A modular cyber security training programme for the maritime domain

Abstract

The global maritime industry is continuing the rapid digitization of systems and dependency on advancing technology, in a trend akin to other industrial domains. One of the main issues that this integration has brought is an increased vulnerability to a growing number of cyber threats. While several security measures are being implemented to prevent or respond to cyber attacks, the human element is still one of the main weaknesses. Many of today’s cyber attacks take advantage of human personnel’s lack of awareness, which makes cyber security awareness and training activities of critical importance. Unfortunately, current research is still limited in its offerings for cyber security training specific to maritime personnel. Moreover, such training programmes for the professionals should be developed role-based in accordance with the suggestions of many credited maritime organizations. For this reason, we developed a modular cyber security training programme for the maritime domain called Maritime Cyber Security (MarCy) by implementing Critical Events Model (CEM). Then, we evaluated the MarCy programme by utilizing the Delphi technique with the participation of 19 experts from academia and industry. In this study, we offer cyber security training for seafarers and office employees in shipping companies. We proposed eleven elective modules to improve the knowledge, skills, and attitude of learners against cyber risks. The MarCy programme can be implemented by universities, shipping companies, training institutes, and governmental organizations for maritime cyber security training purposes.