Session 1: Designing Security Frameworks
- Tackling challenges of varying cyber security demands from stakeholders guidelines: IMO, TMSA, regulators, and internal auditors
- Getting certified to ISO / alternate cyber-security standards
Session 2: People-Centric Approach to Cyber Security
- Best practices on crew awareness raising – what works and what doesn’t
- Cyber security vigilance management
Session 3: Improving Security on the Vessel
- Security Challenges of IT and OT systems
- Best practice on designing comprehensive onboard IT systems
- Combining Security Professionals and Engineers in Safety Assessments
- Communication Systems
Session 4: Maximizing Input from Technology Companies to Improve Security of the Vessel
- Challenges with technology onboard vs offshore
- Adjusting to specific work environment onboard
- Effective strategies on vendor involvement to improve security on the vessel
On one hand we have massive dangers, such as using a ship as a weapon – but do we need to worry about this, considering we already give seafarers control of the vessel?
On the other hand we have a consistent stream of phishing attacks, virus fraud attempts and viruses. But considering that operational software is actually not critical to operations in most companies, in that a shipping company could function for days just with paper and telephone if it had to, how much of a risk is that really?
And what do we do about ‘people’? It is common to hear security professionals complain about the silly mistakes that people make, but rather than send people on courses to hear advice they soon forget, it may be better to block USB drives and access to external e-mail, and implement software whitelists, rather than give people freedom and complain when they make mistakes.
There are some very specific risks – such as viruses on an ECDIS or GPS spoofing – which are possible to mitigate, so long as we are aware of them.
There are also some serious threats of attacks by government organisations, such as for tanker companies in service of national oil companies owned by target governments. But perhaps these attackers have better targets than shipping companies.
Our Athens Maritime Cyber Resilience Forum on May 7 aims to provide perspective about where the real threats are in the maritime industry, and what to do about them. .
Call for speakers – if you have interesting new ideas to discuss relevant to maritime cyber security, particularly common sense methods, and particularly if you are able to discuss your own or your company’s experiences with hackers and security, we would be delighted to hear from you. Please contact Vaida Stockunaite, conference producer, on firstname.lastname@example.org