Standard Guide for Cybersecurity and Cyberattack Mitigation

Importancia y uso:

5.1 To maintain the integrity of potentially vulnerable information systems while the vessel is at sea or in port, strategies and procedures can be used by every company, organization, and ship. Mitigating potential cyberattack events will allow for a better economic environment through secure consumer, employee, and corporate data. Informational infrastructure between ships, platforms, and onshore facilities are more interconnected today than a decade ago. The long-term health and economic viability of ship owners and operators depend on establishing and maintaining security that can measured and monitored.

5.2 With the increase in cyberattacks in recent decades, maritime-based companies and governments have cited a need to update and train their workforce to mitigate the loss of data or intellectual theft from onboard systems.

5.2.1 Vulnerable onboard systems can include, but are not limited to:

5.2.1.1 Cargo management systems;

5.2.1.2 Bridge systems;

5.2.1.3 Propulsion and machinery management and power control systems;

5.2.1.4 Access control systems;

5.2.1.5 Passenger servicing and management systems;

5.2.1.6 Passenger facing public networks;

5.2.1.7 Administrative and crew welfare systems;

5.2.1.8 Communications systems;

5.2.1.9 Distributed computing devices that support an internet of things (IoT)-enabled ship; and

5.2.1.10 Onboard sensors that facilitate wheelhouse automation, alerting, and IoT transmission.

5.2.2 Many of these systems are critical to mariners while at sea. If any of said systems failed or were compromised while at sea because of a cyberattack, then the ship and its security could be compromised.

5.3 By adopting these practices, mariners and shoreside employees at all levels of the organization should be able to identify potential threats or risk factors, as well as the abnormal indications that show a cyberattack underway.

5.4 Cyberattacks can occur in multiple forms including, but not limited to, the following practices:

5.4.1 Social engineering,

5.4.2 Phishing,

5.4.3 Waterholing,

5.4.4 Ransomware,

5.4.5 Scanning,

5.4.6 Spear-phishing,

5.4.7 Deploying botnets, and

5.4.8 Subverting the supply chain.

5.5 These suggested strategies extend to all individuals of a corporation, government, or organization. By adopting a basic and developed capability to defend from cyberattacks, mariners can continue proper practices out at sea while feeling confident that safety critical systems, business-critical data, personal data, and records are safe.

5.6 In the event of system error, or in the case of cyberattack or infection, any files required to rebuild or repair a personal computer (PC)-based onboard system shall be on the ship already rather than from off-board sources using satellite communications systems. Most vessels currently do not have operating system disks on board, let alone proprietary software, drivers, or patches. This connectivity constraint and lack of multiple failsafe outputs also provide a single point of failure and vulnerability. In the future, system software and firmware may be kept current with over-the-air updates, which shall be encrypted.

5.7 There are cross-system considerations that shall be considered for cyber-enabled ships. They may include such factors as:

5.7.1 Human-system interfaces;

5.7.2 Software availability, versions, and licensing;

5.7.3 Network and communications, including remote access methods;

5.7.4 Data trustworthiness and availability (that is, data assurance);

5.7.5 Diagnostic and evaluation equipment that may be required to diagnose system problems;

5.7.6 Cybersecurity, especially as it applies to safety critical and ship critical systems; and

5.7.7 Onboard sensors and IoT infrastructure that provide data for ship operations and command decisions.

5.8 By adopting these practices, companies and governments will notice the benefits of better cybersecurity. Some benefits may include, but are not limited to:

5.8.1 Better business performance;

5.8.2 Increased bandwidth efficiency provided by modern satellite communications;

5.8.3 Better crew performance during drills or operations;

5.8.4 Reinforcing a healthy safety and security awareness culture onboard seagoing vessels;

5.8.5 Enhanced quality of life for ship crews;

5.8.6 Better adherence to increasingly stringent regulations and the preservation of electronic records and logs;

5.8.7 Tighter security controls and access to objective evidence using biometrics, such as fingerprinting and a company/government (that is, TWIC) issued personal identification card; and

5.8.8 Resilient systems that can minimize the impact of cyber disruptions.

Subcomité:

F25.05

Referida por:

D8320-21, D8320-21

Volúmen:

01.08

Número ICS:

35.030 (IT Security)

Palabras clave:

cyberattacks; cybersecurity; maritime industry;