See, Map & Fix
At Cydome Security we know that we can learn the most from listening to seasoned IT Managers, CISOs and CIOs at maritime companies.
In this series of blogs we will share what we learned from the discussions we have had with our clients and interviews we have conducted with the IT teams who are in charge of its fleet security.
You have told us that the complex environment is challenging to maintain. Managing multiple vessels(sites) with dynamic infrastructure – which are constantly on the move, without any hands or IT personal onboard to assist – is a enormous challenge. Without tools that allow cross fleet management with discovery, monitoring, and assessment it’s an almost impossible task.
VISIBILITY – “Today, it’s extremly challenging to understand the exact state of each vessel, I want to see the status of everything we have on board and a total overview of the entire fleet”.
Vessels have complex network environments, increased digitization with a complex mix of both legacy and modern devices, systems and applications. IT teams have indicated their need to monitor a solution which accurately identifies and tracks all assets connected to the network on board every vessel. This is crucial to better identify threats. The key is to have a quick and instant overview of each of the vessels and the fleet as a whole.
MAPPING – “What should we prioritize ? “
You also indicated that you want to know which of the assets are most vulnerable to cyber attacks and prioritize their protection.
The way to do this is by mapping all assets and conduct a recurring attack simulation on the vessel to better identify their vulnerability criticality. The process should be conducted automatically to:
- identify vulnerabilities
- assess the risk posed by cyber threats- Critical/Medium/ Low
- determine the impact that a potential attack could have on their operations.
The risk analysis should be conducted according to maritime cybersecurity standards, such as the International Maritime Organization’s cyber security regulation ,BIMCO, TMSA3, NIST and others. As such, the risk assessment should be done effectively and automatically.
MITIGATION – “ We want to prevent attacks before they happen.”
You mentioned that knowing is not enough, and there have to be embedded mitigation steps so you can quickly and easily mitigate threats. This should be able to be operated by any of the IT team who will be able quickly understand what needs to be done. The alerts have to be given with the mitigation recommendation in real time. As you have indicated, that is a real game changer.
It is essential that there is continuous Attack Simulation (vulnerability scanning) so that vulnerabilities are reported and mitigated – all to increase the fleet’s cyber security resilience.