Subscribe to our Mailing Lists (It's free!)
Friday, July 4, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    AP Companies: How physical and mental well-being shape happier ships

    AP Companies: How physical and mental well-being shape happier ships

    bali indonesia

    Ferry sinks off Bali with multiple casualties

    Year in Review: How the Russian invasion of Ukraine affected shipping in 2022

    LR: New requirements for lifting appliances and anchor winches

    How to prepare for Cyber Security

    Two crew members accused over deadly tanker collision

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

    public speaking

    8 Key rules of Public Speaking

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    hull

    AkzoNobel: Quality antifouling coatings can help with CII and EEXI compliance

    nuclear power

    Nuclear shipping inches closer to reality: Latest developments

    nuclear energy ABS

    Consortium advances floating nuclear power for the Mediterranean

    CSA scrubbers

    CSA urges OSPAR to improve understanding before enacting scrubber ban

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

    abs training center

    ABS opens smart training center in Athens

    iaph cyber security

    IAPH releases cyber security guidelines for new port technologies

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

    PSC

    AMSA Annual PSC Report: ISM-related deficiencies on the lead

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    European Commission EU

    EU in discussions over maritime and port strategies

    underwater noise from ships

    AMSA: Reduction of underwater radiated noise from shipping

    nuclear energy ABS

    Consortium advances floating nuclear power for the Mediterranean

    Germany shadow fleet

    German Government increases vigilance in the Baltic Sea

  • Columns
    AMPI: Seafarers face critical risks in pilot transfer rigging

    AMPI: Seafarers face critical risks in pilot transfer rigging

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    human factor organizational safety

    Cracking the safety code: Why human factors matter

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    AP Companies: How physical and mental well-being shape happier ships

    AP Companies: How physical and mental well-being shape happier ships

    bali indonesia

    Ferry sinks off Bali with multiple casualties

    Year in Review: How the Russian invasion of Ukraine affected shipping in 2022

    LR: New requirements for lifting appliances and anchor winches

    How to prepare for Cyber Security

    Two crew members accused over deadly tanker collision

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

    public speaking

    8 Key rules of Public Speaking

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    hull

    AkzoNobel: Quality antifouling coatings can help with CII and EEXI compliance

    nuclear power

    Nuclear shipping inches closer to reality: Latest developments

    nuclear energy ABS

    Consortium advances floating nuclear power for the Mediterranean

    CSA scrubbers

    CSA urges OSPAR to improve understanding before enacting scrubber ban

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

    abs training center

    ABS opens smart training center in Athens

    iaph cyber security

    IAPH releases cyber security guidelines for new port technologies

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

    PSC

    AMSA Annual PSC Report: ISM-related deficiencies on the lead

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    European Commission EU

    EU in discussions over maritime and port strategies

    underwater noise from ships

    AMSA: Reduction of underwater radiated noise from shipping

    nuclear energy ABS

    Consortium advances floating nuclear power for the Mediterranean

    Germany shadow fleet

    German Government increases vigilance in the Baltic Sea

  • Columns
    AMPI: Seafarers face critical risks in pilot transfer rigging

    AMPI: Seafarers face critical risks in pilot transfer rigging

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    human factor organizational safety

    Cracking the safety code: Why human factors matter

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

How to prepare for Cyber Security

by Cynthia Hudson
March 20, 2019
in Cyber Security, Opinions
cyber security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

During the 2019 SMART4SEA Conference, Cynthia Hudson, CEO, HudsonAnalytix, provided a discussion on Cyber Incident Response to share insight on immediate need to establish the method/means to respond to a Cyber Incident. Mrs. Hudson suggested that a response organization headed by an appointed Cyber QI or similar in the US, (CQI), Cyber Incident Response Team (CINT) and Cyber Incident Response Organization (CIRO) be strongly considered during the planning, training and exercise process of Cyber Incident Readiness.

I am lucky enough to be able to speak to you about an interesting topic that everybody knows it is there, but nobody like to talk about it. I hope that I will be able to provide you with some insights to help you understand and think about this problem.

I would like to start with a quotation from an US author: ‘Growth demands a temporary surrender of security.’ I am sure she was correct, but I am not sure she was talking about maritime security.

We, as a company, are in many areas of risk management, such as the environmental side, security and other key areas like TMSA, but we started to see about 5 years ago that cyber was going to be something important and understanding how the vessel owners we serve approach new problems like this, we said, well we better be ready, this is a new risk on the horizon and this is what we did.

