ISSA and Ship Supply News















Tightening security against 



cyber attacks







Agood practice in information security and 
serious issue highlighted by ISSA and another with none. An attacker will 
lawyer Bruce Hailey at the 2015 always go for the undefended ship.internet safety.

AGM of the British Association “An effective way to protect yourself It is regarded as the base level standard 
of Ship Suppliers was the increase in the or your organisation is to do the basics. of IT security which small to medium 

number of cyber attacks throughout the Put in place a password policy, change companies should meet and the framework 
ship supply industry.passwords every month, create an actual was created by IASMF, BSI, ISF and HMG, 

Indeed the problem is a global one IT security policy and train new starters under the authorisation of CESG, the 
and one which can have a major impactin how to manage IT.”information security arm of GCHQ.

on any business whether you or are a He said medium and large companies It provides a statement of the basic 
small supplier or, as in the recent case of were often dependent on large and controls that all organisations should 

TalkTalk, a huge organisation – the telecom complex supply chains, often involving implement to mitigate the risk from 
high numbers of small, specialist common cyber threats and also offers
giant was targeted by hackers in October 
who stole conidential data from hundreds providers and cyber attackers had a foundation of basic measures that 

of thousands of customers, costing the already proved themselves adept at organisations should implement through 
company an estimated £30million.identifying and exploiting the weakest link an assurance framework mechanism.

In the summer issue of The Ship within supply chains as a way of accessing PGI has developed a solution through 
Supplier Alex Taylor, Managing Director and iniltrating their main target systems.which any size of business can mitigate 

of Hull-based ship supplier Hutton’s, told For example, 40 million customer risk and the solution draws on the Cyber 
how his company had been a victim of credit card details were stolen from US Essentials standard.

email fraud, which resulted in unwittingly retailer Target when a cyber attack was The Cyber Education portal supports 
paying money into a bogus bank account.launched through the company that online certiication of the Government- 

But how can you deter cyber serviced Target’s air-conditioning.led Cyber Essentials process and the 
criminals from making your portal their Mr Swindlehurst advised companies online self-assessment portal guides a 

next port of call?to follow the ‘10 Steps to Cyber Security’ company through ive different sectors of 

Ben Swindlehurst, Commercial put out by GCHQ (the UK Government the process.
Development Director for PGI Cyber, Communication Headquarters) two This gives suppliers a simple and 

the cyber security protection arm of years ago.cost-effective way through which they 
Protection Group International (PGI), “The UK Government and the UK can demonstrate that they have taken 

said all companies no matter how large itself are leading in terms of cyber the essential precautions to secure 
or small should be aware of the growing security. It is a lagship that people look to themselves – and the businesses they 

threat of cyber attacks, carried out for and hope to replicate.”serve – against cyber attacks.
inancial gain or ‘oneupmanship’ from In October 2014, the UK Mr Swindlehurst said that for the 

hackers trying to breach security.Government stated that anyone involved supplier, the cost of certiication (£395 
“If a hacker is determined to breach in a contract with the UK Government, plus VAT) was small in the context of 

your systems, they will get in. The most moving forward, would have to have its its contracts with the organisation it is 

important thing to bear in mind, however, Cyber Essentials initiative as a minimum.supplying to.
is that hackers are opportunistic. I always The Cyber Essentials Scheme “Cyber Essentials only costs a few 

use the maritime industry as a good was developed and launched by the hundred pounds, a low price to pay in 
example of this. Imagine there are two UK Government in 2014 in order to comparison to the potential consequences 

vessels, one with armed security onencourage organisations to adhere toof a cyber security breach.” u


The SHIP Supplier Issue 67 2015 39