£275.00
This book is sold by a 3rd party vendor clicking the visit site button will take you to their website
Cyber risk management should be an inherent part of safety and security and should be considered at all levels of the company, including senior management ashore and onboard personnel.
This workbook provides practical guidance for ship (Part One - Onboard Practical Considerations) and shore (Part Two - Shore Management Considerations), including technical departments, IT departments and equipment manufacturers. It is aligned with IMO Resolution MSC.428(98) and will also be useful to the wider maritime industry.
The fifth edition has been produced and supported by BIMCO and International Chamber of Shipping (ICS).
It contains updated information on current threats and includes new sections on topics such as cargo management and passenger ships. Detailed case studies have been added to illustrate cyber risks in a memorable fashion.
Author | Witherbys, International Chamber of Shipping and BIMCO |
Publisher | Marisec |
Edition | Fifth Edition |
Publication month | 2023 - December |
ISBN | |
Shipping Weight | g |
Foreword Abbreviations/Definitions Acknowledgements Section 1 - Introduction 1.1 Cyber Security Risk Management - IMO Requirements and Guidelines 1.1.1 Supporting Regulatory Guidelines 1.1.2 Regional Regulatory Guidelines 1.2 Cyber Outlook for Shipping 1.3 Purpose of this Workbook 1.4 Checklists 1.5 Designated Roles and Responsibilities Part One - Onboard Practical Considerations Section 2 - Identifying Risks 2.1 Vulnerable Ship Systems 2.2 What is a Maritime Cyber Attack? 2.3 Threats 2.3.1 Types of Cyber Attack 2.3.2 Social Engineering Section 3 - Protection, Prevention and Training 3.1 Prevention of Malware Attacks 3.2 Software Updates 3.2.1 Updating programs that are not part of the Operating System 3.3 Endpoint Protection/Security Suite 3.3.1 Endpoint Protection Updates 3.3.2 Checking if the Endpoint Protection Suite is up to date 3.4 Passwords 3.4.1 Creating Passwords 3.4.2 Password length 3.4.3 Managing Passwords 3.4.4 Handover of Passwords 3.4.5 Passkeys 3.4.6 User Names 3.5 Cyber Security and the SMS 3.5.1 Cyber Security and the Ship Security Plan (SSP) 3.6 Crew Considerations and Training 3.6.1 Key Aspects of Crew Training 3.6.2 Cyber Security Familiarisation for Crew 3.6.3 Training for Non-crew Members 3.6.4 Designing a Training Programme 3.6.5 Unintentional Cyber Breaches by the Crew 3.6.6 Planning a Crew Training Session 3.6.7 Cyber Security Drills 3.6.8 Social Media 3.6.9 Travelling in Cyber Safe Mode 3.7 Ship Inspections and Port State Control 3.7.1 Port State Control Inspections 3.7.2 Other Inspections Section 4 - Detect, Respond and Recover: General Principles 4.1 Detecting a Cyber Incident 4.1.1 Introduction 4.1.2 Useful Tools Available to Help Detect Possible Malware 4.2 Incident Response 4.2.1 Third Party Support 4.2.2 Cyber Recovery Plan 4.2.3 Backups Section 5 - Ship's Business Systems 5.1 Onboard Business Computers 5.1.1 USB Ports and Drives 5.1.2 USB Port Blockers 5.1.3 USB Cleaning Stations 5.1.4 Tablets 5.1.5 Personal Devices and USB Ports 5.2 Network Segregation On Board 5.2.1 Segregated Networks 5.2.2 Achieving a Segregated Network 5.2.3 Maintaining a Segregated Network 5.2.4 Benefits of Network Segregation 5.2.5 Vulnerable Systems On Board 5.3 Wireless Networks 5.3.1 Business WiFi 5.3.2 Crew WiFi 5.3.3 Guest Access 5.3.4 WiFi Network Security 5.3.5 Virtual Private Network (VPN) 5.4 Satellite Communications (Satcom) Equipment 5.4.1 Satcom Passwords 5.4.2 Satcom Visibility on the Public Internet 5.4.3 Satcom Software Updates 5.4.4 Physical Security of the Satellite Terminal 5.4.5 Software Security of the Satellite System 5.5 Mobile (Cellular) Data Connections 5.6 Connecting to Shore WiFi in Port 5.6.1 Crew Connecting to WiFi Ashore 5.7 Passenger Ships Section 6 - OT Systems 6.1 Understanding OT Systems 6.2 Engine Department Considerations 6.3 Cargo Management 6.4 ECDIS Security 6.4.1 Updates 6.4.2 Physical Security 6.4.3 ECDIS Recovery 6.4.4 Recognising Genuine NAVTEX Messages 6.5 GNSS Security 6.5.1 GNSS Input Data 6.6 Other Bridge Systems 6.6.1 VDR 6.6.2 AIS Part Two - Shore Management Considerations Section 7 - Key Considerations 7.1 Cooperation Between the Office Departments and their Suppliers 7.1.1 IT Department and Technical Department 7.1.2 Securing the Supply Chain 7.1.3 Cyber Security Working Group 7.2 Cooperation Between the Office and the Ship's Crew 7.2.1 Maritime Cyber Security Management 7.2.2 Cyber Security and the Safety Management System (SMS) 7.2.3 Cyber Security and the Ship Security Plan (SSP) 7.2.4 Onboard Resources According to Ship Type 7.3 Ship's Network Architecture 7.3.1 IDMZ 7.3.2 Data Diodes (Unidirectional Gateways) Section 8 - OT Systems Management 8.1 OT Asset Management and Risk Assessment 8.1.1 Asset Management 8.1.2 Asset Risk Assessment 8.2 Securing OT Systems 8.3 Securing the Ethernet IP Network Used by OT Systems 8.3.1 Converter Security 8.4 Intrusion Detection Systems (IDS) Section 9 IT Systems Management 9.1 Remote Access 9.2 Vulnerability Scanning 9.3 Penetration (Pen) Testing 9.4 Endpoint Detection and Response (EDR) 9.5 Disaster Recovery from Backup 9.6 Uninterruptible Power Supply (UPS) for IT/OT Systems Checklists Checklist 1 - Cyber Security Familiarisation for New Crew Members Checklist 2 - Cyber Security Crew Training Checklist 3 - Detecting a Cyber Incident Checklist 4 - Responding to a Cyber Incident On Board Checklist 5 - Onboard Business Computer Checklist 6 - Network Segregation Checklist 7 - Networks (Wireless and Wired) Checklist 8 - Satellite Communications Checklist 9 - OT Systems for Crew Checklist 10 - ECDIS Cyber Security Checklist 11 - Cyber Security Checks on the Navigation Bridge Checklist 12 - Asset Management and Risk Assessment Checklist 13 - OT Systems for IT Department Checklist 14 - Remote Access Annexes Annex 1 - Cyber Security Assessment Annex 2 - Creating a Cyber Security Plan Annex 3 - Creating User Accounts Annex 4 - Checking for Segregated Networks Annex 5 - NMEA 0183 Annex 6 - Regional Regulatory Guidance Annex 7 - Further Resources |