit the damage and protect thought out public, stakeholder, and in- igation data originating from space, and ciations such as BIMCO and ABS have systems from a cyberattack, the mari- vestor relations engagement plan.

being able to provide crews the luxury released their own cybersecurity guide- time industry also needs to answer the of streaming video from the web while lines, and countless other organizations question, “What must we do after we ex- Pre-determined Action Plans. No dif- at sea introduces signi? cant risk to the and groups have released best practices perience a cyberattack?” To answer this ferent than other disasters, catastrophes, overall industry and to interconnected to mitigate cyber risk in the maritime in- question, the following question must be or emergency situations, prudent or- segments of the economy in general. The dustry. Although the industry generally asked, “What do we do to prepare for a ganizations will have a cyber incident

NotPetya attack in 2017 was a watershed realizes “something must be done,” the cyberattack?” In this case, the maritime response plan in place to exercise pre- moment that forced the industry to as- progress made to mitigate cyber risks industry has the pedigree to address this determined action plans when a cyber sess its cybersecurity posture. Clearly, within the industry are as varied as the question and can pull from existing reg- incident occurs. Unfortunately, a recent if a global company like Maersk can be industry is diverse. The variety in cyber ulations, best practices, and experiences study by the Ponemon Institute and IBM signi? cantly impacted, then every other risk mitigation in the industry is based gained from responding to physical in- found that 77% of its respondents do not maritime company can be attacked. At on the varying levels of resources avail- cidents such as oil spills, search and have a formal cyber incident response best an attack will result in a ? nancial able from one organization to another, rescue response, terrorist threats, and plan applied consistently across their loss, at worse, an attack could possibly the systems and technologies being used, actions needed to ensure continuity of organization. Response plans would, at force a company to cease operations in- and the differences in risk management operations due to a major storm or other minimum, need to include action plans de? nitely. governance models between organiza- physical threats. responding to ransomware, Distributed

Even prior to NotPetya, regulatory tions and companies. Additionally, sub- Cyber Incident Response and Incident Denial of Service (DDOS) attacks, in? l- bodies, insurers, P&I clubs, port authori- tle but also signi? cant differences in cy- Handling (IR/IH) implies pre-deter- tration of a network, and introduction of ties, and other segments of the maritime bersecurity requirements and regulatory mined action plans, table top exercises, malware in an organization’s network. industry started taking steps to minimize bodies between the shipping industry, and IR/IH resources are pre-staged in Underway or mobile assets must also 18 Maritime Reporter & Engineering News • APRIL 2018

MR #4 (18-25).indd 18 MR #4 (18-25).indd 18 4/5/2018 9:09:04 AM4/5/2018 9:09:04 AM