Guide for Cybersecurity Implementation for the Marine and Offshore Industries / Руководство по внедрению кибербезопасности для морской и оффшорной промышленности. Том 2

Книга на английском языке
This document is Volume 2 of the ABS CyberSafety series. It provides cyber-related safety and security requirements and recommendations for the assessment of Company cybersecurity systems. It also provides guidance for vessel readiness for preventing and managing cyber events that may compromise the safety and security of the data, systems, and vessels of a Company or organization. The notations presented in this Guide are offered to recognize cybersecurity protections aboard a vessel that reduce cyber risk and enhance cybersafety.

Contents
1 Introduction
1 General
2 Application and Scope
2.1 Application
2.2 Scope
3 Notations
4 Process
4.1 General
4.2 CyberSafety Reviews
4.3 Conditions
4.4 Termination
4.5 Limitation of Liability
5 Organizations
5.1 Company
5.2 Ship Builder Integrator (SBI)
5.3 Service Supplier (SS)
5.4 Sub-Supplier (Sub-System or Component Providers)
6 Definitions and Abbreviations
6.1 Definitions
6.2 Abbreviations
7 Plans and Data to be Submitted
7.1 CS-System Notation Documentation Submittals
7.2 CS-Ready Notation Documentation Submittals
7.3 CS-1 Notation Documentation Submittals
7.4 CS-2 Notation Documentation Submittals
Table 1 Primary Essential Services
Table 2 CS Notation Applicability
Table 3 Engineering Document Review
Section 2 Notation Requirements
1 Notation Requirements
1.1 CS-System Notation
1.2 CS-Ready Notation
1.3 CS-1 and CS-2 Notations
Table 1 CS-System Requirements for Notation
Table 2 CS-Ready Requirements for Notation
Table 3 CS-1 Requirements for Notation
Table 4 CS-2 Requirements for Notation
Figure 1 Vessel Lifecycle Application of CyberSafety
Certifications and Notations
Figure 2 CS-System Notation Requirements Completion Process.
Section 3 Surveys
1 General
2 Surveys During Construction
2.1 CS-System Initial Surveys
2.2 CS-Ready Initial Surveys
2.3 CS-1 and CS-2 Initial Surveys
3 Surveys After Construction
4 Modifications (Any Notation)
4.1 General
4.2 Revisions of CRMS
5 Partial Compliance (Any Notation)
Appendix 1 Maritime Cybersecurity Risk Assessment
1 General
2 Risk Assessment Process
Appendix 2 Functional Description Document (FDD)
1 Functional Description Document (FDD)
1.1 FDD Described in Four Main Parts
Appendix 3 Cybersecurity Risk Management System (CRMS)
1 Cybersecurity Risk Management System (CRMS)
1.1 Background of Maritime Cybersecurity and the ABS Approach to Assessment
1.2 ABS Model for Cybersecurity Engineering Reviev; and Survey
1.3 Organizational Cybersecurity Best Practices
2 CyberSafety Risk Management System Relationship with Safety Management System
2.1 General
2.2 Cybersecurity Risk Management System
2.3 Resources, Roles, Responsibility, Accountability, and Authority
2.4 Master’s Responsibility and Authority
2.5 Shipboard Personnel
2.6 Cybersecurity Risk Management System
Documentation
2.7 Operational Control
Figure 1 ABS Engineering/Survey Cybersecurity Architecture Model
Appendix 4 References
1 ABS
2 IEEE
3 IEC
4 ISO
5 NIST
6 Other