|
11
FA L
also be conducive to a more efficient regional transport system, better process security,
and greater competitiveness for all participants (Pérez-Salas, 2013).
IV. International standards and best practices in the
introduction of technological rules
Suitably managing technological standards, encouraging cooperation and
introducing international best practices are fundamental to the introduction of
technological rules and the provision of guidelines for adequate security in line with
the speed of changes in these areas.
Hence, for example, the technical committee of the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC) have
developed international standards for the Internet of Things (ISO/IEC JTC 1, 2014) and an
Internet of Things Reference Architecture (ISO/IEC 30141), published in 2016. The Institute
of Electrical and Electronics Engineers Standards Association (IEEE-SA) has also formed a
working group with the aim of developing a standard for an architectural framework for
the Internet of Things, IEEE P2413 (IEEE-SA, 2016).
Since 2017, ISO has sought to standardize the blockchain and distributed ledger
technologies (ISO/TC 307 - Blockchain) based on the following structure: reference
architecture, taxonomy and ontology, use cases, security and privacy, identity, smart
contracts, governance of blockchain and distributed ledger technologies, interoperability
of blockchain and distributed ledger technologies, terminology. The International
Telecommunication Union (ITU) has also expressed interest in standardizing blockchain
technology. The ITU Telecommunication Standardization Sector (ITU-T) has also set
up a focus group on application of distributed ledger technology (FG DLT), which will
develop a workplan for the standardization of interoperable services based on distributed
ledger technology (ITU-T, 2017). IEEE-SA is also developing a standard for the framework
of blockchain use in the IoT (IEEE-SA, 2017), and the Linux Foundation along with other
companies has worked to create an open source platform called the Hyperledger Project
based on blockchain technology for a distributed ledger that can be used in multiple
industries, and is optimized for myriad use cases (Linux Foundation, 2016).
There are also cyberrisk management standards, such as ISO/IEC 27001 established by the
International Organization for Standardization (ISO) and the International Electrotechnical
Commission (IEC), which establishes the requirements for an information security
management system. It advocates for the combination of three pillars: people, processes
and technology. As regards people, organizations must provide cybersecurity training
for employees to prevent and reduce cyberthreats. In terms of processes, information
technology must be used to define and audit organizations’ activities, functions and
documents used to mitigate cybersecurity risks. Lastly, with regard to technology, after
identifying the cyberthreats facing organizations, plans must be implemented to address
these threats and reduce the impact of a possible attack.
BIMCO has created guidelines to incorporate cyberprotection into ships’ safety management
systems, including risk assessments of operational technology, navigation systems and
engine controls, and also provides a guide on addressing cyberrisks for ships deriving from
other elements of the supply chain. These guidelines are based on the following principles:
(i) awareness of the security and commercial risks arising from the lack of cybersecurity
measures, (ii) protection of IT infrastructure on-board ships and of connected equipment,
(iii) a user authentication and authorization system to guarantee appropriate access to the
necessary information, (iv) protection of data used on-board the ship, guaranteeing suitable
protection based on the sensitivity of information, (v) management of IT users, to ensure
that only authorized persons have access and rights to information, (vi) management
of communication between the ship and coastal areas, and (vii) development and
implementation of a response plan to cyberincidents based on risk assessment.
w w w . c e p a l . o r g / t r a n s p o r t e
Do'stlaringiz bilan baham: |
