Summary and Conclusion
During recent years, the wider maritime industry (ports included) has been undergoing a digital transformation in order to effectively meet emerging business challenges, optimise existing business and operational processes, as well as introducing new capabilities, such as automation and real-time monitoring of operations. Especially in the maritime sector, a large volume of data is produced from a very extended pool of relevant sources (i.e. systems supporting the conduct of navigation and/or ship’s machinery, as well as related marine fleet management systems etc.), on a daily basis. This digitalisation trend has been based on the interconnectivity of Information Technology (IT) and Operation Technology (OT) assets and the introduction of new technological enablers, such as cloud computing, big data and Internet of Things (IoT). However, this phenomenon is also creating numerous challenges, since in an “interconnected world” the whole security chain is as strong as its weakest link. On the positive side, the various implications of Cyber Security have been discussed at the International Maritime Organization (IMO) and as a very timely response, the adoption of Resolution MSC.428(98), which aims to address cyber risks in the shipping industry, is pushing forward with the first initial step: raising awareness thought all involved stakeholders. Furthermore, this IMO resolution is creating a framework of effectively addressing cyber risks as a part of the already existing safety management systems, within the ISM Code. It clearly establishes the obligation of Maritime Administrations and concerned shipping companies to ensure that the existing safety management systems appropriately address cyber risks and cyber security for ships by their 2021 annual verification.
The field of risk assessment related to cyber security and especially with ICS/SCADA is a new and quite complex domain; concerned maritime personnel, most often receive “random” training offerings by several different manufacturers and are then expected to effectively deal with an extended portfolio of security incidents. In this paper, targeted knowledge areas that were considered as essential for certification were identified first; then, by using Bloom’s taxonomy and in combination with a work-based learning (WBL) approach, relevant training strategies were discussed and their advantages and drawbacks were also highlighted. Cutting a long way short, WBL is an educational method that immerses students in the workplace, prompting them to learn about the environment in which they’ll be working, and to complete typical tasks for the company. The WBL approach is relatively new in the maritime sector, but it looks like it fits with the particular complexities for security risks related with maritime SCADA. As it was already very clearly explained, WBL encompasses a wide portfolio of formal, non-formal and informal arrangements including apprenticeships, work placement and informal learning on the job. Needless to mention: the maritime industry is already relying on the job training and mentoring to create and further improve competencies in relation to the maritime profession; this transition towards WBL will not require a significant paradigm shift. Last, but not least, the “hot to implement” these particular training strategies should be included as a future research topic; examining more carefully the adoption of the “right” methods and tools for the concerned instructors and facilitating the easy understanding of the trainees must also be included into the portfolio of future investigations.
Table of Contents
- Introduction
- Importance of Cyber Security
- Knowledge areas
- Proposed curriculum development
- Summary and Conclusion
- References