Question

Brief description of assessment task

This task requires you to conduct an investigation of serious security management issues in corporate organisations. To complete this assignment, you will be required to work with other students as part of a team to apply prescribed management and audit procedures as well as analysis of roles, duties and privileges based on the case study information provided below.

Reflecting on the feedback provided to you for assessment tasks 1 and 2, your team will be required to prepare a security management report based on the findings of your group investigation of the fictional case study and use knowledge of IT security policies, risk assessment and risk management processes to prepare a report of approximately 3000 words.

You are also required to identify personnel security, training, security education needs, and associated legal and ethical awareness recommendations.

Case study

As the shipping industry moves into a smart-shipping era, the risk of cyber threats is at an all-time high.

Digitalised ships, increasing interconnectedness, the extended use of electronic data exchange and electronic navigation increases the likelihood of cyber-attacks in variety, frequency and sophistication against cyber enabled ships.

Cyber threats are one of the most serious economic and international security challenges facing the maritime industry today. The need for protection and security enforcements to mitigate the threats is more important today than ever. Guidelines to support secure cyber operations and contingency plans to be followed in a case of cyber incident have become necessary.

Peer- and self-evaluation

This is a team-based assessment task. Each team member will be required to demonstrate evidence of their contribution and performance in the team by rating their own and other team members’ contribution in SparkPlus.

The rubric you’ll be using to rate your own and other team members’ contribution is based on the

following criteria:

• Working with others
  1. Contributed to the team agreement
  2. Listened and allowed others to share ideas
  3. Was respectful of others’ ideas
• Contribution
  
  

  1. Provided useful ideas
  2. Participated in group discussion
  3. Completed the tasks they committed to .

• Focus on task
  1. Punctual to all team tasks
  2. Self-motivated to work to the team agreement
  3. Used group time

What do I do now?

• Contact your team members (your educator will provide instructions about setting up your team).
• Read the case
• Start collecting and researching
• Think
• Develop the report in Microsoft Word
• Make sure you look at the assessment rubric and the unit learning outcomes to
• ensure that you understand what you are being assessed (and marked) on. 

Report structure

This group assessment task requires you to prepare a single team report of approximately 3000 words based on the case study provided, which must include:

• a description of the IT environment linked to Cyber Shipping
• a list of risks, threats and possible countermeasures linked to Cyber Shipping
• develop findings on how to secure ships in a cyber context
• a review and reflection on the findings, and to propose justified recommendations to secure ships in a cyber

Answer

Introduction

Cyber security has been an important for the application of information technology in various fields.  Different cyber rusks and threats are prevailing in the marmite with the implementation of information technology. In the shipping industry, information technology has played an important role in providing a quality transportation services. Modern technology have helped in creating digitalized ships and increase in the exchange of data and information. However, this have increased in cyber-attacks and variety of threats in the internet. The Cyprus Shipping Chamber has been facing various IT security risks and threats due to the implementation of the digitalization and information technology. This report has focused on the cyber security issues in the shipping industry.  This report outlines about the different strategy for mitigating these issues related to the cyber issues in the shipping industry.

Description of IT environment

In the modern world, ships have been integrated with information technology and relying in integration, digitalization and automation. These advancement in the shipping industry have been helping in providing a keen approach towards the benefits and quality transportation through water. However, this integration system has been increasing the accessibility of the ships for transportation (Bonaci et al. 2015). The safety, environmental and commercial consequences of the cyber security issues have been significantly affecting the shipping industry.  The response to increasing cyber threat have been supported with various group of stakeholders in the companies.  The stakeholders are responsible for maintaining the cyber threats included in shipping industry.  The use of various information technology at different parts of the ship have been helping in different ways for providing a better (Bush et al. 2015).  This case study has been showing a real scenario of the implementation of information technology at various parts of the shipping industry. With the implementation of the I technology in the shipping industry.  The cyber threats have been creating several issues in the shipping industry.  Risks involved in the shipping us dustsr have been identified in order to mitigate issues in the shipping industry. 

