ABS: 8 key steps for cybersecurity and operational readiness

However, USCG’s latest annual Cyber Trends and Insights in the Marine Environment report for 2024, found a generally improving cybersecurity posture across the Marine Transportation System (MTS), including stronger password policies, increased use of multi-factor authentication, and better tools to combat phishing.

Aligning cybersecurity with operational readiness

To enhance cybersecurity resilience, cruise operators must focus on operational readiness—ensuring that systems, processes and personnel are prepared to respond effectively to cyber threats. By aligning cybersecurity initiatives with key operational readiness principles, organizations can create a comprehensive strategy that addresses both operational resilience and guest safety. This, as explained in the report, can be achieved in the following ways:

1. Prioritize human safety

The foremost priority for any cruise operator is the safety of passengers and crew. Cybersecurity measures must be designed to protect critical systems that impact human safety, including navigation and emergency response systems. By implementing risk assessments and training programs, organizations can ensure that personnel are equipped to respond effectively to cyber incidents that may threaten safety.

2. Enhance marine safety and resilience

The integrity of marine operations is paramount. Cybersecurity strategies should focus on preserving the functionality of systems throughout their operational lifespan. This includes designing systems to “fail safe” and conducting regular assessments to identify vulnerabilities that could lead to operational disruptions.

3. Safeguard environmental safety

As stewards of the marine environment, cruise operators must recognize the potential environmental impacts of cyber threats. Cybersecurity initiatives should encompass processes that safeguard against incidents that could harm ecosystems, ensuring compliance with environmental regulations and promoting sustainable practices.

4. Support guest services and experience

In an industry where guest experience is paramount, cybersecurity measures must protect systems that support guest services. This includes safeguarding personally identifiable information (PII) and ensuring the integrity of booking and payment systems. By prioritizing guest-facing cybersecurity, cruise operators can enhance trust and loyalty among passengers.

5. Ensure regulatory compliance

The regulatory landscape surrounding maritime cybersecurity is evolving rapidly. Cruise operators must stay abreast of new regulations and ensure compliance with cybersecurity standards. This proactive approach not only mitigates legal risks but also demonstrates a commitment to safeguarding the maritime transportation system.

6. Secure communications

Reliable communication is essential for operational success. Organizations should implement measures to protect communication channels and ensure the integrity of positioning equipment. This is particularly critical in an era where cyber threats can disrupt communication flows, potentially leading to catastrophic consequences.

7. Optimize guest experience and value

Cybersecurity should not be viewed as a hindrance to guest experience but rather as an enabler. By providing seamless interfaces and secure systems, cruise operators can enhance the overall guest experience while protecting sensitive information.

8. Maintain supply chain integrity

The availability of supplies is crucial for smooth operations. Cybersecurity measures should extend to supply chain management, ensuring that systems are resilient against cyber threats that could disrupt the flow of essential resources.