ABS announced its successful development of a groundbreaking new methodology to measure cyber security risk associated with operational technology, providing marine and offshore clients a calculated risk index for vessels, fleets and facilities. The index quantifies cyber security risk and gives owners and operators an actionable strategy to reduce cyber risk onboard a vessel.
Until now, cyber risk assessment methods were largely qualitative, characterizing risk based on threats, vulnerabilities and consequences. These elements were useful in understanding risk; however, they were not quantifiable.
“With assets increasing in complexity, comprising several interconnected control systems, it was critical to develop a simple, quantifiable method to measure cyber risk,” said ABS Chairman, President and CEO, Christopher J. Wiernicki. “The ABS FCI Cyber Risk™ model gives owners and operators a straightforward approach to understanding their existing cyber risk and a concrete approach to reducing that risk.”
With its Functions, Connections and Identities (FCI) model, ABS can now calculate a cyber risk index for a client’s individual assets or entire fleets. From the risk index, an actionable report details precisely how to reduce cyber risk, which allows clients to target cyber security investments across their assets.
The quantifiable and calculable method evaluates not only the operational systems and connections of a vessel, but also the human and machine identities, clearly enumerating the level of cyber risk exposure.
“This is data-driven decision making in action,” said Wiernicki. “With the results of the FCI Cyber Risk process, clients can apply a cost-effective risk mitigation strategy across their assets and fleets.”
The development follows ABS’ two-year research contract with the Maritime Security Center – a U.S. Department of Homeland Security Center of Excellence – led by Stevens Institute of Technology and including the US Department of Defense. The research objectives included: better definition of risk-based performance standards; development of a maritime-specific framework for cyber policy; identifying critical points of cyber security failure; developing design requirements for a maritime cyber test-bed; and investigating quantitative analysis tools to determine the effectiveness of cyber detection and deterrent strategies.
“Safety has always been at the heart of ABS’ mission and our revolutionary cyber security approach is another way we will continue to deliver our objective into the future,” said Wiernicki. “For ship owners and operators, this method not only allows them to understand their degree of exposure to risk today but provides an actionable roadmap for how to improve that position. The FCI Cyber Risk model is a new and significant step forward in safety for the entire maritime industry.”
The ABS FCI Cyber Risk model expands the capabilities in the ABS CyberSafety® Program, which includes additional assessments toward obtaining the industry’s only available CyberSafety Notations.