Cyber risk communication during vessel incident management: A case study

The maritime cyber risk management guidelines developed by the International Maritime Organisation (IMO) highlight communication as a key aspect of the risk management process. This research sought to build upon previous studies highlighting incident communication as a critical part of the ship-to-SOC cyber incident management process. This research adopted a single case study-mixed methods design (CS-MM) featuring a primary case study that includes a nested mixed methods approach. The site for the case study was an M-SOC. The first phase of the case study involved interviews with 5 M-SOC personnel. For the second phase, an exploratory sequential design was applied. The quantitative data collection involved a survey with 10 vessel Information Technology (IT) and Operational Technology (OT) professionals, with 3 follow-up interviews conducted for the qualitative data collection stage. Our findings highlighted how a cyber incident dashboard and alert report complement each other in creating a shared recognised cyber picture (sRCP) between all the vessel incident management stakeholders. The sRCP, therefore, becomes the actionable element of the communication. The case study also sheds light on practical design considerations for enhancing the cyber situation awareness (CSA) of vessel cyber incident dashboards. Specifically, survey results revealed that highlighting the cyber risk of non-response to a security warning was the highest-ranked contextual information. Additionally, detection of potentially suspicious activity emerged as the risk finding that vessel IT teams highlighted as having the highest notification priority. Finally, the top alert grouping approaches were by warning type and by priority.