Page 29: of Maritime Reporter Magazine (May 2017)

following 9/11. ists for achieving a 100% cyber-secure relentless, malicious, fast moving, and be satisfactorily answered regarding environment. As regulations evolve ubiquitous. Shipping executives must cyber risk, shipping executives must

So where does a shipowner start? (and they will), and the march towards understand cyber risk is a chronic peril advocate, fund, implement, and sustain

If a shipping company has not already ever-greater connectivity onboard ships that can – and must – be managed. a long-term holistic cybersecurity strat- done so, then my recommendation is to continues, cyber risks will similarly de- Although answers to the who, what, egy. Though not easy in today’s eco- ? rst perform a cybersecurity capability velop. They are here to stay. They are where, when, and why may not always nomic environment, it is achievable. maturity assessment of their entire orga- nization. Companies engaging experts to perform assessments of one of? ce or a single vessel are, in my opinion, wasting money. Following this approach is like performing a baseline health checkup on one’s arm or leg while ignoring the rest of the body. Cybersecurity technology vendors and consultants are expensive, and expending limited resources (e.g. money!) in today’s economic climate on one of? ce or vessel is not money well spent. Here’s why I recommend this approach: cybersecurity capability maturity analysis provides a structure for assessing every functional area of a shipping company and a methodology for baselining its current capabilities vis-à-vis current cyber risks in order to support continuous improvement efforts.

WHEN THE MISSION MATTERS

Properly executed, it enables shipowners to determine where within their business

VIGOR DELIVERS cybersecurity strengths or weaknesses may exist; to make well-informed de- cisions about how and where to invest limited funds and allocate precious re- sources; and to better understand why some capabilities may be more suitable for investing in than others. Employ- ing cybersecurity capability maturity analysis de? nes an organization’s “cy- ber enterprise” (e.g. the entire business), calibrates capability relevance or appro- priateness, inaugurates a basis for recur- ring benchmarking, and becomes the ongoing mechanism for informing sub- sequent cybersecurity investments.

The bene? ts are extensive. Perform- ing a cybersecurity capability assess- ment should not be overly expensive, does not (yet) commit the company to expensive capital investments, and es- tablishes a standardized framework for sustaining cyber risk management over time through recurring analysis, due dili- gence, disciplined investment planning,

HIGH PERFORMANCE ALUMINUM VESSELS and continuous improvements. Best of all, the approach is designed to enlighten decision-makers on how cyber risks can be managed in a responsible, sustainable fashion.

To operate in today’s ‘Cyberized,’

Internet – of – Things global econo- my, shipping companies must seek to achieve and sustain a cyber mature pos- ture. Though cybersecurity technologies

VIGOR.NET [email protected] continue to develop and adapt to persis- tent cyber threats, no ‘magic bullet’ ex- www.marinelink.com 29

MR #5 (26-33).indd 29 MR #5 (26-33).indd 29 5/3/2017 8:16:07 PM5/3/2017 8:16:07 PM