ABS recognizes that automation methods – and increasingly, autonomy – have penetrated nearly all aspects of shipboard and platform systems. Because these systems control multiple aspects of asset, ship or platform operations, they become integral parts of system and operational safety.
- The organization maintains relationships with information sharing communities and threat or vulnerability broadcasts from both governmental and industry sources.
- The organization shares threat information with peers in its community, including technical information such as indicators of compromise (IoC), to promote greater awareness and community resistance to attacks.
- The organization uses regional and national resources (e.g., US-CERT, ICS-CERT and ENISA) to gain access to recent vulnerability and threat information relevant to its assets.
- The organization builds a series of cultural practices that include cybersecurity requirements, thereby promoting due care and due diligence continue on a routine basis.
- The organization actively engages, trains and informs its Board of Directors, or similar leadership structures and personnel, on cybersecurity practices, potential impacts of cybersecurity risks, and ongoing issues due to cybersecurity in the organization’s environment and context.
ABS says that Each organization seeking to establish or maintain a cybersecurity program must make the collective decision to use the information, lessons, and accumulated wisdom gained from others in support of an internal commitment to continuous improvement. Threats do not stagnate. Threats mutate, evolve, and re-form based on changes in technology, financial gain incentives, and political agendas. Organizations and security programs seeking to be unaffected by threats must not stagnate either.
The organization’s leadership must be actively involved and informed with security matters, as well, so that they understand the actions required to safeguard people, assets and networks. Education for leadership and management encourages them to participate in civic and community efforts that help to inform them on topics of risk, controls and measures.
Find out more by reading ABS report on cyber security