Automation provides many new and improved abilities for ships and offshore assets. Automation is more than the mere replacement of the functions of older (less optimal) systems; it requires system interoperability and integration. Interconnectivity of multiple systems adds new risk factors to the system as a whole. Two key risk factors are cyber security and system complexity.
At a high-level, cybersecurity means understanding your systems and processes, your personnel's capabilities and limitations, as well as thoroughly evaluating your threat landscape. In other words, system owners must have a keen understanding that there will always be new threats to counter, and new technologies to harness.
With improvements in cyber security systems, employees are now the preeminent target, thus making them a substantial vulnerability. Through negligence (human error) and malicious acts — including being the victim of phishing/whaling attacks, lost laptops, accidental disclosure of information, and actions of rogue employees account for up to two-thirds of all cyber-related breaches. Industry must be cognizant that added complexity (e.g., system design/arrangement, rules, policies, procedures, etc.,) can decrease an individual's situational awareness and increase the likelihood of human error.
A key to effective systems-risk assessment and complexity management lay in understanding cyber safety system designs, and how people interact with those systems. This paper will discuss methods to engineer systems, control system complexity, and how to help mitigate human error, with the goal of creating an efficient and effective cyber security environment.