Page 16: of Maritime Reporter Magazine (April 2018)
Offshore Energy Annual
Read this page in Pdf, Flash or Html5 edition of April 2018 Maritime Reporter Magazine
Cyber Security
CYBER SECURITY
What’s Your Approach?
About the Author
Rick Scott, PE, BSIE, ME, is ABS Senior
It is time to move toward a quantitative approach
Technical Advisor who has worked in academia, high-tech manufacturing that provides deeper understanding of individual risk ele- and the maritime industry for more than 45 years ments observed in marine operating systems
Increasing connectivity in complex so, these methods do provide the current engineer¬ing “knobs to turn” to reduce be reduced. But this formula is less an maritime operating systems is escalat- foundation for risk management plans, them. equation, in a mathematical sense, than ing the potential impact of cyber-relat- on which owners and operators base The most common equation used to a reference model for understanding the ed incidents and complicating the task programs to identify, protect, detect and represent cyber risk is: Risk = Threat nature of cybersecurity risk. Its three el- of defending against them. Traditional recover from cybersecurity breaches. x Vulnerability x Consequence. This ements largely are dif? cult to measure methods for assessing cyber risk provide Building on that model, it is time to move equation has proven useful for practi- and are problematic when trying to en- inadequate guidance for applying lim- toward a quantitative approach that pro- tioners insofar as it has helped analysts gineer and/or calculate a cybersecurity ited security resources. vides deeper understanding of individual intuitively understand that risk has three solution. For the modern maritime risk
Currently, available risk assessment risk elements observed in marine operat- constituent elements, and infers that by practitioner, the core challenge is to cre- methods are largely qualitative. Even ing systems, and provides owners with removing one of these elements, risk can ate a model that de? nes cyber risk so it
One of the things ABS’ research with the
Stevens Institute discovered was that the nature of maritime risk within cybersecurity is not well de? ned or understood.
Nor is it particularly well managed.
© aetb/AdobeStock 16 Maritime Reporter & Engineering News • APRIL 2018
MR #4 (10-17).indd 16 MR #4 (10-17).indd 16 4/5/2018 9:03:20 AM4/5/2018 9:03:20 AM