Cyber security training strategy: dealing with maritime SCADA risks

Abstract

Control systems on board ships collect sensor measurements and data from various operational activities and display all the relevant information; they also facilitate relaying of control commands to local or remote equipment. Distributed control systems (DCS) are typically used within a single process or generating plant; supervisory control and data acquisition (SCADA) systems are used for larger-scale environments. The SCADA system communications infrastructure tends to be slower and less reliable, and so the remote terminal unit in a SCADA system has local control schemes to handle that eventuality. Security in general and cyber security specifically were not the major concerns of early standalone maritime SCADA systems. Security was primarily achieved by controlling physical access to system components, which were unique and used proprietary communication protocols. For years, security in SCADA systems was viewed as just an implication of safety. Over the last decade, however, the situation has changed, and numerous standards/directives dealing with the cyber security of SCADA systems have emerged. Characteristics of maritime SCADA cyber security are discussed; related training needs are identified next. The pedagogical approaches are also presented in order to train seafarers in risk assessment, prevention and mitigation strategies related with maritime SCADA cyber security risks