Events , Governance & Risk Management , GovWare
Addressing Cybersecurity Challenges in Maritime Operations
BH Global's Ken Soh on Why Maritime Security Needs Its Own PlaybookCybersecurity in maritime operations requires frameworks tailored to the sector's unique challenges. Traditional onshore methods fall short in protecting the OT systems onboard ships, which lack dedicated on-site cybersecurity support. Ken Soh, group CIO at BH Global, said maritime frameworks should go beyond compliance, focusing on operational security tailored to the maritime sector's distinct needs.
See Also: Make Zero Trust Happen
The International Maritime Organization and classification bodies, such as International Association of Classification Societies, have developed standards, including the IACS UR E26/27, to secure maritime OT systems. This is essential because cyber vulnerabilities can endanger crucial systems. Aligning the onshore IT systems with offshore OT frameworks, therefore, remains challenging because of the industry's diverse regional regulations, cross-border operations and varied third-party communications protocols.
"First, just like a NIST framework, we need to know our asset. Once we know the asset, we know what we’re protecting," Soh said, emphasizing the need for effective asset discovery and vulnerability management. "Once we know the weaknesses, we use the 80/20 strategy - using 20% effort to manage 80% of the vulnerabilities."
In this video interview with Information Security Media Group at the GovWare Conference and Exhibition 2024, Soh also discussed:
- Meeting regulatory requirements in international waters to adapt to cross-border privacy laws;
- Managing IT-OT integration amid unique operational constraints;
- The potential risks of hackers targeting undersea cables.
Soh has spearheaded various digital transformation initiatives at BH Global, including data visualization and strengthening the company's ERP platform. He has more than 25 years of experience in the ICT industry. Prior to joining BH Global, Soh held various senior leadership positions in public and private sectors with master planning and profit and loss responsibilities.