Cyber Security - Understanding Your Threat Landscape

Authors
John M. Jorgensen (ABS) | Kevin P. McSweeney (ABS)
DOI
https://doi.org/10.4043/28933-MS
Document ID
OTC-28933-MS
Publisher
Offshore Technology Conference
Source
Offshore Technology Conference, 30 April - 3 May, Houston, Texas, USA
Publication Date
2018
Document Type
Conference Paper
Language
English
ISBN
978-1-61399-571-6
Copyright
2018. Offshore Technology Conference
Disciplines
7 Management and Information, 7.2.1 Risk, Uncertainty and Risk Assessment, 7.2 Risk Management and Decision-Making
Keywords
System Complexity, Human Error, Automation, Human Factors, Cyber Security
Downloads
1 in the last 30 days
216 since 2007
Show more detail
View rights & permissions
Price: USD 12.00

Automation provides many new and improved abilities for ships and offshore assets. Automation is more than the mere replacement of the functions of older (less optimal) systems; it requires system interoperability and integration. Interconnectivity of multiple systems adds new risk factors to the system as a whole. Two key risk factors are cyber security and system complexity.

At a high-level, cybersecurity means understanding your systems and processes, your personnel's capabilities and limitations, as well as thoroughly evaluating your threat landscape. In other words, system owners must have a keen understanding that there will always be new threats to counter, and new technologies to harness.

With improvements in cyber security systems, employees are now the preeminent target, thus making them a substantial vulnerability. Through negligence (human error) and malicious acts — including being the victim of phishing/whaling attacks, lost laptops, accidental disclosure of information, and actions of rogue employees account for up to two-thirds of all cyber-related breaches. Industry must be cognizant that added complexity (e.g., system design/arrangement, rules, policies, procedures, etc.,) can decrease an individual's situational awareness and increase the likelihood of human error.

A key to effective systems-risk assessment and complexity management lay in understanding cyber safety system designs, and how people interact with those systems. This paper will discuss methods to engineer systems, control system complexity, and how to help mitigate human error, with the goal of creating an efficient and effective cyber security environment.

File Size  743 KBNumber of Pages   15

Supporting information

  • SUPPLEMENTARY/OTC-28933-SUP.pdf

American Bureau of Shipping (2014). Guidance Notes for the Application of Ergonomics to Marine Systems. Houston, TX: Author.

American Bureau of Shipping (2003). Guidance Notes on the Ergonomic Design of Navigation Bridges. Houston, TX: Author.

American Bureau of Shipping (2016). Guide for Cybersecurity Implementation for the Marine and Offshore Industries, ABS CyberSafety® Volume 2. Houston, TX: Author

American Society of Testing and Materials. F 1166 (2007). Standard Practices for Human Engineering Design for Marine Systems, Equipment and Facilities. West Conshohocken, PA: Author (McSweeney).

Kirwan, B. and Ainsworth, L.K. (1992). A Guide to Task Analysis. Taylor and Francis, LTD. London.

Salvendy, G. (Ed.). (1997). Handbook of Human Factors and Ergonomics (2nd Edition). New York: John Wiley and Sons, Inc.

Other Resources

Looking for more? 

Some of the OnePetro partner societies have developed subject- specific wikis that may help.


  

PetroWiki was initially created from the seven volume  Petroleum Engineering Handbook (PEH) published by the  Society of Petroleum Engineers (SPE).







The SEG Wiki is a useful collection of information for working geophysicists, educators, and students in the field of geophysics. The initial content has been derived from : Robert E. Sheriff's Encyclopedic Dictionary of Applied Geophysics, fourth edition.