There is no doubt the maritime industry’s awareness regarding cybersecurity has grown. Last month, we discussed the one-year anniversary of the NotPetya ransomware attack and the industry’s most visible victim, Maersk. Its business operations were stymied by this cyberattack, but the conglomerate was able to respond fairly quickly and eventually restore operations. Could all maritime organizations say the same?
According to IBM, 77% of businesses do not have a formal cybersecurity incident response plan (IRP) that is applied consistently across their organization despite heightened concerns over data breaches. No organization is exempt from cybersecurity threats. Having an established and rehearsed plan of action which a maritime organization executes after identifying a cybersecurity attack is crucial to limiting the potential operational and financial damage. An effective plan should be comprehensive, covering every aspect of the incident; from pre-planned response, detection and containment through to evaluating the implications, notifying the relevant parties to the extent necessary and finally taking remedial steps to ensure further incidents do not occur in future.
In an industry like maritime, any gap in commerce has far reaching implications on trade and supply chains. Picture a port facility’s cargo terminal closed to traffic or offshore operations getting shut down due to an industry control system (ICS) breach. According to the Ponemon Institute, the number of days it took for organizations to contain a breach in 2017 ranged from 10 to 164 days, with an average of 66 days. While Maersk was prepared, NotPetya cost the company as much as $300 million and disrupted operations for 2 weeks after immediately taking three container-related businesses offline. Very few maritime and port organizations can afford such disruptions without a severe impact to a regions commercial and economic viability.
In this 5-part blog post series, Gnostech will highlight key considerations for a cybersecurity incident response plan. It is not simply putting a plan together, but rather a life cycle. Gnostech implements an incident handling capability for security and privacy incidents that includes 1) preparation, 2) detection and analysis, 3) containment, eradication, and recovery, and 4) post incident activity which are the four phases of the incident response life cycle. This is a National Institute of Standards and Technology (NIST) standard as part of Special Publication 800-61 Revision 2, “Computer Security Incident Handling Guide.” See the incident response life cycle below:
Each month, we will go in-depth and cover one of the four key incident response phases. At the end of the day, it is vital that maritime organizations have the plans and polices in place to quickly and effectively respond to a cyber incident. You cannot just react when a data breach occurs, you must be proactive as well.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com or stay connected by following us on LinkedIn or @GnostechInc in Twitter.