search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Additionally, each port will have different OT systems due to its particular purpose - a cargo port for example will have more OT systems supporting the movement of shipping containers, whereas a cruise terminal will be focused on supporting the movement of people and will be mainly IT based.


As new technologies are


developed, they are often added as enhanced ‘bolt-on’ functionality to legacy OT systems built in the late 1990s or early 2000s; the beginning stages of automation.


In more recent years, these legacy OT systems have been connected to the internet to provide stakeholders with remote access to control and monitor the systems. And while the increasing digitalization and automation of systems and processes may deliver the prospect of greater efficiency and competitiveness within organizations, it can also create the opportunity for greater cyber risk exposure through increased potential ‘attack surfaces’ – the ways in which cyber-attackers can penetrate systems.


Organizations impacted by the new rule will need to demonstrate their ‘Cyber Resilience’ by being prepared, ready and able to defend and recover from any cyber incident that could threaten safety, security and productivity.


The IT/OT convergence can however cause boundaries to blur between IT network functions and OT critical control functions, making it more challenging for operators to fully understand how their systems interact with one another.


In a worst-case scenario, this misunderstanding could prevent the quick restoration of operations in the event of a cyber incident within a ship or facility network.


Key Steps to Improved Cyber Resilience


So how do you develop a more resilient Cybersecurity Program? There are four key areas an organization should consider – asset management, configuration management, vulnerability management and detection and response management. It can achieve this through:


- Securing what you know - Assessing criticality - Committing to continuous improvement


- Evaluating manual versus automated options


A key success factor is the collaboration between OT and IT operations to identify and bridge any gaps. All too often, OT and IT have worked in silo and have competing priorities in terms of availability and security. To create a robust cybersecurity program, these areas must work in harmony and be viewed holistically.


Equally important is the


engagement of Original Equipment Manufacturers (OEMs) and vendors in the cybersecurity program. Developing key relationships with these stakeholders is essential to ensure that cybersecurity measures are comprehensive and effective. By collaborating with OEMs and vendors, organizations can gain valuable insights and support in securing maritime operations.


Contracts with OEMs and vendors should be revisited and modified to include specific cybersecurity requirements. This involves defining roles and responsibilities, setting security standards, and establishing protocols for incident response and information sharing. By embedding these considerations into contractual agreements, organizations can facilitate each step required to enhance their cybersecurity posture.


In summary, a resilient cybersecurity program is built on the foundation of collaboration—both internally between OT and IT, and externally with OEMs and vendors. This integrated approach ensures a unified and proactive defense against cyber threats.


Step 1 – Visibility and control - securing known assets Securing assets begins with comprehensive documentation. Conduct an audit of your IT and OT networks to identify all hardware and software, gaining a deeper understanding of potential vulnerabilities and attack vectors. Consider how assets interact across the network, such as those that routinely leverage USBs for data transfer or those accessed during third-party vendor maintenance.


Step 2 – Assessing Criticality Criticality looks at which assets within an organization are most critical to mission priorities and operations. This will be unique to every organization and will take the collective effort of engineers, operators and business operations to truly define. Understanding the crown jewels of your network infrastructure and business applications can allow organizations to focus their effort and funding toward securing the most critical assets first.


Step 3 – Committing to the Process The process should be dynamic, with criticality at its core. Implement a Management of Change (MOC) process to evaluate, identify and manage risks before making significant changes. This helps to ensure that updates are documented, tested and implemented with minimal disruption to operations. Emphasize traceability, accountability and risk mitigation.


Cultural openness to change is essential for integration. OT risk management should be considered as important as IT risk management. This approach can help bridge the gap between IT and OT silos, helping to improve safety, security and compliance with new regulations.


60 | ISSUE 111 | MAR 2025 | THE REPORT


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132  |  Page 133  |  Page 134  |  Page 135  |  Page 136  |  Page 137  |  Page 138  |  Page 139  |  Page 140  |  Page 141  |  Page 142  |  Page 143  |  Page 144  |  Page 145  |  Page 146  |  Page 147  |  Page 148