Forensic Readiness within the Maritime Sector
Published on Jun 3, 2019
· DOI :10.1109/CYBERSA.2019.8899642
Forensic investigation is an essential response strategy following a cyber-related incident, and forensic readiness is the capability to gather critical digital information and maximize its use as evidence. The effectiveness of this data is highly dependent on the readiness, quality, and trustworthiness of the data itself. Far from a passive post-analysis tool, there have been many instances where an organization has benefited from gathering, and using, digital evidence to improve their cyber-security and mitigate future incidents. This article examines the forensic readiness of the maritime sector, a core component of global trade and a unique combination of information/operational technology and people, to understand its investigation and mitigation capabilities. Once the readiness of maritime forensic investigation has been better understood, by comparing it to other sectors and using risk scenarios, this paper proposes actions toward improvement. These steps are built from established attempts to increase investigation capabilities and improve maritime cyber-security, but address the maritime sector specifically.