What are some of the solutions to an cybersecurity incident in-progress that involves taking over a moving ship? Much of the article talks about how it's important to prepare for this incident and that there's a simulation developed for this scenario, but the recommendations at the end look preventative instead of intended to fix an active incident.
The article's preventative methods include "Install security updates as soon as they come and automatically as much as possible," "Do not assign administrator rights to end users," "Do not allow the use of weak passwords," use multi-factor authentication, don't install non-approved software, conduct risk assessments for computer systems in use, and make plans for cyber incidents in advance.
Lol, preventative measures in this case are dumb as crap in the sense of they should be more
"This is an extremely locked down industrial device that only executes signed code and has every port on the machine epoxied over" as just the starting paragraph.
Unfortunately the exact details of what to do in a cyber incident are really closer to a per system plan. Honestly it's something that should be red teamed/blue teamed in a simulator many times, then dump some harbor pilots and captains in the sim against the red team to see what the common default reactions are.
The article's preventative methods include "Install security updates as soon as they come and automatically as much as possible," "Do not assign administrator rights to end users," "Do not allow the use of weak passwords," use multi-factor authentication, don't install non-approved software, conduct risk assessments for computer systems in use, and make plans for cyber incidents in advance.