The International Maritime Organization (IMO) has able to develop some policies in order to provide strategies for the development of recommendation to mitigate maritime cyber risks. The risks management to procedure in the maritime industry have been initiated by this organization that have helped a lot to reduce cyber threats in the industry (Thakur et Al. 2015).  Cyber security has been a major threat to the shipping industry.  The information technology have helped in storing data and information of the persons on the shop and others staffs.  Therefore, this data an information is important for the shipping company as the ship will be in the middle of the sea.  The security of the ship and staffs on the ship have been dependent of the data and information.  The use of the information technology have helped in storing data and information over the cloud and online database. Therefore, it creates a huge risks for the cyber threats and risks in shipping industry.

NIST framework

The National Institute of Standards and Technology framework has been helping in developing guidelines for providing security to data and information.  The NIST focuses in the understanding, managing and expressing cyber security of data and information both externally and internally (Glantz et al. 2014).  The stakeholders of the organization have been responsible for the security of the data and information in the market.  The use of the NIST help in providing actions in reducing cyber security risks. Therefore, it helps in aligning policy and technological approaches.

Cyber Security Management

Cyber security is concerned with availability and integrity of the safety of data and information in the shipping industry.  The use of the cyber security management in the maintaining and monitoring the security risks sin the shipping industry.  The use of the cyber security management include various steps and stages that have been discussed below:

Plans and procedure

Planning helps in creating and maintaining a different approach to the security assessment of the company.  The company operates 100 ships including that include tankers, bulkers and container ships. The company directly employ over 3000 employees in seven offices worldwide.  Therefore, it becomes difficult for the company a huge amount of data and information.  The use of the online database helps in maintaining a proper record of information of employees (Borders, Syrowik David 2015). The cyber security has been creating threat for the owners, stakeholders and other board of directors of the company.  Therefore, cyber security has been an important topic for the company to secure their data and information from the hackers.

 Company employees, port agents, service vendors, equipment manufacturers, and crewing services do introduce a significant cyber security risk for a ship’s commercial operations due to the large number of persons routinely visiting the ship or joining as crew (Amini et al. 2015). These ship visitors are often routine in nature and are left minimally monitored while they complete their tasks onboard. There is no company cybersecurity policy in place for ship related services that use the ships network. Therefore, there is a requirement to identify major risks involved in the shipping industry related to the cyber security.

The company is currently undergoing to through a transition from the current fleet broadband communication systems to a higher broadband capable VSAT system.  This change in the system might help in maintaining and monitoring cyber security of the ship (Malhotra 2015).  The rapid development in the maritime industry have been depending in the satellite communication coverage.  Therefore, this might help in connecting directly to the receiver section of the ships.  Ships are no longer protected by an air-gap from external systems. Today, an estimated 30,000 vessels globally have equipment providing them with constant internet access, which is an increase from only 6,000 in 2008. However, cyber security focuses on the security of the networks and information stired in the ship database (Hong et al. 2015).  The communication process in the ship depends on the satellite communication.  Therefore, there is a chanced of tracking and intercepting the data and information during communication.

 This might create an issue and loss to the company.  The security of the ships in mid ocean becomes difficult (Carr 2016).  The VSAT broadband ability of different ships have been maintaining internet connection in the ships.  The use of internet connection in the shop might help in providing a various tendency to improve communication in the ship. Various malwares attacks are the main threat to the ship.  The communication in the ship might get hampered by the malware attack in the network (Conti, M., Dargahi and Dehghantanha 2018). However, the Board of Directors has helped in maintaining the cyber security of the network.  Therefore, cyber risk management include following data and information:

• It helps in identifying the roles and responsibilities of users, key personnel and managing bith on shore and abroad.
• It helps in identifying assets and systems with proper assets and capabilities that might create risks for the operations of ships and safety.
• It helps in implementing technical measures for protecting against a cyber-incident for ensuring continuity of operations. This may include training and awareness, software maintenance, remote and local access, access privileges, use of removable media and equipment disposal.
• It helps in implementing activities for preparing and responding to the cyber problems.

