Today cyber security is required to enable the safe and reliable operation of vessels. The most cost-efficient measure to improve cyber security is to roll out adequate training for crew and staff. But what is meant by “adequate” training?
Vessels are dependent on information and operational technologies (IT & OT) which are communicating with each other onboard vessels and with the outside world. The need for proper security arrangements around such systems is required to ensure the future of safe and reliable shipping.
Up to 90 % of successful attacks are frequently said to be caused by some type of human error or behavior. In reality, it is not that simple, and the blame cannot be assigned to one individual at a time. A typical cyber attack is only possible through breaking a series of different preventive barriers. These barriers can be divided into three different types – People, Processes & Technology. Beside training crew appropriately, certain crew members also need to be made familiar with their specific cyber security responsibilities and roles during normal operation and in case of incidents. Furthermore, in order to ensure proper operation and incident response, a vessel’s cyber security policies, procedures and processes must be aligned with the onboard IT & OT and correctly implemented.
To qualify as “adequate” cyber security training for the maritime industry must therefore do all of the following:
- Motivate the audience and highlight the fact that unsafe behavior often opens the door into systems even onboard a moving vessel.
- Communicate safe and unsafe behavior in plain and easy to understand language so that all crew members can understand it. The purpose is not to scare, blame or list a set of prohibitions, but to describe how to avoid typical threats and to enable safe and practical use of IT & OT.
- Allow people to learn from their mistakes and improve the three types of barriers – People, Processes & Technology.
- Use training as the first and last line of defense by teaching the crew how to react in normal operation and in case of an incident.
- Verify the effectiveness of the training through drills, tests and measurable goals.
In order to support the maritime industry DNV GL offers a series of different services to roll out adequate cyber security training, including:
- DNV GL and Gard Cyber Security Awareness Video
Free of charge 20 min awareness video to be downloaded here.
- Cyber Security webinar for maritime cyber resilience
An introduction to the current situation in the maritime industry to be downloaded here.
- Maritime Cyber Security Awareness E-learning
Four modules interactive training with verification tests after each module. For more information please follow this link here.
- Cyber Security in the Maritime Industry - General Awareness Training
One full day in depth class room training. For more formation please follow this link here.
- Tailored training courses
Applicable for a specific organization, according to specific roles and responsibilities (e.g. general user, system admin, cyber security officer, internal auditor).