Page 19: of Maritime Reporter Magazine (April 2018)

include actions that take into account safeguards, identifying and taking action post-cyberattack incidents. Organiza- cal component for maritime organiza- other scenarios such as losing Global on the lessons learned from a cyberat- tions will need to determine how expedi- tions to ensure that environmental, com-

Positioning System (GPS) or other Po- tack must be driven from the top down. tiously they can return to full operational mercial, and safety impacts are kept to a sition, Navigation, and Timing (PNT) capacity. Organizational leadership must minimum. Fortunately, the industry has systems, impact to a vessel’s steering or Reconstitution. In most cases, organi- continue to communicate with all their existing response plans for other types of machinery control system, and loss or zations have a systematic process for re- stakeholders what steps are being taken catastrophic events that can be used as manipulation of electronic navigation constituting operations. These processes to return to a fully operational status. a model for preparing and responding to systems. In most of these underway sce- will need to be extended to include Preparation for a cyberattack is a criti- cyberattacks.

narios, contingency plans are already in place for these scenarios caused by other means, but there may be additional re- sponse requirements to the nature of the attack.

Once developed, these action plans must be exercised on a regular basis.

This is no different than other required drills. Many organizations have incorpo- rated cyber incidents in table top exercis- es or have created cyber incident speci? c table top exercise to see how well their action plans work.

Attack in Progress. Being able to iden- tify and understand that an attack is in progress must be incorporated into an organization’s training programs. Like- wise, hardware and/or software solutions will need to be con? gured or acquired to help employees and crews determine whether a cyberattack is taking place.

Depending on the type of attack, the characteristics of the attack may be ob- vious, but not always.

How an organization communicates the nature of the attack and how they respond externally to a cyber incident is just as critical as the technical and engi- neering actions taken to manage an at- tack internally within the organization’s systems. Organizations need to develop a communications and public relations action plan to ensure con? dence among customers, investors, partners, other stakeholders, and the public that the or- ganization can effectively respond to a cyber incident while minimizing disrup-

READY FOR THE tion to operations and commerce.

JONES ACT WTIV

With 47% of the world-

Post Incident Analysis. Depending on wide-operating WTIVs and 90% SOVs classed the nature of the attack, an organization with DNV GL, and our can expect law enforcement to treat a cy- experience with recent newbuildings under ber incident as a crime, thereby making

American ?ag, we are the systems and network that were at- ready to also support the tacked a crime scene. Therefore, to iden- success story of WTIVs in the USA. tify the origins of an attack, an organiza- tion should also implement procedures to preserve evidence during and after an attack. This requires putting in place a chain of custody procedure, digital evi- dence handling procedures, potentially

MODERN CLASS FOR SMARTER OPERATIONS performing internal digital forensics ac- tivities, and having a Continuity of Op-

Today’s market needs smarter solutions – and a modern classi?cation partner. Find out how our modern classi?cation erations Plan, which may include using a solutions can turn possibilities into opportunities – and make your operations safer, smarter and greener. back-up system during an investigation.

Learn more at dnvgl.us/maritime

Post incident analysis will need to in- clude a post-mortem to determine how to prevent similar attacks in the future.

Much like implementing cybersecurity www.marinelink.com 19

MR #4 (18-25).indd 19 MR #4 (18-25).indd 19 4/5/2018 9:10:05 AM4/5/2018 9:10:05 AM