Network Security issues

There are various network issues can be identified in the organization:

Cyber-attacks

Cyber attacks have been the most widely recognized dangers in the system of the organization. There are different instances of Cyber attacks in the association. Different destructive infections and malwares can attack the system server of the organization and cause Cyber attacks (Perlman, Kaufman and Speciner, 2016).

                                                                                                                Figure 1: Attack techniques

                                                                                                Source: Perlman, Kaufman and Speciner, 2016)

DoS attack

A denial of service attack is an attack that arrangements with closing down of system server o the organization. This attack may shut down a machine or a server for all time by harming the web design. It centers in the private information and data of the association in the market. This may diminish mark estimation of the organization in the market (Kizza, 2017).

                                                                                                                               Figure 2: DoS attack      

                                                                                                                            (Source: Kizza, 2017)

Phishing

This attack focuses on the individual data of the clients including the username, passwords, managing an account data and other individual data. This attack is basically finished with the assistance of spam messages that are sent to the clients. At the point when the clients open that spam mail. All the login qualifications are sent to the programmers (Acemoglu, Malekian and Ozdaglar, 2016). This can be a hazardous or the organization, as there are various sends are gotten on their mail id.

                                                                                                                    Figure 3: Phishing attack

                                                                                                  (Source: Acemoglu, Malekian and Ozdaglar, 2016)

Cloud attacks

Cloud computing have been a developing innovation everywhere throughout the world. By and large, the greater part of the organization are keeping up and putting away their information over the cloud. In this way, different programmers that have focusing on cloud for breaking out information and data (Beberlein et al., 2017). The attacks in the cloud have been an incredible effect in the advancement of the organization. Cloud attacks have been regular over the web as the vast majority of the organizations are accessible in the cloud.

                                                                                                                                 Figure 4: Cloud attacks

                                                                                                                         (Source: Beberlein et al., 2017)

Network Security Model

The proposed arrange security show is of seven layers that aides in partitioning the assignment in the system framework. This model has been a nonspecific model and can be pertinent to various security gadgets. The seven layers of the system security show incorporate Physical, VLAN, ACL, Software, client, Administrative and IT Department.

Physical layer

The physical layer centers in the security of the system at physical level. It can be actualized to the physical security for keeping them from getting to an office to pick up put away on PCs and servers. Clients get associated with the frameworks through physical layer. Be that as it may, physical layer has been the most effortless layer in the model (Frigault et al., 2017).

VLAN

The VLAN layer alludes to the support and making of the virtual neighborhood. The VLAN help in keeping up the security of different frameworks associated together. These associated PCs and different gadgets get attacked by various infections and interlopers for rupturing out information and data from the system. The VLAN deals with general society and private system (Knapp and Langill, 2014). VLAN helps in making an ensuring over the systems that aides in shielding them from outer interlopers in the system.

ACL Layer

The Access Control Lists or ACL is security convention introduced in switches and firewalls. This aides in permitting and denying a specific demand on various servers and hosts. Client can put a solid access control records to confines a portion of the sites and servers to be gotten to from the gadget. This aides in limiting the passage of hurtful components in the systems (Larson et al., 2016). This layer helps in giving security of the product utilized as a part of the framework. It ensures the area controller that aides in keeping up the security of the space names of different server over the system.

Programming layer

The product layer has been concentrating on the refreshing programming introduced in the gadget. Redesigned patches encourages in giving security to the new dangers over the web. The utilization of the product layer helps in keeping up the propelled rendition of different programming that expands productivity of the gadget utilized as a part of the system (Kizza, 2017). In the event that a host is legitimately refreshed and fixed accurately, a client layer attack can be confined in the system.

