Towards cyber security readiness in the Maritime industry: A knowledge-based approach

Synopsis: Cyber security refers to the ability to prepare for, react to and recover from incidents (i.e. attacks) initiated from an Internet-connected device against other devices or the information they contain. Recent developments in the cyber security field show an increasing number of industries becoming targets of cyber attacks. With vessels, terminals, ports and transport operators relying on increasingly integrated and interconnected information systems, the maritime industry is no exception. Incidents have already been reported where unauthorised or accidental access to systems (e.g. a vessel’s Automatic Identification System, AIS) have resulted in failure of critical systems with potentially catastrophic consequences including loss of life, environmental damage and revenue loss. Despite having a technical dimension, there is consensus in the fact that cyber security is no longer a technology issue. Cyber security affects and is affected by the industry’s internal aspects, functions and processes, as well as a wide range of factors including economic, environmental, legal and political issues to name a few. Local, national and international factors also become essential when implementing cyber security management strategy and driving people’s behaviour towards cyber security in the maritime industry. This paper will outline some of the major cyber security challenges faced by the maritime industry. It will then provide an overview of the key dimensions of a cyber security management strategy that could help the maritime industry learn from other sectors in the definition of a long-term, dynamic cyber security management strategy with focus on their people, processes and technology.