Building cyber resilience
29 Aug 2022
As you read these words, a variety of software technologies are silently working to enable your business to function smoothly and efficiently
Technologies like Email, External Supplier Access, CRMs and the Cloud have become fundamental to running our businesses. Without them, we could not achieve the reach, quality and distribution needed to be successful in the modern world.
Software has become pervasive. As Marc Andreesen, co-founder of Netscape, quipped, “Software is eating the world”!
Digital solutions are now multiplying at every stage of the maritime and yachting chain. Furthermore, the pace of change has been accelerated by COVID: many companies took advantage of the pandemic to improve their previous legacy infrastructure, and switch from paper to screen.
However, each time we introduce a new software and new capabilities we also increase our “attack surface”. In other words, the portion of the company which is exposed to cyber-attack, software errors and IT incident.
The pervasiveness of software, and our dependency on it, poses a tangible risk to our business. As we did for financial and safety risk in the past, we must now reduce our exposure and develop strong ‘cyber resilience’.
RINA has already been working for many years in this area, creating a dedicated Digital and Security Department for existing digital capabilities in shipping.
Furthermore, new risk is emerging on the operational side for both pleasure and cargo vessels, as well as port and terminal operations.
Vessel operations are now heavily supported by AIS, ECDIS and Safety Management Control systems, while Ports and Terminals are increasingly dependent on Passenger Management and Cargo Management systems.
In addition, government authorities and regulators are increasingly concerned with cyber risk and are continually issuing new mandatory frameworks and regulations.
These include IMO guidelines, additional IACS notations, supplemental ISO standards, critical infrastructure regulations, privacy laws and, last but not least, BIMCO, InterManager and SYBAss
advisories. This is just to mention the most relevant.
This has introduced an additional dimension to the cyber question. We are starting to realise that digitalisation will be an endurance sport, not a sprint!
To make this journey, we believe a few clearly defined objectives are the first steps to success.
This includes a real commitment from Management, which clearly identifies cyber roles and responsibilities within the company. There must be a formal recognition of risk acceptance by the Board of
Directors, and one that provides an adequate and financially sustainable budget across a defined timeframe, typically between 18 and 24 months.
Companies must take a pragmatic approach to risk management, with a programme which identifies both the risks and the appropriate mitigation.
This approach will enable businesses to navigate through the new uncharted waters and adapt to the constantly changing maritime environment.
