CERP: A Maritime Cyber Risk Decision Making Tool

Abstract

An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber‐attacks. To tackle this rising risk the International Maritime Organization published high‐level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber‐incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber‐incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step‐by‐step procedure that guides a crew’s decision‐making process in the face of a cyber‐incident. This high‐level framework provides a blueprint for organisations to develop their own cyber‐incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.