Cyber Security for Ports and Vessels
22 April 2018
With the increasing use of information and communications technology (ICT) in the port and maritime sectors, and the connection of operational technologies (OT) such as control systems, there is a need to address the cyber security issues. The IMO’s ISPS Code requires port and vessel operators to put in place appropriate controls and supporting business practices to address security risks, including those that are cyber related. This course is based on the UK Department for Transport (DfT) sponsored Codes of Practice for Cyber Security of Ports and Port Systems, and Vessels, that were prepared by the Institution of Engineering and Technology (IET).
The objectives of the course are to enable delegates to:
- understand and appraise the cyber security threats to their port or maritime operations;
- undertake a risks assessment of their cyber-physical systems and operations;
- develop an appropriate and proportionate security strategy, management plan.
About the instructor:
Hugh Boyes BSc(Hons) MBA CEng FIET CISSP
Hugh is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology (IET) and holds the Certified Information Systems Security Professional (CISSP) credential issued by the International Information Systems Security Certification Consortium [(ISC)2]. He divides his time between working as a Principal Engineer at the University of Warwick and undertaking cyber security training and consultancy assignments. Hugh is an industry expert on cyber threats to cyber-physical systems, including those in the built environment, ports and maritime sectors. He has written four guidance documents for the IET covering cyber security in the built environment, ports and vessels. His research work focuses on the protection of control systems, whether traditional industrial controls or employing IoT technologies. He is the co-author of British Standard’s PAS 1192-5:2015 [Specification for security-minded building information modelling, digital built environments and smart asset management] and PAS 185 [Smart Cities – Specification for establishing and implementing a security-minded approach]. He regularly reviews standards to assess their handling of security issues and sits on the drafting committee for the forthcoming British Standards BS10754 suite of documents. Hugh is a Member of the Register of Security Engineers and Specialists (RSES).
Module 1: The cyber security threat
Using case studies to illustrate the issues, this module will provide a holistic view of the background to and nature of cyber-related threats, vulnerabilities and risks that can affect the port and maritime sectors.
Module 2: Cyber security for ports
This module will examine use and implementation of the DfT/IET Code of Practice for Cyber Security of Ports and Port Systems. It will highlight the steps that port and port facility operators should take to achieve compliance with the ISPS Code
Module 3: Cyber security for vessels
This module will examine use and implementation of the DfT/IET Code of Practice for Cyber Security of Vessels. It will highlight the steps that vessel owners and operators should take to achieve compliance with the ISPS Code.
Module 4: Developing and maintaining cyber security assessment and plan
This module will take delegates through the process required to create the cyber security assessment for the port, port facility or vessel, and the associated cyber security plan. It will examine a typical range of policies, processes and procedures required to support the plan, and outline the recommended approach to implementing and maintaining this suite of documents.
- Individuals complete personal review of skills development
- Course summary and take-aways