Client Layer

The client layer have concentrated on the preparation and information of the client over the security in the system. The client needs to comprehend the back idea of the system security over the web. The learning and preparing over the system security helps in limiting the dangers and dangers over the system. The client has to think about the vulnerabilities that can be executed on the system (Acemoglu, Malekian and Ozdaglar, 2016). A system security expert may help in giving preparing and information about system security issues.

Managerial Layer

The managerial layer centers around the preparation and inspiration of the regulatory clients. This layer incorporate every one of the individuals from administration. In this way, the managerial clients should be taught with the learning of system security and attempt to distinguish issue in the system of the association.

IT Department layer

The IT division layer contains all system security experts including professionals, modelers and bolster authorities. The IT division layer have the entrance to peruse and compose any information and data from organize (Knapp and Langill, 2014). This aides in getting to the security conventions of the system. Its nonappearance office layer stick make chances in the system identified with the money related loss of the organization in the market. These headway in the delivery business have been helping in giving a sharp approach towards the advantages and quality transportation through water. Nonetheless, this mix framework has been expanding the openness of the boats for transportation. The wellbeing, ecological and business outcomes of the digital security issues have been fundamentally influencing the delivery business. The reaction to expanding digital danger have been upheld with different gathering of partners in the organizations. The partners are in charge of keeping up the digital dangers incorporated into transportation industry. The utilization of different data innovation at various parts of the ship have been helping in various routes for giving a superior. This contextual analysis has been demonstrating a genuine situation of the execution of data innovation at different parts of the transportation business. With the usage of the I innovation in the transportation business. The digital dangers have been making a few issues in the delivery business. Dangers engaged with the shipping have been distinguished so as to relieve issues in the delivery business. The International Maritime Organization (IMO) has ready to build up a few approaches with a specific end goal to give techniques to the improvement of proposal to alleviate oceanic digital dangers. The dangers administration to strategy in the sea business have been started by this association that have helped a considerable measure to diminish digital dangers in the business. Digital security has been a noteworthy danger to the delivery business. The data innovation have helped in putting away information and data of the people on the shop and others staffs. Subsequently, this information a data is critical for the transportation organization as the ship will be amidst the ocean. The security of the ship and staffs on the ship have been reliant of the information and data. The utilization of the data innovation have helped in putting away information and data over the cloud and online database. Subsequently, it makes a tremendous dangers for the digital dangers and dangers in transportation industry.

Conclusion

It can be concluded that cyber security has been an important part for shipping industry. The use of cyber security in the shipping industry has been creating problems for maintaining network system in the ship.  Various cyber threats have been discussed in the report that might help in identifying the rims and cyber threats in the shipping industry. The use of various cases in the shipping industry have been discussed in the report. The support of stakeholders in maintaining cyber security in the shipping industry have been discussed in the report.  The use of various strategies for mitigating these issues have been explained in the report. Different cyber security to threats and risks are discussed properly.  These threats have been helping in creating strategies for mitigating them.  A network security model have been proposed for mitigating the network issues and communications. There are few recommendations provided in the end of the report for mitigating the cyber threats and risks involved in the shipping industry.

Recommendations

There are some recommendations for maintaining and mitigating the cyber issues in the shipping industry. Some of them are as follows:

Firewalls: Firewalls are the tools that help in restricting harmful viruses and malwares form entering into the network of the system.  Firewall creates virtual wall around the system that restricts harmful viruses and allows only limited important information that stored in the system.  The use if the updated firewall helps in detecting the viruses in the network system.  The use of updated firewalls helps in maintaining the security of the systems and networks.  The use of firewall help in maintaining the security of the system.

Antivirus: Antivirus helps in detecting viruses and malwares in the networks. The use of various antiviruses in the networks helps in detecting and removing harmful viruses and malwares in the networks.