Page 16: of Maritime Reporter Magazine (April 2018)

Offshore Energy Annual

Read this page in Pdf, Flash or Html5 edition of April 2018 Maritime Reporter Magazine

Maritime Reporter Magazine, page 15, Apr 2018

Maritime Reporter Magazine, page 16, Apr 2018

Maritime Reporter Magazine, page 17, Apr 2018

Cyber Security

CYBER SECURITY

What’s Your Approach?

About the Author

Rick Scott, PE, BSIE, ME, is ABS Senior

It is time to move toward a quantitative approach

Technical Advisor who has worked in academia, high-tech manufacturing that provides deeper understanding of individual risk ele- and the maritime industry for more than 45 years ments observed in marine operating systems

Increasing connectivity in complex so, these methods do provide the current engineer¬ing “knobs to turn” to reduce be reduced. But this formula is less an maritime operating systems is escalat- foundation for risk management plans, them. equation, in a mathematical sense, than ing the potential impact of cyber-relat- on which owners and operators base The most common equation used to a reference model for understanding the ed incidents and complicating the task programs to identify, protect, detect and represent cyber risk is: Risk = Threat nature of cybersecurity risk. Its three el- of defending against them. Traditional recover from cybersecurity breaches. x Vulnerability x Consequence. This ements largely are dif? cult to measure methods for assessing cyber risk provide Building on that model, it is time to move equation has proven useful for practi- and are problematic when trying to en- inadequate guidance for applying lim- toward a quantitative approach that pro- tioners insofar as it has helped analysts gineer and/or calculate a cybersecurity ited security resources. vides deeper understanding of individual intuitively understand that risk has three solution. For the modern maritime risk

Currently, available risk assessment risk elements observed in marine operat- constituent elements, and infers that by practitioner, the core challenge is to cre- methods are largely qualitative. Even ing systems, and provides owners with removing one of these elements, risk can ate a model that de? nes cyber risk so it

One of the things ABS’ research with the

Stevens Institute discovered was that the nature of maritime risk within cybersecurity is not well de? ned or understood.

Nor is it particularly well managed.

MR #4 (10-17).indd 16 MR #4 (10-17).indd 16 4/5/2018 9:03:20 AM4/5/2018 9:03:20 AM