Cengiz Özemli
Academic
- Thread Author
- #1
## The New Era of OT Cybersecurity in Maritime
Operational technology (OT) cybersecurity in the maritime sector is entering a new era. Ports, ships, and logistics ecosystems are now directly and visibly exposed to cyber risks. With increasing connectivity, cyber incidents can disrupt material flow, reduce operational visibility, and affect critical services across the supply chain.
These topics were discussed in the latest episode of Podomation, the official podcast published by the International Society of Automation (ISA).
### What is Podomation?
Podomation is a podcast series by ISA featuring experts in industrial automation. It offers content for automation professionals on various topics such as Industry 4.0, digital transformation, manufacturing and machine control, instrumentation, connectivity, and OT cybersecurity.
### Episode 009: OT Cybersecurity in the Maritime Sector
In this episode, Marco Ayala (Director, Cybersecurity Center, ABS Consulting) and Steve Mustard (CEO, National Automation) discussed the impact of cyber risks on real operations in the maritime sector.
- Current threats include risks such as malware, phishing attacks, GPS spoofing, and compromise of vendor access.
- A cyberattack on a port or ship can disrupt delivery schedules and impede the flow of food, fuel, equipment, and essential materials.
- Given the significant role of maritime infrastructure in global trade, the economic impacts of cyber risk are widespread.
- Risk assessment should focus on operational impacts, system dependencies, recovery procedures, and service continuity.
### Standards for Cybersecurity in Maritime
During the discussion, ISA/IEC 62443 standards emerged as the fundamental framework for maritime cybersecurity. This standard supports:
- Risk-based security planning,
- Zonal segmentation,
- Security level targets,
- Secure supply practices, and
- Lifecycle management.
Other important standards listed were:
- ISA-84 (Functional safety),
- ISA-18 (Alarm management),
- ISA-101 (Human-machine interface design).
These standards increase awareness, improve design quality, enable safer intervention in abnormal situations, and support the alignment of cyber programs with operational realities.
### Secure Automation in Practice
One of the most important messages emphasized throughout the podcast is that cybersecurity is possible with trained human resources. Engineers, operators, technicians, ship crew, and managers in the maritime sector must have a good understanding of the industry's specifics.
- On-site assessments can reveal password vulnerabilities, unprotected ports, unmanaged laptops, and weak physical and network controls.
- Training enables better decision-making regarding change management, patching, vendor access, and incident response.
- It is crucial for personnel to understand both cybersecurity principles and the physical realities of OT systems.
### Listening and Following the Podcast
You can listen to the full conversation with Steve Mustard and Marco Ayala, and their insights into the future of cybersecurity in maritime, on the Podomation podcast channel. It is available on many platforms such as Spotify and Apple Podcasts.
For more information and all episodes, you can follow the official ISA podcast page.
