OP/EDSpotlight: Cyber Risk ManagementBy LCDR Jennifer Osburn and LCDR Josh RoseAn increasing number of systems on ships and at marine facilities depend on cyber technologies for routine operations. Osburn RoseWhile cyber technology has improved ef? ciencies in the ing risks, and coverage for life threatening events. These marine industry and around the world, it has also created activities correlate to cyber risk measures you can enact to potential vulnerabilities. safeguard your vessel. For example, the towboats that move goods through the Western Rivers and along our coasts rely heavily on elec- P V SROTECTION OF ITAL YSTEMStronic navigation systems, including Automatic Identi? ca- Parents stress to their children the importance of wash-tion System (AIS) and Global Positioning System (GPS), ing their hands, not talking to strangers, and eating fruits to safely transit around riverbends, capes, and shoals. and vegetables. Like washing your hands, practicing cyber In addition to signal interference, such as jamming, the hygiene reduces risk of infection to your IT infrastructure. software systems that integrate and display the signals are Not talking to strangers is the equivalent of not opening vulnerable to various types of malware. Propulsion, cargo, emails or attachments from unknown sources. In addition ballast, communications, and other systems on vessels and to your own security practices, scrutinize any outside orga-shore facilities have similar vulnerabilities. Even systems nization’s security practices that might be tied to your own “not connected to the internet” are vulnerable if a careless system. Just as it is important to put healthy foods in your employee plugs in an infected phone or thumb drive to an body, it is equally important for operating systems to have USB port. updated software and security programs. Educating em-Mariners and facility operators are learning to include ployees on proper cyber practices is a proactive approach ‘cyber’ in the risk assessment activities they perform on to increase your vessel’s cyber resilience. The U.S. Depart-every watch and shift. Understanding the interconnect- ment of homeland Security’s Industrial Control Systems edness of cyber with vessel operations illustrates the rela- Cyber Emergency Response Team (ICS-CERT) (https://tionship of dependence and vulnerability we all face with ics-cert.us-cert.gov/) offers information and recommend-regards to a cyber failure or attack. To help picture this ed practices on many of these topics.relationship, think of your vessel’s cyber risk management ISK ULNERABILITY SSESSMENTplan as the preventive measures and incentives you take R & V A to ensure your personal health and well-being. In general, Assessing your vessel’s cyber vulnerabilities is like get-a healthy lifestyle includes preventative measures, assess- ting regular check-ups to identify your risk factors to-September 2015MN18