---

Law #1: Everything that is connected to the Internet can be hacked.  Law #2: Everything is being connected to the Internet.  Law #3: Everything else follows from the first two laws.

- Rod Beckstrom, "Beckstrom's Law of Cybersecurity"

---

The Reality of Cyber Risk in the Maritime Domain
Geography, technology, regulations, and laws do not limit the reach or the capability of cyber threat actors.  Cyber threat actors, whether they are nation states, organized trans-national criminal organizations or individual Hactivists are only constrained by their own imaginations and interests.  As the lifeblood of the global economy, the maritime domain represents a spider-web of opportunity for cyber threat actors, with its global footprint and never-ending stream of money transactions and cargos.  The opportunities are, quite literally, endless.
 
Unfortunately, the majority of organizations that comprise the global maritime domain exhibit an almost universally low cyber maturity posture (e.g. low levels of cyber security awareness among the majority of employees).  Exceptions to this – organizations that, for whatever reason, have elected to invest in training, technologies and business processes that reduce their cyber risks – are few and far between.  Those that wait for the IMO to promulgate cyber regulations will be left behind.  By the time such regulations are defined, agreed on and propagated via the traditional maritime regulatory bodies the damage done will be far-reaching, ubiquitously experienced and lasting.  In the meantime, the low cyber security maturity of the majority corrodes the efforts of the few.
 
In such a risk environment, within an extraordinarily price-sensitive industry, how can an organization remain competitive? How can it protect and preserve its sensitive data – its confidential information; its client and employee data; its research and development activities (e.g. throughput data or seismic findings); its business strategies, tactics and investments; it's balance sheet integrity?
 
Contrary to most people's perceptions, achieving cyber resiliency while remaining competitive is possible. While it demands a vigorous, adaptable and proactive approach, it does not require millions of dollars in the latest technologies.  In today’s world of ever-sophisticated cyber attacks and data breaches, HudsonCyber helps maritime organizations safeguard their businesses and preserve their competitive posture in the global economy by achieving cyber resiliency.
 
Tangibly, cyber risks realized can result in a broad range of negative outcomes for maritime stakeholders. These include but are not limited to any or all of the following events that can result in operational/business interruption; financial exploitation; and/or major system damage or loss:

1. Compromises for Ships:
   • SATCOM systems
   • RADAR, AIS, ECDIS and GPS platforms
   • Ballast Water and Cargo Management Systems
   • Engine Control and Monitoring Systems
2. Compromises for Terminals:
   • Terminal Operating Systems
   • Enterprise Resource Planning Applications (e.g. financial systems)
   • RFID / Telematics