RelatedNews

IAPH releases cyber security guidelines for new port technologies

ABS Consulting: Make cyber risk part of the daily safety conversation

Why are we discussing cyber risk? As I have heard many times, ‘It is not a regulation, we don’t need it. Nobody will tell us that we have to do it.’ Well, it is in regulations, it is in the ISM Code, not by name necessarily, but by the fact that you are already required right now to establish safeguards when you identify a risk.

If we agree that cyber is in fact a risk, what we have to do is to establish appropriate safeguards. Period. There is no question about it.

As far as the US is concerned, the Rear Admiral who started the investigation on this, has said that no additional regulations are required because the existing regulations already cover cyber risk. This is what he is referring to and I want to talk to you about the US context on this so that you understand what is coming to the US and then what you hopefully can do about it.

BIMCO understands what is happening and it is not only BIMCO. Just look CLIA, ICS, Intercargo, Intertanko, etc. Everyone has at least this time banded together and said this risk is real. How are we going to face it? BIMCO has come up with two things in particular: They have recognized that most shipping companies are going to need external assistance and that assistance is going to be like in other areas:

  • Before a cyber incident
  • During a cyber incident and
  • After a cyber incident

Another thing that BIMCO guidelines says is ‘Establish a team’. Does this sound familiar? That team needs to be established to take the appropriate actions. It has to be capable, in other words, not the guys you know around the corner, not the guy you trust and like very well, who had a graduate degree in IT. He may be good, but this is a capability-driven requirement. You’ve got to have capabilities. That team has to be identified in your plan. Do you have a plan? OK.

There is also the US Coast Guard. How many of you really realize that there are today reporting requirements by the USCG for a cyber incident? These are reporting requirements, not suggestions.

So if you are trading to the US and you experience an incident on your vessel or an incident that will affect you vessel, you need right now a reasonable chance of risk, a threatened incident; there is a reporting requirement now.

If you have reported a particularly serious incident, do you think the Coast Guard will say ‘Thank you so much, let us know when you have cleaned it up’? Probably not. Probably you are going to see them after you have reported and they are going to be asking some questions to you. We need to be aware of this because there is a bit of an attitude that, until a regulation has passed somehow, someway, we don’t have to do anything. We do not agree with that. We think it is now.

I wanted to give you a little insight based on a client of ours, a significant owner who had a significant breach and whom we have been serving on the assessment side. The best part is that an unnamed internal guy watched the IT manager googling ‘how to remove malware’. You can learn a lot of things on google, but perhaps this is not what you want to be doing on the day you just had a significant breach or three days later. So then he says ‘free removal tool from the internet’. Apparently, it did not work.

So what do we want to do?

Before an attack occurs:

  • Assess: Perform a cybersecurity capability assessment of your entire organization: How cyber secure are you, how capable are you, how mature are you?
  • Plan: Establish a cyber incident response (IR) plan. This plan has to be a real plan, based on your real vessels, on your real enterprise, your business, based on your real operating systems and your IT systems.
  • Train: Incorporate cyber risks into tabletop exercises. We had an awareness training. Is that all you need? No. Awareness training is great, but it is a starting point.
  • Integrate Plans: Data Loss Prevention (DLP), Disaster Recovery (DR) and Business Continuity Plans (BCP). Does the plan you have on cyber really work with the other plans that you are already using for your business? I suggest if you have a disaster plan, a data loss prevention plan or a business continuity plan, which it may be the most important of all in this particular case, that the plan is actually integrated?

Ask yourself as an Owner:

  • Who will be there in the middle of the night when the breach occurs? Prepare for the worst – establish cyber incident response capabilities
  • Who will cover our assets?
  • Who will speak for our company?
  • Have we appropriately transferred our cyber risk? Prepare now for cyber insurance (don’t assume you have full coverage)

These are some questions that you can ask in due time or your risk manager internally can ask.

We want to give you a solution set. This set is not going to be fully ‘baked’ for you until you have done these other things that we have suggested. But a solution set that we think is going to work for the US will start to look suspiciously similar to other things you have encountered in the past.

We are suggesting you essentially need a cyber Qualified Individual (QI). Don’t get upset with the QI as a regulated requirement today. The QI has an association with the US oil pollution and slots of other requirements, but what we are using it as is an indicator that you need someone to act on your behalf, who has been participating with you and is prepared to know your exact systems and your contingency plans.

This guy has to be pre-contracted and the other resourced you need externally need to be pre-contracted; you cannot get to know them the day of the breach. By the time the new expert learns that you may be up and running, I don’t know how many days or weeks, even months, the restoring can take.

