Cyber-attacks against maritime and shipping organizations are only increasing. Notwithstanding the IMO’s requirement for organizations in this sector to achieve cyber resilience by 2021, more and more entities are being crippled by malicious attacks. Maritime cyber-attacks are increasing The last victim in a long list of cyber-attacks was cruise operator ... Read More

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act. On ... Read More

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to ... Read More

Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly interconnected. Civil ... Read More

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs ... Read More

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and complexity ... Read More

Building the Case for IoT Security Framework The Internet of Things (IoT) is growing in technical, social, and economic significance. ENISA defines the increasingly complex IoT systems as “cyber-physical ecosystem[s] of interconnected sensors and actuators, which enables intelligent decision making.” These technologies collect, exchange and process data in order to ... Read More

As smart ticketing systems and technological solutions become more prevalent in the transportation industry, the issue of transportation systems’ cybersecurity becomes a greater concern. Transportation Systems Cybersecurity is a Major Concern In August 2019, Transport for London (TfL) was forced to temporarily close down the online facility for its Oyster ... Read More

Cybersecurity is not a static world. You can say that it is a social system, it affects and is affected by its surrounding environment. For example, back in 2018, it was the GDPR that shook the foundations of security and privacy by making the protection of our personal data a ... Read More

It’s DBIR season! Put down your pens, stop watching “The Last Dance” and get to reading the key findings of the 13th edition of the annual Verizon Data Breach Investigations Report! If “experience is merely the name men gave to their mistakes,” as Oscar Wilde puts it in The Picture ... Read More