New USMRC program targets maritime cybersecurity risks
The R.I.-based center partners with Cybrex LLC and industry groups including BIMCO
The following is the text of a news release from the United States Maritime Resource Center (USMRC):
(MIDDLETOWN, R.I.) — As companies and institutions have witnessed in recent years, no one is immune to cybersecurity breaches. From health care organizations to credit card companies, hackers are finding ways to infiltrate some of the most secure institutions in the world.
Cybersecurity breaches present a clear and present threat to everyone using electronic devices, and the maritime industry is no exception. Yet, to date there are no clear guidelines or best practices to protect ships that transport approximately 90 percent of all goods worldwide as well as the terminals where they are berthed.
Recognizing the possible vulnerabilities of these seagoing vessels, the United States Maritime Resource Center (USMRC) in Middletown, R.I., and its partner, Cybrex LLC, a maritime cyber assessment and testing firm in Hampton Roads, Va., have partnered with a number of leading maritime industry stakeholders in the development of the Maritime Cyber Assurance research program. This industry-centric initiative is designed to better understand the risks to IT-dependent shipboard systems through practical research and discovery. USMRC’s partners include BIMCO, the world’s largest shipowner’s association and the IMO’s lead on developing guidelines for cybersecurity; and the Liberian Registry, which provides USMRC with a large portfolio of vessel classes on which to conduct research.
“Critical systems and data are vulnerable to cyber disruption as they become integrated across cyber networks that connect ship and shoreside entities,” said Capt. Alexander N. Soukhanov, USMRC’s vice president of international shipping and maritime operations. “Our focus is on safe operations at sea and in marine terminals. It’s very important that this is an industry-centric initiative and to accurately translate research discoveries to operational and business risk.”
As part of this initiative to confront and understand risk in the maritime industry, USMRC is working with the U.S. Department of State Overseas Security Advisory Council (OSAC) Maritime Security Working Group (MSWG), of which maritime cybersecurity is an increasingly high priority among risks addressed by the MSWG.
Earlier this month, USMRC conducted the first cybersecurity exercise of its kind as part of the OSAC MSWG, with the participation of 20 executive-level representatives from the shipping industry, as well as senior representatives from the U.S Department of State, Department of Homeland Security and Maritime Administration. The program included information on the current state of cybersecurity and safety at sea, shipboard cyber vulnerability simulations, and discussions for the development of best practices and industry guidelines. The objectives were to:
• Familiarize participants with the complex range of organizations, processes and technologies that comprise the international shipping ecosystem.
• Expose participants to potential cyber vulnerabilities within maritime trade by demonstrating operational impacts through simulated cyber events.
• Explore the strategic and operational decision making and coordination required to effectively respond to cyber disruptions in the maritime industry, to include understanding the roles and relationships between the maritime industry and government organizations.
• Examine the opportunities and challenges associated with establishing maritime industry cybersecurity best practices.
This exercise is part of a larger initiative in promoting Maritime Cyber Assurance within the maritime industry. One of the key tenets for achieving cyber assurance is for the maritime industry to establish the exchange of information and the support of best practices development to mitigate cyber risk. The research USMRC is conducting, and the exercise it co-hosted with the OSAC MSWG, are key first steps toward achieving cyber assurance through this exchange of information that can ultimately mitigate risk to the entire industry.
USMRC is an independent, nonprofit organization with a niche focus specializing in navigation safety, maritime risk mitigation, human capital development and raising awareness of international shipping, maritime trade and transport. The organization is recognized as one of the world’s leading providers of marine operations research using real-time, man-in-the-loop simulation. From helping partners identify and mitigate security threats, to understanding how ports, vessels and crews can mitigate physical risk on board, our research team works with domestic and international partners to advance the field of maritime operations around the world.