Back in September last year, we unveiled our then brand-new cyber security solution for the cruise industry – ‘CRIBB Maritime Cyber Assurance’ (CMCA). Almost 6 months on, we decided to speak with Patrick Carolan about this unique and affordable product aimed at Small and Medium sized businesses as an affordable alternative to iSO27001, which is still garnering a lot of attention for theICEway’s CRIBB Cyber Security brand…

Patrick, how much interest have you encountered in CMCA over the past 5 months?

A lot actually, it’s definitely piqued the interest of a number of people in cruise. Data breaches in the cruise industry are certainly not uncommon, and with the incredible digital transformation in cruise we’ve seen in recent years the potential cyber threats on board are vast. It isn’t just on board either, in fact we ran a blog piece late last year on a risk study about the potential damage a large-scale port cyber-attack on Asia could cause.

Would you say then that the cruise industry is particularly vulnerable to cyber-attacks?

Well that study was hypothetical, but I would definitely say that cruise and cruise ships are ‘high risk’; cruise ships nowadays are literally like floating cities, with incredible connectivity and all manner of hi-tech facilities. When you have IoT progressing at such an awesome rate as well, you suddenly start to see how cyber security for cruise has become a real logistical nightmare.

What one piece of advice would you give to people in the cruise industry?

It’s difficult to say because it is such a huge topic but security by design is definitely something that should be embraced. It’s the approach we take within theICEway ecosystem of companies and very simply, it means that instead of tackling issues when they arise, you are always trying to be more proactive by taking preventative measures from the outset.

Think of it like this; if you build a house and then add a security alarm to the side of it, that is one approach to becoming more security conscious. Another approach, the better one I think – the approach we take at CRIBB Cyber Security in fact – is one where you build the alarm system as an integral part of the house design. So integral that you would have to remove the house to disable the alarm system!

Tell us more about CMCA.

CMCA is recognised by the IASME Consortium and in simple terms, it acts as a framework (backed by the UK government) that cruise companies can work to in order to improve their levels of cyber resilience. The structure is based upon the Cyber Essentials framework and tools, plus also the ISO27001 security standard. By taking theICEway for cyber security and implementing CMCA, clients give themselves the opportunity to increase protection, eliminate inefficiency and strengthen business processes in general.

Can you talk us through how CMCA works?

We offer clients full briefing and consultation throughout the project as well as assistance with security policies and an evaluation / assessment of where they are in terms of level of compliance. How we do that is by taking a deep dive into the existing ‘organisation of information’, going through management processes, operations security, HR, we thoroughly review all procedures and processes and we also provide assistance with an access control check and we take a look at how they deal with ‘Subject Access’. The great thing is that all of this is conducted by an experienced and certified GDPR practitioner.

It certainly does sound thorough…

It is, and there is actually a lot more to it because CRIBB Maritime Cyber Assurance also gives our clients an assessment of supplier relationships, assistance with business continuity management, asset management advice, guidance on cryptography, physical and environmental checks, equipment checks and validation, technical controls, network / cloud, firewalls and malware protection, assistance in managing security incidents…

Breathe, Patrick.

It’s a really good solution.

Exhaustive, you might say?

Exhausting, that’s for sure…!

Glossary

ISO27001 – An information security standard last published in 2013 (with a few minor updates since), this is essentially a specification for an information security management system.

theICEway – An ecosystem of companies that works with our clients’ IT Teams to deliver technology projects, cloud strategy and application managed services: ICE Technology Services, CRIBB Cyber Security, eTestware, AIVR Labs.

IoT – Internet of things; a network of objects that are connected to the Internet and collect / exchange data.

‘Subject Access’ – People have the right to access their personal data and this is often referred to as subject access, as a ‘subject access request’ is required either verbally or in writing to obtain that access.

GDPR – General Data Protection Regulation; an EU regulation on data protection and privacy, GDPR sets out 7 principles for processing personal data in a lawful manner:

  • Lawfulness, fairness & transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage Limitation
  • Security
  • Accountability

Contact the experts at CRIBB Cyber Security and theICEway today to find out more about CMCA and the other products, services and solutions we can offer you in the fight against cyber-attacks – we can help you become cyber resilient.

theICEway has more than 20 years’ worth of experience in cruise, so for those of you who need assistance with cyber security in the cruise industry, it makes sense to choose a true specialist…