Maritime Cybersecurity and Improvement of Project Execution Process
Peura, Riikka (2017)
Peura, Riikka
2017
Automaatiotekniikka
Teknisten tieteiden tiedekunta - Faculty of Engineering Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2017-12-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201711202185
https://urn.fi/URN:NBN:fi:tty-201711202185
Tiivistelmä
The increasing complexity, digitalization, integration and automation of the maritime systems set new cybersecurity requirements for the whole maritime sector. This thesis investigates the newest cybersecurity publications guiding the industry including releases of standardization and maritime organizations and classification societies. The goal of the research is to improve and unify the cybersecurity project execution process of a global company delivering electrification and automation solutions for the industry.
The research consists of two parts: a literature and industrial practices review and a practical part aiming at the identification of key areas of focus for the company from which to begin the unification of their cybersecurity project execution process. The literature review demonstrates the industry’s ruling approach on cybersecurity: holistic cyber risk management through each organization level. The review was used as a theoretical framework for the empirical part based on workshops with cybersecurity responsible persons from different local business units of the company.
This thesis provides a methodology for global process unification, a list of identified improvement areas of the current cybersecurity project execution process of the company and suggestions for improvement. All the list items will be improved, but four key areas of focus are prioritized: inadequate global infrastructure and standardized cybersecurity project execution process, training, conflicts between global and local cybersecurity guidelines and technical solutions and procedures for cybersecurity execution. As a result of this thesis, the company began enhancing of a global cybersecurity information sharing platform, complementing training to become globally valid, clarifying conflicts between global and local guidelines and developing a new cybersecurity execution service solution.
Overall, this thesis provides the reader with an overview of the current cybersecurity situation of the maritime industry and helps the preparation for future requirements. This thesis also presents practical suggestions for the cybersecurity related issues the project organization of the company is facing. The development processes started during this thesis will be continued under the group level globalization of security policies.
The research consists of two parts: a literature and industrial practices review and a practical part aiming at the identification of key areas of focus for the company from which to begin the unification of their cybersecurity project execution process. The literature review demonstrates the industry’s ruling approach on cybersecurity: holistic cyber risk management through each organization level. The review was used as a theoretical framework for the empirical part based on workshops with cybersecurity responsible persons from different local business units of the company.
This thesis provides a methodology for global process unification, a list of identified improvement areas of the current cybersecurity project execution process of the company and suggestions for improvement. All the list items will be improved, but four key areas of focus are prioritized: inadequate global infrastructure and standardized cybersecurity project execution process, training, conflicts between global and local cybersecurity guidelines and technical solutions and procedures for cybersecurity execution. As a result of this thesis, the company began enhancing of a global cybersecurity information sharing platform, complementing training to become globally valid, clarifying conflicts between global and local guidelines and developing a new cybersecurity execution service solution.
Overall, this thesis provides the reader with an overview of the current cybersecurity situation of the maritime industry and helps the preparation for future requirements. This thesis also presents practical suggestions for the cybersecurity related issues the project organization of the company is facing. The development processes started during this thesis will be continued under the group level globalization of security policies.