000007692 001__ 7692
000007692 005__ 20240531164756.0
000007692 02470 $$2doi$$a10.24868/issn.2515-818X.2020.051
000007692 035__ $$a4498257
000007692 037__ $$aGENERAL
000007692 245__ $$aCyber Security: Supply Chain Risk Management and Defense-in-Depth requirements for Maritime Systems
000007692 269__ $$a2020-10-05
000007692 336__ $$aConference Proceedings
000007692 520__ $$aCybersecurity for maritime operations requires a robust defense-in-depth approach from the initial sourcing of components, software, and systems; continuing through robust security engineering during the design, implementation, and deployment processes of those systems; and extending to proactive defensive measures of not only traditional information communications technology (ICT) systems but operational technology (OT) systems as well. Global connectivity has extended the risk of network attack even while a vessel is underway. Additionally, the long lifecycle of many maritime systems contributes to the challenge of defending outdated or no longer supported components and systems, (which are difficult to patch or totally unpatchable in many cases). Emerging standards and regulatory guidance are pushing the maritime industry toward compliance. These initiatives provide an opportunity to achieve improved operational practices and eliminate the underlying cyber security vulnerability as well. International bodies such as BIMCO, the Oil Companies International Marine Forum (OCIMF), and the International Maritime Organization&amp;rsquo;s (IMO) extension of the International Safety Management (ISM) Code and the International Ship and Port Facility Security Code (ISPS) are excellent resources to address cyber security risk. The new IMO guidance, adopted by the Maritime Safety Committee on June 16, 2017, as Resolution MSC.428(98), Maritime Cyber Risk Management in Safety Management Systems, encourages organizations &amp;ldquo;to ensure that cyber risks are appropriately addressed in existing safety management systems.&amp;rdquo;[1] Many experts recommend adopting one of several international security standards or frameworks already developed to help identify, assess, and mitigate cyber security risk; these include the International Standards Organization (ISO)/ International Electrotechnical Commission (IEC) 27000 Information Security Management Systems (ISMS) family of standards, the Center for Internet Security (CIS) Top 20 Controls, and the United States National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework. Another family of standards, the IEC 62443 Industrial Networks and Systems Security series of standards, have a direct application to shipboard automation and control systems typically found throughout a vessel&amp;rsquo;s propulsion, stabilization, electrical control, and deck machinery systems. Organizations can leverage a growing number of IEC 62443 compliant components, systems, and processes to help streamline the steps required for overall compliance and help address their underlying cyber security risk overall. This paper will focus on addressing supply chain cyber risk management for maritime operations and effective cyber security defense-in-depth practices for the vessel&amp;rsquo;s hull, mechanical, and electrical shipboard systems.
000007692 542__ $$fCC-BY-4.0
000007692 6531_ $$aCybersecurity
000007692 6531_ $$aSupply Chain Risk Management
000007692 6531_ $$aDefense-in-Depth
000007692 6531_ $$aIEC 62443
000007692 7001_ $$aJohnson, W$$uRockwell Automation
000007692 7001_ $$aWisniewski, B$$uRockwell Automation
000007692 773__ $$tConference Proceedings of INEC
000007692 773__ $$jINEC 2020
000007692 789__ $$whttps://zenodo.org/record/4498257$$2URL$$eIsIdenticalTo
000007692 85641 $$uhttps://www.imarest.org/events/inec-2020$$yConference website
000007692 8564_ $$9b48f909d-5270-4b42-94d3-8b56ade32304$$s1592448$$uhttps://library.imarest.org/record/7692/files/INEC_2020_Paper_80.pdf