Yesterday the Coast Guard published a copy of “The Application of Cybersecurity Principles to Marine and Offshore Operations” on their Homeport web site (sorry the CG does not use real links on Homeport – You can find this under the Cybersecurity tab). The publication is apparently the first volume in a series of publications on maritime cybersecurity being published by the American Bureau of Shipping.
A quick look at the table of contents looks like the 35-page publication covers the basics of cybersecurity (both IT and OT). It will be interesting to see what specific changes are being recommended for the maritime environment.
There is a nice brief discussion about cybersecurity in general in the first section of the publication. It makes a significant comment that applies to a variety of environments beyond just the maritime (pg 2):
“Most organizations arguably understand the need for protecting and monitoring cyber-linked business support and control systems. Even so, the breadth and complexity of protecting such systems may present a daunting challenge to many organizations that do not have a comprehensive picture of cybersecurity.”
There is also an important discussion of how cybersecurity and safety intersect, particularly in cyber-physical systems (CPS). The authors make an important point (pg 3):
“A cybersecurity incident on a ship, on a platform, or within a facility, might result from system fault or failure, operator error or inaction, inadvertent conflicts in incompatible software, or deliberate malfeasance or malice. Any such incident may result in intrusion or malfunction in a general purpose network, resulting in a cascading failure that can spread into ship or platform CPS to cause unexpected consequences for any number of systems.”
This looks like a document that will be well worth reading by anyone in control system management as well as cybersecurity professionals. Certainly the maritime community should, as the Coast Guard intended, take a specific interest in this publication and the remainder of the series as it becomes available.