Sponsored By

Cyber-security - no longer the province of the computer fix-it guy

The messages from the ‘Cybercrimes on The High Seas’ session at the 2016 Seatrade Cruise Global event, moderated by Ernst & Young’s Tony Sibert, executive director in the advisory services area, is that cyber-security can no longer simply be in the province of an IT director, or the administrator of a particular network.

Mary Bond, Editor in Chief

March 16, 2016

2 Min Read
Credit: Seatrade Cruise News

Business of all types require true cultural shifts, where cyber risks are looked at holistically within the architecture of a business - with attention at the top executives at the C-Level.

Panelist Jeff Kramer of consultant Syzygy Solutions described the cruise shipping industry as offering a unique set of problems because all the normal business issues - multiple operational systems, safety systems and personnel management are overlaid with the need to create satisfying and unique experiences for passengers.

Joe Mitchell, senior systems engineer, BitSight Technologies, which rates the security effectiveness of different business, talked about security having its own eco-system, telling the audience ‘it goes beyond your own company…you need to look at vendors and customers.’

Part of the cultural change espoused by the panel involves fundamental re-architecting of business design; multiple panelists stressed that the ‘silo’ approach, where a particular system is looked at in isolation, will no longer work.  

Kramer talked about cyber is being ‘a collective network that has spread across the entire business,’ adding that ‘It’s very challenging because business focuses on individual processes, but cyber is systemic.’

US Coast Guard Rear Admiral Paul F. Thomas, whose responsibilities include Prevention Policy, offered analogies  to  fundamental changes in the nature of company architectures in response to earlier technological changes from sailing ships to steam powered vessels, saying: ‘Cyber is much more than security- it’s how we operate,’  emphasizing the need to think about the design and operation of cyber systems, just like other shipping systems, with design built in- well before the actual implementation.

Panelist Chris Scott from CrowdStriker Services recommended entering into retainer agreements (colourfully described as a “Break Glass” arrangement) so specialists could quickly be mobilized in the wake of an incident. Other panelists mentioned ‘Table top exercises’ to simulate cyber-catastrophes- again, not dis-similar to the environmental emergency preparedness drills that shipping companies regularly engage in. Still another panel member likened cyber preparedness to the lifeboat drills conducted on cruise vessels.

Kramer offered practical advice on navigating internal corporate landscape s- with the objective of getting needed internal resources to fix cyber problems. He said, that you need to put cases ‘into business terms, have a business conversation, talk about costs, opportunity costs and to emphasize the problems with the most serious consequences.’

He said that front line shipping teams with cyber problems to solve might seek a champion in the organization who can help have ‘a good business conversation’ in the language of the top executives.

The U.S. Federal government is reaching out to industry, with Scott Janezic, an official from the Federal Bureau of Investigation encouraging shipping companies in South Florida to develop relationships with law enforcement personal in advance of an incident, and to join local working groups such as Infra-Gard, a group spearheading cooperation between the FBI and private businesses.

About the Author

Mary Bond

Editor in Chief

Mary Bond is Group Director, Seatrade Cruise a division within Informa Markets and responsible for the Seatrade portfolio of global cruise events, print and online cruise publishing.

Mary is also the publisher and editor-in-chief of Seatrade Cruise News and Seatrade Cruise Review magazine.

Mary has worked in the shipping industry for 39 years, first for Lloyd’s Register of Shipping before joining Seatrade’s editorial team in 1985.

The latest cruise news, analysis and more straight to your inbox
Get the free newsletter read by industry experts