Autonomous shipping and digitalization are currently the ‘buzz’ words around us; however, many things need to be considered about these issues and the industry continues to discussing a lot about them. Certainly, these are the new trends in the spotlight and more developments are looming in the forthcoming years to make the smart shipping concept a reality. However, the ‘smart era’ escalates cyber security risks; in 2017 shipping industry reported the first significant cyber incidents which rang the bell for this new kind of threats.
IMO, BIMCO, MCA, USCG, ROs and many other industry stakeholders have already issued guidance and best practices in order to address item. Organisations should take these guidelines into consideration and be prepared to respond to potential risks and recover from cyber attacks. In particular, organisations need to think differently and be more agile on handling attacks; therefore cyber security is not enough.
Cyber resilience is the concept to help organisations as it looks at a wider scope where it comprises cyber security and business resilience. Cyber resilience can be defined as the organization’s ability to withstand and/or quickly recover from cyber events that disrupt usual business operations.
Cyber attacks either aim to steal/ modify data or to business continuity. Although data is already being protected by legislations, such as the EU General Data Protection Regulation, there is no policy on how to respond in case an attack affects the business continuity of an organization. In such case, cyber resilience is vital. Resilience is not defined by a series of checklists, but through evaluations based on the current threat environment and the acceptable risk level for the organization.
In the dynamic business environment, traditional security tactics may not be sufficient. Old methods of adding another point product to the mix or waiting for IT to identify and propose technology solutions to Top management is less effective than ever. No organization can simultaneously sift through alerts, track vulnerabilities, apply security policies across various systems and endpoints, and accurately assess what a mass of global threat data actually reveals in real time. To manage these competing challenges, organizations must change their security posture from a defensive stance focused on malware to a more realistic and resilient approach—a cyber resilient approach.
Cyber resilience is about managing security with a multi-layered approach that encompasses people, processes, and technology. Correlating security intelligence is important, but just as important is increasing employees’ security awareness so they can make better decisions and reduce risky behavior. This expanded scope helps to eliminate the cyber gap between IT and business, requiring the two sides to proactively align and present a united front against threat and incursion.
The most important consideration for cyber resilience is the idea that an organization deploys its assets (people, information, technology, and facilities) in support of specific operational missions (i.e., scope of organization, day by day business). In order to achieve required level of awareness and resilient response the following basic steps should be followed:
Step 1: Prepare/Identify
Identify actions for when cyber event will occur
Resilience address preparedness as a specific emergency management business function; but more importantly, as being impacted by numerous functions across organization. These may include asset management, human resources, strategic planning, financial management, information technology, and risk management.
Step 2: Protect
Αctions to mitigate damage or make assets an unattractive target
The focus is to maintain assets’ core function and ward off harm. Organizations plan for protection against specific threats or categories of threats. Resilience approaches the issue from a standpoint of taking reasonable protective actions, but having alternative capabilities as needed or ability to withstand disruption.
Step 3: Detect
Focus on activities to rapidly identify an attack and ensure a timely response
This stage is concerned with continuing to monitor network for other attack indicators related to that attack and making sure safeguards in place were effective. A critical downside of an organization spending so much time and effort trying to protect itself from attacks is that entity often fails to prepare for what to do when an attack succeeds.
Step 4: Respond
A response plan clarifies action in case of an incident
Organizations need a response plan that clearly tells people what to do when an incident occurs. An Incident Response Team should be established, with specific roles and responsibilities identified. These roles should be assigned to competent members of organization. A team leader/manager should be appointed and assigned responsibility of declaring an incident, coordinating activities of response team, and communicating status reports to upper management.
Step 5: Recover/Review
Review systems and plans to restore any data affected
Critical to any resilient security strategy is recovery. This stage involves developing and implementing appropriate systems and plans to restore any data and services that may have been impacted during a cyber-attack. No matter the preparation and protection measures an organisation implements, it may not be able to avoid certain types of attacks. Even if the response is quickly to a cyber breach, an attack may have consequences. No matter the outcome, organizations must be able to restore their people, processes, and systems as quickly as possible. An effective recovery depends on a clear and thorough recovery plan.