{"title":"CERP: A Maritime Cyber Risk Decision Making Tool","authors":"E. Erstad, R. Hopcraft, Juan Dorje Palbar, K. Tam","doi":"10.12716/1001.17.02.02","DOIUrl":null,"url":null,"abstract":": An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber ‐ attacks. To tackle this rising risk the International Maritime Organization published high ‐ level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber ‐ incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber ‐ incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step ‐ by ‐ step procedure that guides a crew’s decision ‐ making process in the face of a cyber ‐ incident. This high ‐ level framework provides a blueprint for organisations to develop their own cyber ‐ incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.","PeriodicalId":46009,"journal":{"name":"TransNav-International Journal on Marine Navigation and Safety of Sea Transportation","volume":"8 1","pages":""},"PeriodicalIF":0.7000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"TransNav-International Journal on Marine Navigation and Safety of Sea Transportation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12716/1001.17.02.02","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"TRANSPORTATION SCIENCE & TECHNOLOGY","Score":null,"Total":0}
引用次数: 0
Abstract
: An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber ‐ attacks. To tackle this rising risk the International Maritime Organization published high ‐ level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber ‐ incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber ‐ incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step ‐ by ‐ step procedure that guides a crew’s decision ‐ making process in the face of a cyber ‐ incident. This high ‐ level framework provides a blueprint for organisations to develop their own cyber ‐ incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.