So you may have, for example, a communications firm which is very good or an internal communications person. Don’t assume that this is going to cover you. It has to be an integrated response. The vessel and the owner have to act on a crisis management perspective when an incident occurs. The other stakeholders have to be brought in: Legal, Public relations, Insurance of course, and the port state and the local authorities have to be involved, because they are threatened by the breach experienced, possibly. Also, there has to be an independent cyber incident response organization.

I think it is suffice to say it is time to start, it is time to get ready, it is time to set yourself up for this continuous improvement and it is time to transfer your risk once you have done that by looking at what you do have covered and you can sustain yourself of and what you cannot.  And then you are going to look to a viable insurance company to provide the difference.

 

Above text is an edited article of Cynthia Hudson’s presentation during the 2019 SMART4SEA Conference

You may view her video presentation herebelow:

The views presented hereabove are only those of the author and not necessarily those of  SAFETY4SEA and are for information sharing and discussion  purposes only.


About Cynthia Hudson, CEO, Hudson Analytix

How to prepare for Cyber SecurityCynthia A. Hudson is CEO and founder of HudsonAnalytix, Inc., a global maritime risk  consultancy serving the maritime transportation sector, headquartered in the Philadelphia, US  and internationally from Piraeus to Jakarta. In 1986, Ms. Hudson founded what became HudsonAnalytix to provide emergency response, maritime project management and maritime consulting services to maritime transportation interests; oil and energy, vessel owners/operators and insurers for more than 100 oil and  hazardous material response incidents.  Hudson led the firm into maritime security for ports and vessels providing port vulnerability  security assessment work at hundreds of ports and facilities worldwide and in 2016 expanded  HudsonAnalytix’s cyber operations to design and deliver cybersecurity and cyber risk  management solutions to maritime clients and provide cybersecurity expertise to governmental  agencies. Well-known and highly regarded throughout the maritime transportation industry for her work  and contributions in her field, Ms. Hudson was most recently honored by the Organization of  American States (OAS) Inter-American Committee on Ports with the 2016 Maritime Award of  the Americas: Outstanding Women in the Maritime and Port. Ms. Hudson serves on a number of  Industry Boards, and is President of WIST A Delaware River & Bay Chapter and a Director of  the North American Marine Environment Protection Association (NAMEPA).

How to prepare for Cyber SecurityHow to prepare for Cyber Security
How to prepare for Cyber SecurityHow to prepare for Cyber Security
Tags: cyber securitySMART4SEAUS
Previous Post

The Marine Fuel Question: Is 2020 the end of the road?

Next Post

UK Club: How to deal with bullying and harassment on board

Cynthia Hudson

Cynthia Hudson

Cynthia A. Hudson is CEO and founder of HudsonAnalytix, Inc., a global maritime risk  consultancy serving the maritime transportation sector, headquartered in the Philadelphia, US  and internationally from Piraeus to Jakarta. In 1986, Ms. Hudson founded what became HudsonAnalytix to provide emergency response, maritime project management and maritime consulting services to maritime transportation interests; oil and energy, vessel owners/operators and insurers for more than 100 oil and  hazardous material response incidents.  Hudson led the firm into maritime security for ports and vessels providing port vulnerability  security assessment work at hundreds of ports and facilities worldwide and in 2016 expanded  HudsonAnalytix’s cyber operations to design and deliver cybersecurity and cyber risk  management solutions to maritime clients and provide cybersecurity expertise to governmental  agencies. Well-known and highly regarded throughout the maritime transportation industry for her work  and contributions in her field, Ms. Hudson was most recently honored by the Organization of  American States (OAS) Inter-American Committee on Ports with the 2016 Maritime Award of  the Americas: Outstanding Women in the Maritime and Port. Ms. Hudson serves on a number of  Industry Boards, and is President of WISTA Delaware River & Bay Chapter and a Director of  the North American Marine Environment Protection Association (NAMEPA).

Related News

BIMCO: Chinese seaborne dry bulk imports up 6% despite economic challenges
Shipping

ICS Barometer: Declining confidence in the face of instability

June 11, 2025
ABS cybersecurity
Cyber Security

ABS: 8 key steps for cybersecurity and operational readiness

June 4, 2025
The industry aims to end China’s monopoly on container production
Shipping

How the US – China tariffs shape the global trade

May 27, 2025
cyber security
Cyber Security

CyberOwl raises alarm on phising and malware campaign

May 23, 2025
Cyberattacks
Cyber Security

Marlink: Stronger policy and user awareness against cyber threats

May 21, 2025
cyber security
Cyber Security

USCG cyber security report finds improving landscape

May 21, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA