Cyber Operators Course (Op) – Module 1
Introduction – Scaremongers v Reality 2
In private, ships masters and operators will admit to plenty of hacking incidents, however, this anecdotal evidence does not help a cash-strapped operator decide where to invest limited funds.
Hence, the industry is short of actuarial data with which to make risk-based decisions on cyber matters.
Your organisation and your vessels will be hacked in some form at some point. If you are well prepared, then the damage will probably be minimal; an irritation.
If you are not well prepared, it will be an expensive exercise, possibly business-limiting
Every single organisation of the thousands the writers of this book have dealt with has had some form of a hacking incident over the years.
Some involved data loss, ransom or corruption, others involved theft of monies or technical equipment, other theft of intellectual property.
“I have seen businesses go bust as a result of a hack, I have seen others brush off incidents as they were well prepared. Those who state that they have never been hacked, in my experience, simply don’t have the expertise or systems in place to know whether or not they had been.”
Ken Munro of PenTestPartners
.
*Above: Non reported near-misses is a well-documented issue in the wider Maritime Industry. Source of above image: www.Maritime-Executive.com
Cyber Operators Course (Op) – Module 1
Introduction – Differences between IT and OT systems 1
OT systems control the physical world and IT systems manage data.
OT systems differ from traditional IT systems.
OT is hardware and software that directly monitors/controls physical devices and processes. Think of it as a closed loop system, no external involvement, where you physically control one end to another.
IT covers the spectrum of technologies for information processing, including software, hardware, and communication technologies. Think of it as adding an external link that can control your closed loop. Such as a canal system that can now be opened from a different location. This is because it will now be controlled by a management system that will most likely be controlling more than just one canal system.
Traditionally OT and IT have been separated, but with the internet, OT and IT are coming closer as historically stand-alone systems are becoming integrated.
Now imagine the Canal system is run by computers for efficiency. Old “Operator” roles are now automated and connected to a bigger management system via the internet. More efficient with complete control and less physical work. However, should one element of the system break, it may have an impact on all the other elements. The analogy within shipping is that in a fully integrated bridge/engine/cargo management system, one element breaking may affect others. Now add in the idea of almost unlimited crew both on board and ashore have the ability to control any of those elements.
Cyber awareness is not just about the external hacker, it is also about the internal operator who may not be aware of the implications of their actions within a large integrated system.
Cyber Operators Course (Op) – Module 1
Introduction – Differences between IT and OT systems 2
Traditionally OT and IT have been separated, but with the internet, OT and IT are coming closer as historically stand-alone systems are becoming integrated.
Now imagine the Canal system is run by computers for efficiency. Old `Operator` roles automated and connected to a bigger picture via the internet. More efficient with complete control, less physical. However, should one element of the system break, it may have impact on all the other elements. The analogy within shipping is that in a fully integrated bridge/engine/cargo management system, one element breaking may affect others. Now add in the idea of almost unlimited crew both onboard and ashore have the ability to control any of those smaller elements.
Cyber awareness is not just about the external hacker, it is also about the internal operator who may not be aware of the implications of their actions within a large integrated system.