Maritime Safety and Security SOP for Homeland Security Perspectives in Cybersecurity

Introduction
The maritime industry is increasingly moving towards the adoption of systems that rely heavily on digitization, automation, and integration (Hayes, 2016). The extensive use of advanced technological solutions in the maritime industry is driven by the urgent need to maintain the industry in sync with all other industries that seem to have a step forward in adopting technological solutions. As a result of this growth and development in technological solutions, the security of data and other sensitive information has increasingly become a huge concern for the industry (Bueger, 2015). Cybersecurity has become a priority for the maritime industry. With many of the operational and critical system having already been digitized, automated, and integrated, the concern has now shifted to how entities within the maritime industry should implement appropriate procedures and policies to respond to cybersecurity incidents effectively.
Background
Cybersecurity refers to the ability of entities to prepare for possible attacks initiated through the internet, react to those attacks, and be able to recover from those cyber incidents (Kimberly, 2018). Cybersecurity in the maritime industry is not an isolated development, and recent incidents such as the Estonia cybersecurity attack in 2007 and Stuxnet in 2009 should have served to demonstrate to the Maritime industry the disruptiveness of cybersecurity breaches (Herzog, 2011). Having had no major cybersecurity issues in recent times, the maritime industry seems to have let its guard down. The maritime industry has played down any of the legitimate fears of a potential cybersecurity attack, despite 90% of the world trade being facilitated by the maritime industry (Hoffmann, 2018). Expectations, competition, and tensions are at highest as different entities within the maritime sector to streamline their services, add value, and strategically try to meet the demands of their customers and those of global safety and sustainability. Despite the technical dimension, cybersecurity has, there a growing consensus that cybersecurity can no longer continue being treated exclusively as a technological issue. There is an increasing need that guidelines established to maintain an effective maritime cybersecurity framework adopt a commitment to people and processes too other the current exclusive commitment on technology (Fitton, 2015). The underlying commitment of this project is to provide a critical guideline of preparing for, dealing with, and responding to cybersecurity issues based on three fundamental pillars; people, process, and technology.
Literature review
Traditionally, attacks in the maritime industry, especially on ships, were often in the form of pirating, theft, boarding, and at times, destruction. Such attacks were hugely successful, especially in the Indian Ocean near Somali waters, where several ships were hijacked, held hostage and ransom demanded for the release of both the ship and crew. This became the norm as pirates appeared to realize how difficult it would be for the ships to call and receive help quickly (Hareide, 2018). With technological solutions being integrated extensively within the maritime industry, such threats appeared to be on the decline. The experience of mitigating those attacks for a while got the maritime industry thinking it had finally succeeded in making the industry completely safe and insulated from further attacks. Unfortunately, that sense of security and confidence started to be compromised as criminals started to exploit other means to disrupt the industry (Kalogeraki, 2018). With the industry keen on adopting technological solutions to ensure efficiency in the delivery of its services, criminals identified a way to cause disruption, earn financial gains, and exact their control in the industry (Kalogeraki, 2018). As the author further points out, cyber security attacks became the new vulnerability that could hurt the maritime industry to its core.
Cybersecurity attacks require the cyber criminals not to be at the scene of the attack as was required some years back. Cybercriminals who are miles away could cause damage and disruption to the maritime industry or part of it with a click of a computer button. The criminals need only expose a vulnerability, which then they will use to plant malicious content of maritime industry systems causing damage and ending up compromising the functioning of systems. Cybersecurity framework has heavily been interested in improving the technological aspect of cybersecurity and in the process, neglects the people and process aspects (Bowen, 2011). People in this facet, all individuals involved in the maritime industry, need to be made aware of the lurking security danger. The processes dimension argues the need to have in-depth conversations on how various approaches should be defined in light of the evolving developments of cybersecurity (McPhee, 2015). The technology aspect explores how various software technologies can be leveraged to mitigate cybersecurity risks.
The Purpose of the Project
The purpose of this project is to provide a critical guideline of preparing for, dealing with, and responding to cybersecurity issues based on three fundamental pillars; people, process, and technology. Having a guideline motivated by the three pillars; people, processes, and technology ensures that cybersecurity guidelines are covered from all possible fronts. People who often will be maritime industry staff have emerged as sensitive access points that have been exploited by cybercriminals (Hadlington, 2018). It's paramount, therefore, that the people in the industry are made aware, educated, and trained with valuable skills that will help them prepare, detect, and deter cybersecurity attacks. The maritime industry thrives on having efficient and effective processes. It’s the foundation upon which the industry manages to facilitate 90% of world trade and provide timely services to the millions of clients in the industry (Hoffmann, 2018). Technology encourages the industry to be on its toes developing new and better technological solutions to provide improved cover to critical systems in the industry.
Investigatory Procedures to Be Used
To investigate cybersecurity threats to the maritime industry, the project will review various resources on the subject matter. The researcher will access these documents from websites, public libraries, books, and data from already filled in surveys. In the same vein, some government and nongovernment agencies store information which this project can retrieve and use. Many organizations are likely to implement the findings of this project to ensure that their networks, data, and systems are safe from cyber-attacks. The researcher will provide the results to all institutions and organizations to allow them to practice by the proposed recommendations.
Conclusion
Cybersecurity concerns have largely been centered around technical protection measures, which largely dictate concentrating on physical security. This approach has hugely neglected the people and processes which have equally huge importance to how the industry detects, deters, and recovers from cybersecurity issues. The current cybersecurity concerns demonstrate the need to have people-oriented, procedural, and technologically oriented guidelines to ensure comprehensiveness of the contingency, response, and recovery plans.
References
Bowen, B.M. (2011). Measuring the Human Factor of Cyber Security. Rerieved from http://www.cs.columbia.edu/~bmbowen/papers/metrics_hst.pdf
Bueger, C. (2015). What is Maritime Security? Maritime Policy, 53, 159-164.
Fitton, O. P. (2015). The Future of Maritime Cyber Security. Retrieved from https://eprints.lancs.ac.uk/id/eprint/72696/1/Cyber_Operations_in_the_Maritime_Environment_v2.0.pdf
Hadlington, L. (2018). The "Human Factor" in cybersecurity: Exploring the accidental insider. Psychological and Behavioral Examinations in Cyber Security, 4(6), 46-63.
Hareide, O. S. (2018). Enhancing Navigator Competence By Demonstrating Maritime Cyber Security. The Journal of Navigation, 71(5), 1025-1039.
Hayes, C. R. (2016). Maritime Cybersecurity: The Future of National Security. Monterey, California: Naval Post Graduate School.
Herzog, S. (2011). Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses. Journal of Strategic Security, 4(2), 49-60.
Hoffmann, J. (2018). Review of Maritime Transport. New York: UNCTAD.
Kalogeraki, E.M. (2018). Knowledge Management Methodology for Identifying Threats in Maritime/Logistics Supply Chains. Knowledge Management Research & Practice, 16(4), 508-524.
Kimberly, T.K. (2018). Maritime cybersecurity Policy: The Scope and Impact of Evolving Technology On International Shipping. Journal of Cyber Policy, 3(2), 147-164.
McPhee, C.K. (2015). Cyber-Resilience in Supply Chains. Technology Innovation Management Review, 1-28.