It is time to move toward a quantitative approach that provides deeper understanding of individual risk elements observed in marine operating systems.
Increasing connectivity in complex maritime operating systems is escalating the potential impact of cyber-related incidents and complicating the task of defending against them. Traditional methods for assessing cyber risk provide inadequate guidance for applying limited security resources.
Currently, available risk assessment methods are largely qualitative. Even so, these methods do provide the current foundation for risk management plans, on which owners and operators base programs to identify, protect, detect and recover from cybersecurity breaches. Building on that model, it is time to move toward a quantitative approach that provides deeper understanding of individual risk elements observed in marine operating systems, and provides owners with engineering “knobs to turn” to reduce them.
The most common equation used to represent cyber risk is: Risk = Threat x Vulnerability x Consequence. This equation has proven useful for practitioners insofar as it has helped analysts intuitively understand that risk has…