ONBOARD Magazine summer 2021

If security: physical, human - or indeed
cyber - constrains freedom of action,
it erodes the very peace of mind we are
supposed to engender
or places one’s trust exclusively in experts to create resilience
against complex and evolving threats that few really understand.
Two contrasting trends have emerged as a result: We either
delegate responsibility because we buy-in to the narrative that
one needs to be a cyber security expert to understand and
address all threats, or we allow ourselves to be convinced that
compliance is king. The danger of the first trend, is that it
infantilises seafarers; absolving us of responsibility for basic
good practice. The second sees compliance as the goal, rather
than a component of genuine resilience, which is a continual
process, not an end-state.
The way experts seek to bridge the understanding gap with
seafarers is, rightly, to draw attention the human dimension.
Yet this, too, is problematic, in that it errs towards emphasising
human vulnerabilities, rather than strengths. Acknowledging that
family, associates, and crew are a conduit, however unwittingly,
for malicious actors to breach one’s defences, there is a danger
that cyber assurance is compelled through suffocating measures.
The price of resilience must never be a toxic culture, in which
private individuals and those in their orbit, adopt an ‘us-andthem’
mentality, fostered on mutual suspicion.
Far better to educate and empower associates; incentivising them
to act as bulwarks for one’s protection against often intangible
threats. Yes, your greatest vulnerability is the pink squidgy
thing that forms the nexus between the vessel’s IT, OT an IoT
systems and devices, but they are also your first line of defence.
Education must therefore move away from tick-box compliance
(top tip: hackers really, really do not care if your crew have a
certificate…) and towards investment in a positive culture, in
which security – every aspect of security – is the responsibility
of all and the success of each voyage a shared endeavour.
Treating cyber threats as somehow unique, risks taking your
eye off the myriad other security challenges that haven’t gone
away, and are routinely employed synergistically, to find and
exploit gaps in your defences. The best suppliers equip you to
understand risk holistically, plan for mitigation and, critically,
develop a set of procedures to follow when your defences are
breached.
I firmly advocate inculcating a culture in which your people
exemplify, promote, and enforce best practice. Hackers need
our help. Seafarers are becoming familiar with the idea of social
engineering, or human hacking – the employment of sophisticated
psychological manipulation to trick people into disclosing confidential
information. It predates computers and is remarkably effective
because it exploits human nature – people are far easier to fool
than machines. The paradox is that the emotional intelligence
required to teach resilience to human exploitation, is often
mutually exclusive with the forensic expertise necessary to
counter purely technical cyber challenges.
Cyber-facilitated threats pose a clear and present danger to
people and assets in the maritime domain. Superyachts are
attractive for direct exploitation and vulnerable to the collateral
effects of attacks directed elsewhere. Glorious isolation within an
interconnected society is simply not an option, nor is it desirable.
The possibilities afforded by this brave new world of maritime
digitisation should be embraced and leveraged for good. To do
that, seek support from providers who listen, empathise, and
promote holistic resilience. Beneficial outcomes will surpass,
and endure beyond, the tempting, yet uncertain, reassurance
afforded by ‘compliance’.
For more details Tel: +44 (0)7930977825
or visit www.pdpmarine.com
102 | SUMMER 2021 | ONBOARD